LoadMaster for Amazon GovCloud

1 Introduction

Amazon Web Services (AWS) GovCloud is a cloud service, from Amazon, aimed specifically at the United States government. It is designed to allow US government agencies and customers to move sensitive workloads into the cloud by addressing specific regulatory and compliance requirements - for example, the International Traffic in Arms Regulations (ITAR) which governs how defense-related data is managed and stored. Specifically, GovCloud segregates the data both logically and physically to ensure that it is only accessible by designated individuals within the United States.

The KEMP Technologies Application Delivery Controller (ADC), Virtual LoadMaster, is available in AWS GovCloud. Providing resilient pervasive secure delivery of applications within the AWS GovCloud, the Virtual LoadMaster guarantees high availability, ensures security of the application servers, and simplifies integration with on-premises infrastructure.

The AWS GovCloud platform enables existing on-premises applications to be easily provisioned in the cloud, providing customers the benefit of scalability, elasticity, and shift of capital expenses to operational ones.

KEMP’s Virtual LoadMaster (VLM) is a full-featured, advanced Layer 4-7 load balancer that supports a variety of workloads. Available in two versions, Bring Your Own License (BYOL) and the perpetual free license, the VLM provides the required throughput at the right price.

Along with advanced scheduling methods, intelligent traffic steering and support for multiple protocols, the VLM also provides Global Site Load Balancing (GSLB), RESTful, Python and PowerShell Application Program Interfaces (APIs).

In addition, the LoadMaster includes integration of the FIPS 140-2 certified encryption module, and supports security features such as access control lists, Web Application Firewall (WAF), Distributed Denial of Service (DDoS) protection, and multiple authentication methods, including: Kerberos Constrained Delegation (KCD), Department of Defense (DoD) Common Access Card (CAC) and Federal Personal Identity Verification (PIV) smart card, and Single Sign-On (SSO).

046.png

Some of the features and associated benefits of the VLM are listed in the table below.

Feature

Benefit

Application ubiquity Regardless of where the applications are deployed (cloud, on premises, or in hybrid environments) the VLM can load balance them.
Hybrid enhancement The VLM manages applications deployed in hybrid infrastructures on premises and in the AWS GovCloud.
Scalable Highly available ADCs, deployed on-demand to meet load requirements.
Resilient VLM GEO load balancing supports application instances across multiple sites to accommodate growth and deliver additional resilience.

1.1 Document Purpose

This document is intended to brief the reader on the LoadMaster for AWS GovCloud product and assist the reader to set up a basic LoadMaster for AWS GovCloud instance.

It is also possible to configure the LoadMaster using Application Program Interface (API) commands. For further details, please refer to the Interface Description documents on the KEMP documentation page: https://kemptechnologies.com/documentation.

1.2 Intended Audience

This document is intended to be read by anyone who is interested in deploying a LoadMaster for AWS GovCloud product.

1.3 Prerequisites

There are some perquisites to be aware of before following the steps in this document:

Users should be familiar with the operation of AWS. For further information on AWS, please refer to the LoadMaster for AWS, Feature Description.

If not already done, create a KEMP ID at the registration page: https://kemptechnologies.com/kemp-id-registration/

Users should have access and be logged-in to the AWS GovCloud Management Console.

2 Deploying a KEMP LoadMaster in the AWS GovCloud

Since AWS GovCloud, unlike AWS, does not offer a Marketplace, KEMP supports deployment of the Virtual LoadMaster for AWS in GovCloud as follows:

2.1 Evaluate a free edition of the LoadMaster

For initial evaluation, navigate to Amazon Machine Images (AMIs) in the AWS GovCloud management console and search public images for LoadMaster.

Evaluate a free edition of.png

This AMI will launch as the free edition of the KEMP LoadMaster for GovCloud which has a limited capacity of 20Mbps throughput and 50 SSL Transactions Per Second (TPS).

For evaluation or purchase of a higher capacity Virtual LoadMaster please contact your KEMP representative.

Initial booting and any subsequent licensing activity of the LoadMaster AMI typically requires the instance to be able to connect to the KEMP licensing server at https://alsi.kemptechnologies.com using port 443. Offline licensing is also possible if your network is closed. Please contact your KEMP representative for help with offline licensing.

Evaluate a free edition of_1.png

After launch - to complete registration of the instance - please navigate to System Configuration > System Administration > Update License and enter the KEMP ID you created.

2.2 Bring Your Own License (BYOL) Option

The other licensing option when deploying a LoadMaster for AWS is Bring Your Own License (BYOL).

To use the BYOL option, follow the steps below:

1. Deploy the BYOL – Trial and perpetual license version of the Virtual LoadMaster.

2. Contact a KEMP representative to get a license.

3. Update the license on your LoadMaster to apply the license change (System Configuration > System Administration > Update License).

When using the BYOL method, the normal LoadMaster licensing and activation process is used. Access the LoadMaster using the WUI by entering the Public Address, preceded with https:// and followed by :8443. Then, proceed through the steps and license the LoadMaster.

For further information on this, please refer to the LoadMaster Licensing, Feature Description on the KEMP documentation page: https://kemptechnologies.com/documentation.

2.3 Deploy a Production Virtual LoadMaster

For production use, purchase an appropriate Virtual LoadMaster product license via the KEMP Sales account team. Once the production license purchase is processed, apply it to the instance. Information on licensing can be found in the Licensing, Feature Description document.

A KEMP ID and the AWS Machine ID for the LoadMaster instance are required to complete the process.

2.4 Create a New Key Pair

When starting a new instance you are prompted to select a key pair. A key pair is a certificate and key. It is used to SSH to the LoadMaster. Keep the downloaded key in a safe place. Steps on how to add a key pair are below:

1. Log in to the AWS console.

Create a New Key Pair.png

2. Click EC2.

Create a New Key Pair_1.png

3. In the main menu, select Key Pairs.

Create a New Key Pair_2.png

4. Click Create Key Pair.

Create a New Key Pair_3.png

5. Enter a name for the key pair and click Yes.

6. The .pem file will download.

This file is required to SSH into the LoadMaster so make a note of where this file is stored. This file needs to reside on the client that is used to SSH to the LoadMaster.

If you are using a client that does not accept PEM format, you will need to convert the file to another format, for example PPK for Putty.

7. The permissions of the key pair file need to be changed in order for it to work. To do this, go to the directory where the file is stored and run the following command:

chmod 600 <FileName>

References

While the instructions above provide a basic overview of how to deploy a LoadMaster for AWS GovCloud, it is not designed to be a comprehensive guide. This section identifies some of many guides published on the resources section of our website. Unless otherwise specified, the following documents can be found at http://kemptechnologies.com/loadmaster-documentation.

LoadMaster for AWS, Feature Description

Licensing, Feature Description

Web User Interface (WUI), Configuration Guide

 

 

 

 

 

 

 

 

 

 

 

Document History

 

Date

Change

Reason for Change

Version

Resp.

Aug 2015

Initial draft

New document

1.0

KG

Sep 2015

Screenshot updates

LoadMaster WUI reskin

2.0

KG

Jan 2016

Minor updates

Updated Copyright Notices

3.0

LB

Jan 2017 Release updates Updates for 7.2.37 release 4.0 LB
Feb 2017 Minor updates Enhancements made 5.0 LB
Mar 2017 Minor updates Enhancements made 6.0 LB
July 2017 Minor updates Enhancements made 7.0 LB

 

 

 

Was this article helpful?

0 out of 0 found this helpful

Comments