EC2 load balancer appliance rocks, and its FREE… for now anyway.

Update: Sorry but as of Wednesday 6th Oct 2010, the free lifetime license is no longer available!

OK, so let me begin by saying that I am both excited and slightly scared by our latest product. I’m excited because after playing around with it in the Amazon cloud, I’ve become slightly addicted to launching multiple instances in different parts of the world and load balancing the traffic seamlessly. I’m slightly scared because this could change our whole business model from hardware load balancer vendor to online SAAS (Software As A Service) provider.

So why does the new EC2 ENTERPRISE rock?

The EC2 ENTERPRISE provides a simple and flexible cloud application management tool (aka. Load Balancer). You simply fire up an instance from our public ami, configure it for your application cluster and then for disaster recovery purposes simply bundle up the whole ami (pre configured).

“Hang on a minute, Doesn’t  the Amazon cloud already have a load balancing service?”, I here you say.

Ah yes, Amazons load balancing service is very good and very fast but:

  1. It is layer 4 only (round robin).
  2. Doesnt support SSL termination
  3. Doesnt support Cookies
  4. Doesnt support WAN or SNAT load balancing (i.e. non-local servers)
  5. Doesnt support URL matching rules or multiple backend clusters.
  6. Doesnt support application maintenance modes
  7. Doesnt support customized health checks

The EC2 ENTERPRISE does all of the above (actually point 7 not yet but it will – fixed in RC-1 :-). )


Now before you get too excited, this product is currently a BETA and by that I mean when you have it configured and tested it is probably perfectly fine in production BUT while configuring it and testing don’t be surprised if you find some gotchas in the web interface! It is also almost feature complete, it does most things that you would require it too and does them well….

Its a long story but this product has been in development hell (alpha) for nearly two years now!

So I have personally taken a solid week to kick it into its current BETA6 shape, and intend to get it to RC1 pretty damn quickly….

I’m a strong believer in Trump’s “Ready, Fire, Aim”:

” So anyone who uses the EC2 ENTERPRISE (BETA) gets a free perpetual license (on request) to use the finished product and all future versions!”

Another reason for this is that we really need feedback on how to develop this product further, with questions like:

  • Does it need the ability to remotely start instances when load increases?
  • Does it need a heartbeat failover mechanism or just scripted ami failover?
  • Does it need SNMP / graphical statistics?
  • Is it fine as it is?

Warning: The following screen shot is not pretty… but it is functional and server maintenance is seamless and AJAXified….


So you’ve either left by now or hopefully I’ve caught your interest!

So how do you get started with testing? Simple just open your AWS console (or Elastic Fox) and search for the public ami (ami-5eb9932a):
But make sure you are searching in EU-WEST… or US-EAST @


Once you’ve found it, simply right click it and say start instance!

Obviously you are going to need a security group with a few useful ports open:

  • 22 – SSH : Always useful
  • 9443 : This is your access to the web administration interface (Its HTTPS access only)
  • 7777 : This is for administrative access to the HAProxy status report
  • 80 & 443 : You will probably want these open in order to put some test clusters on them

Once the instance is up and running find the public DNS and access the web interface with something like:

username: loadbalancer
password: loadbalancer

To set up a cluster:

  • Click on the Server tab
  • Add a front end called F1 with port 80 and backend B1, mode = http.
Label Ports Default backend Mode
F1 80 B1 http
  • Then add a new back end called B1,persistence=cookies,fallback=
  • Then add a new server label=myserver,DNS/,port 80, weight 1


Then if not already prompted you will need to use Maintenance > Restart HAProxy

Assuming you get no errors then simply go to:

And your load balancer will re-direct you to!


Anyway we’d love your feedback!

And yes we know it needs a load of Javascript sanity checking added (its very easy to break the URL rules section :-).


OK, so beta7 is getting pretty close to feature complete:

You can now wrap up an exact copy of your load balnacer instance, upload and save the ami to an S3 bucket, register the image and then launch it as an autoscaling instance with an assigned elastic IP…. aka. HA load balancing solution.

In order to achieve this simply go to the accounts tab, fill in lots of fields and hit the save buttons… work from the top slowly and ready the messages! Section 3 ‘image wrapping’ can take about 30mins+ (It will tell you when its finished).

Section 4 ‘auto scaling’ WILL COST YOU MONEY i.e. it will launch a new instance that is VERY HARD TO DESTROY:

EC2 autoscale - hard to kill

EC2 autoscale – hard to kill

Thats why it shows the destroy script clearly on screen when it is finished! (If you are interested the creation/save scripts are /etc/ &

# /etc/
# This script needs to be used to terminate an autoscaling instance (make a copy of it locally as it wont work if it terminates itself!)
export AWS_AUTO_SCALING_HOME="/etc/"
export EC2_HOME=/etc/
export EC2_PRIVATE_KEY=/etc/
export EC2_CERT=/etc/
export JAVA_HOME=/usr
/etc/ EC2VAGroup --launch-configuration EC2VAConfig --availability-zones us-east-1a,us-east-1b --min-size 0 --max-size 0 --cooldown 100 --region us-east-1
sleep 120
/etc/ EC2VAGroup --region us-east-1 -f
/etc/ EC2VAConfig --region us-east-1 -f

You can launch the kill script from the origional load balancer image (i.e. not the autoscale one), or you can probably get away with running it on the actual autoscale image but obviously it will kill itself during the first sleep command….
So the auto-scaling group and launch configuration won’t actually get killed… but at least the image will terminate :-).


OK, So we finally have a release candidate! Yeah!

  • Loads of bug fixes
  • Loads of input verification stuff
  • New extended health checks – nicked from ‘nagios’ – so in theory any nagios check can be implemented.
  • If you specify a check file i.e. index.html and a Response Expected i.e. OK , the specified file will be read on each server and the output grep’d for OK if it fails the real server is put in maintenance mode.
  • Password change functionality implemented for web interface.


Yeah – We are all systems go! (20 cents an hour) (20 cents an hour)


Ooops, We haven’t updated this Blog entry in a while!

The new EC2 v1.5.2 has a load of updates:

  • Improvements to stability and resource utilization
  • Stick tables now persist across HAProxy restarts
  • RDP cookies now have stick table support
  • TCP connections now disconect quickly on server failure
  • Fallback server is non-sticky by default
  • Default connection limits and timeouts increased
  • Feedback agent CPU Idle available as a Windows Service

28 thoughts on “EC2 load balancer appliance rocks, and its FREE… for now anyway.

  1. Hello

    I hereby would like to request the free perpetual license for your EC2 Appliance. I’ve tested your solution and I am quite impressed with it.

    Oliver Weichhold

    • Oliver,
      Glad you like it, I will add your details to the perpetual licence list:
      Please send your feedback to
      Beta5 has just been put up on (in us-east), I’ll put it on eu-west later today.
      It has a number of bug fixes and improvements to do with multiple port binding.

  2. Sorry I was in a rush to release beta6 and forgot to change the display name (it still says beta5).

    Also if you delete all of the SSL virtual servers their is a small buggett…
    If you check your XML file on the front page and click edit:


    You need to remove this line:


    and click save.

    BTW: how do you paste XML into wordpress comments without it getting interpreted?

    This will make the SSL section usable again.

    BTW: Things are getting pretty feature complete since writing this blog (beta4)…. thanks to all the testers helping so far, much appreciated.

  3. Hello

    I hereby would like to request the free perpetual license for your EC2 Appliance. I’ve tested your solution and I am also quite impressed with it.
    If you thinking of adding features, then displaying SNMP stats would be a great addition and for the auto-provisioning side of things, perhaps a way to edit EC2 cloudwatch rules similar to the xml files on the front page?
    Michael Beale

  4. Michael,

    Thanks, I’ve just about completed the section to automatically wrap up the current loadbalancer image, register it as a new ami and launch it with autoscaling…. is that what you mean by cloud watch?
    I’ll mail everyone on the list when the ‘next’ new beta is out…. Any further updates or queries to please, thanks.

  5. I’d love to get a license for the EC2 appliance. Been using the Amazon load balancer and it really is too basic. When is a 1.0 release for the appliance expected ?

  6. Malcolm,

    I like the sound of this too and will be experimenting with the beta shortly. Please add me to the list.

    “You too vill go on zee list. Vot is your name?”
    “Don’t tell him, Pike!”

    Is there an upgrade path to new releases?


  7. Robin & Andy , I have added you to the list….
    I will shortly send out an email to the list explaining the new features in BETA7 (just released this second…)
    Basically if you enter enough details in the accounts section you can now wrap / roll / upload and autoscale an exact copy of your load balancer instance.. with an Elastic IP… pretty handy for HA….
    When is RC1 due? 1-2 weeks I hope… And yes we will be closing the free forever list at that point :-).
    RC1 should be feature complete, then our testing / documentation team will take over and rip it to shreds…
    BETA7 is pretty close to feature complete so if you need anything else get testing and requesting ASAP (thanks).

  8. Did you really mean to use “auto-scale” in the name of the new feature?
    It seems to be more of a high availability (HA) feature.
    If I understand correctly, the idea is that I can snapshot my current LB and create a secondary instance and an elastic IP floats from the primary to the secondary if the primary dies.

    For me, an auto-scaling feature would be one that would spawn additional back-end servers automatically in the event of heavy load.

    Or, am I not understanding things correctly?

  9. Mitch,
    Yes, you are right its just for HA, but we use the built in Amazon autoscale functionality with min servers=1 max servers=1….
    With any luck we’d like to intergrate full autoscalling on the load balanced cluster side but I’m not even sure if its got an API… we might need to make our own version…, We will also look into the RightScale compatibility side of things as well ,one thing at a time though :-).

  10. We finally have a feature complete ami for v1 of the EC2VA.

    This is the first cut, but should be stable and very useable.

    Its a lot harder to break than Beta7 , but no doubt some of you will manage :-).
    New features are password change and extended http checks i.e. read the response and check it.

    Documentation and help files are in the process of being produced, and this has now been passed over to the testing team.

    As usual any feedback to appreciated.

    I’ve been asked for the ability to re-encrypt traffic opn the way to the real server i.e.

    client -> poundvip:443 -> haproxyvip:80 -> (re-encryption engine) -> backend:443
    rather than the current
    client -> poundvip:443 -> haproxyvip:80 -> backend:80

    Is this a popular feature?

    Still looking at the reality of implementing HTTPS re-encryption at the moment.

  11. Quickly followed by RC-2 :-).
    I just forgot to fix the restart messages to show on every tab,
    Restarts now also refresh so server online/offline stays in sync.
    and small validation bug in global settings.

    BTW: I looked into the RightScale thing, if I’m not mistaken you just need to install the scripts and tag it?
    Should do fine.

    Am I right in thinking the RightScale images when they launch can auto-register with an haproxy instance via SSH? Anyone used it?

  12. Malcolm, great AMI, does what it says on the tin and saves me any further delving into the guts of HAProxy and BIND. I’ve noticed a small JS bug, in the Server tab, under Backend Group in the “edit this group” pop-up, the ‘save’ and ‘revert’ buttons do not appear until I hit . Save doesn’t then close the pop-up. This is on IE8 and Firefox. On IE8 the save button doesn’t seem to do much – it’ll save a change to persistence, but not to server URLs.

    Thanks for making this available though. BTW the feature that I’m after that isn’t available from AWS Load Balancing (I believe) is simple internal (to AWS network) load balancing. AWS LB create external (chargeable) traffic.


    PS, a free perpetual licence would be great!

  13. this is a life saver! I didn’t realize all of the issues with https and the built in ELB, was starting to think EC2 was the wrong choice.

    Please add me to the perpetual license list

  14. Using v1.2 and it doesn’t seem to restore the connection to a backend server if the backend server dies and then restored. Instead, I need to go into the WUI and bring the server back online.
    Is there a way to configure things so it will automatcially bring the server back online in the load balancer once the server starts passing it’s healthcheck?

  15. Mitch,
    Sorry I’ve been on holiday in Egypt, I think support have already answered this for you independently but I’m just updating the blog:
    General TCP health checks were fine but the negotiate health check had a glitch in the script (now fixed). This will be integrated into the next release (2 weeks) along with the new API and server farm autoscaling functionality.

  16. UPDATE: V1.3 has been released.
    Main features are a couple of bug fixes and tidy ups… And a whole new API ! The API now allows you to fully integrate with Amazon autoscalling to auto-add real servers to the load balancer as they fire up…. Documentation has also been added for customising the health checks using the nagios plugins.

  17. Hey Malcom.

    Does the appliance support X-Forwarded-For/preserve the client’s IP over TCP mode and/or SSL connections? ie: TPROXY on an AWS kernel along with HAProxy.


  18. Carlo,

    Yes it supports x-forwarded for header…
    No it doesn’t support TPROXY (i.,e. real source IP inserted and translated on the fly) (would require at least two IPs/subnets which is not possible under AWS)
    Although I wonder if you could do funky routing and a local alias? can’t imagine it would work without customizing the TPROXY kernel code, which would not be easy….

  19. You can in theory have multiple SSL certs in EC2, but on Amazon you are restricted to 1 IP address, so it is only really useful for one public web site on port 443. You could have a wildcard certificate on that port of course.

  20. @Malcolm
    Can we have domain name based rules when the mode is tcp (for https)? Here is what I intend to do:
    1. Point two domains – and to the same IP ( instance)
    2. In the front end for 443, set rules like (if hdr=’’ use backend B1 else B2)
    3. Backend B1 goes to port 443 whereas B2 goes to port 81.
    4. The backend instance (or server) is hosted on apache2. Do a SSL termination for on 443 and for on 81.

    I have tried the above setup but it doesnt seem to be working. Is it possible? If it is not, can you provide me with some alternatives? Let me know if you want to take a look at the configurations and the rule, I can send you the details via email.

  21. Malcolm,
    Unfortunately, we cannot use the wildcard certificate because they belong to different domains (and are NOT subdomains). I tried using NameVirtualHosts as well in Apache but that seems to be supported only on 2.2.12. I can upgrade the apache2 version, if required. But do you have any idea regarding the stability of NameVirtualHost (on port 443) in apache?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Powered by sweet Captcha