LoadMaster for AWS

1 Introduction

Amazon Web Services (AWS) is a collection of remote computing services (also called web services) that together make up Amazon’s cloud computing platform.

1.1 Document Purpose

This document is intended to brief the reader on the LoadMaster for AWS product and assist the reader to set up a basic LoadMaster for AWS instance and create a service.

It is also possible to use High Availability (HA) when using the LoadMaster for AWS. For further information on this, please refer to the HA for AWS, Feature Description.

1.2 Intended Audience

This document is intended to be read by anyone who is interested in finding out about the LoadMaster for AWS product.

2 LoadMaster for Amazon Web Services (AWS)

2.1 Prerequisites

Some requirements to be aware of when deploying a LoadMaster in AWS are below:

The Virtual Private Cloud (VPC) requires an internet gateway to be configured and bound to the subnet. When the gateway is bound to the subnet, it does not automatically create a default route in the subnet routing table - you must also add this. If either of these steps are missed during deployment, the LoadMaster cannot be configured correctly.

Internet access is required to license hourly-usage LoadMasters.

Using Bring Your Own License (BYOL) licensing in an AWS VPC does work without internet access when using the private IP address but only if you explicitly set Auto-Assign Public IP to Disabled. If it is set to Subnet Default (Disabled) there will be errors during initial configuration.

2.2 Differences from the Virtual LoadMaster (VLM)

Firstly, the initial IP address that is obtained is assigned by AWS, rather than obtained using Dynamic Host Configuration Protocol (DHCP). The LoadMaster obtains this address at instantiation and will use this as its interface address. This address is permanent for this instance. This private address is associated with a public IP address as well. Additional private addressing can be assigned according to your needs if you have additional private networks in AWS.

In addition, a public address which maps to the private address is issued by AWS. Unlike the private address, the public IP address can be changed by purchasing an Elastic IP.

For more information on Elastic IPs, refer to the Amazon EC2 Elastic IP Addresses Feature Guide. Elastic IPs can be requested by opening a Support case with AWS. Elastic IPs can be allocated in the AWS EC2 Console in NETWORK & SECURITY > Elastic IPs.

From within LoadMaster, interface IP addresses can be changed administratively as usual, but this requires additional AWS configuration to prevent disconnection.

In order to preserve public ports, the Web User Interface (WUI) is available on port 8443 rather than 443. This allows port 443 to be used for a Virtual Service.

2.3 Licensing Options

There are two main licensing options when deploying a LoadMaster for Azure:

Hourly consumption

Bring Your Own License (BYOL)

To use the BYOL option, follow the steps below:

1. Deploy the BYOL – Trial and perpetual license version of the Virtual LoadMaster (follow the steps in the Start a New Instance section).

2. Contact a KEMP representative to get a license.

3. Update the license on your LoadMaster to apply the license change (System Configuration > System Administration > Update License).

2.4 Create a New Key Pair

When starting a new instance you are prompted to select a key pair. A key pair is a certificate and key. It is used to SSH to the LoadMaster. Keep the downloaded key in a safe place. Steps on how to add a key pair are below:

1. Log in to the AWS console.

Create a New Key Pair.png

2. Click EC2.

Create a New Key Pair_1.png

3. In the main menu, select Key Pairs.

Create a New Key Pair_2.png

4. Click Create Key Pair.

Create a New Key Pair_3.png

5. Enter a name for the key pair and click Yes.

6. The .pem file will download.

This file is required to SSH into the LoadMaster so make a note of where this file is stored. This file needs to reside on the client that is used to SSH to the LoadMaster.

If you are using a client that does not accept PEM format, you will need to convert the file to another format, for example PPK for Putty.

7. The permissions of the key pair file need to be changed in order for it to work. To do this, go to the directory where the file is stored and run the following command:

chmod 600 <FileName>

2.5 Start a New Instance

To start an instance, follow the steps below:

Please note that it is also possible to deploy a LoadMaster using a different flow using the AWS Marketplace. Please configure the same settings as outlined below, in particular – please ensure to select a Virtual Private Cloud (VPC) as the network.

1. Log in to the Amazon Web Services home page.

Start a New Instance.png

2. Click EC2.

Start a New Instance_1.png

3. Click Instances.

Start a New Instance_2.png

4. Click Launch Instance.

Start a New Instance_3.png

5. Select AWS Marketplace.


6. Search for Virtual LoadMaster.

7. Click Select for the relevant version to be deployed.

8. If you chose an hourly licensing model, click Continue to proceed.


9. Select the desired Instance Type.

For further information on instance types, please refer to the following Amazon link: Amazon EC2 Instance Types.

Start a New Instance_6.png

10. Click Next: Configure Instance Details.

Start a New Instance_7.png

11. Ensure to select the correct item (a VPC) in the Network drop-down list.

If multiple LoadMasters on multiple networks are needed, choose the different networks as required. If more networks need to be created, please contact your AWS administrator to add them. The Create new VPC link can be used to add more networks if needed.

12. Ensure that the Auto-assign Public IP option is set to Enable.

13. Configure any other setting as needed.

Start a New Instance_8.png

14. Click Review and Launch.

Start a New Instance_9.png

15. Select the relevant option on the Boot from General Purpose (SSD) screen and click Next.

16. Before launching, click Edit security groups.

17. Select the security group of your choosing or create a new security group.

Start a New Instance_10.png

a) The following rules are needed in the security group:

Custom TCP Rule with the Port Range 8443 for the WUI

SSH for the SSH management interface

Do not block port 6973.

Any additional rules that are needed for other ports for services that are set up, for example Remote Desktop Protocol (RDP) if load balancing Windows RDP servers, or HTTPS for a secure website

Select the relevant source option from the drop-down list and enter custom IP addresses as needed.

18. It is recommended that management interfaces only be allowed using trusted IP addresses. You should also add rules for any services you intend on creating. You can always revisit this security group later if additional services become necessary.

19. Click Review and Launch.

20. Click Launch.

Start a New Instance_11.png

21. Select the appropriate key pair for your environment. This is the key pair that was created in the Create a New Key Pair section. This key pair is needed to connect using SSH.

22. Select the check box.

23. Click Launch Instances.

Start a New Instance_12.png

24. Click View Instances. The Public IP address or Public DNS address can be used to connect to the instance using HTTPS on port 8443.

25. Once your instance state is Running, you may proceed to connect to your LoadMaster instance.

2.6 Initial Setup – Hourly Licensing

If you chose an hourly licensing method - after the instance has been launched, you first need to access the LoadMaster using SSH with the required key pair to enable WUI access. The example steps below use PuTTY as the SSH client.

1. Open the PuTTY client.

Initial Setup Hourly Licensing.png

2. Enter the IP address of the LoadMaster instance. This is the IP address obtained in the Start a New Instance section.

3. In the main menu, navigate to Connection > SSH > Auth.

Initial Setup Hourly Licensing_1.png

4. Click Browse.

Initial Setup Hourly Licensing_2.png

5. Navigate to and select the key pair file that was exported in the Licensing Options section.

If you are using a client that does not accept PEM you will need to convert the key pair file to another format, for example PPK for Putty.

Initial Setup Hourly Licensing_3.png

6. If desired, you can save the settings so that you do not have to perform these steps each time you open a Putty session for this IP address. To do this, enter a name in the Saved Sessions text box and click Save.

7. Click Open.


8. Log in with the username bal. This is the default LoadMaster username.


9. Enter the passphrase if you specified one to be used for the private key.


10. You will then be asked to enter the IP address, default gateway and nameserver IP addresses. These can be left as the default values but can be changed if needed. Press OK on each of the screens to proceed.

Initial Setup Hourly Licensing_5.png

11. If you selected an hourly licensing model, you are asked to enter the current LoadMaster password. By default, the password is set to the Instance ID which can be found in the AWS EC2 Dashboard by selecting Instances within the INSTANCES section of the main menu. Enter and confirm the new password.

The password must be reset in order to access the LoadMaster Web User Interface (WUI). If the password is not successfully reset initially, you will need to restart web services using the console in order to access the WUI (after the password has been successfully changed).

12. Log in with the new password.


13. You will then be directed to connect using a browser over port 8443 to continue configuration. Press Yes and the session will automatically terminate.

Now the WUI access is enabled and can be accessed by following the steps in the next section.

2.6.1 Initial Configuration – Hourly Licensing

If you chose an hourly licensing model, follow the steps below to initially set up the LoadMaster:

1. Open the VLM in a web browser by navigating to the address which was shown in the last step of the previous section.

2. Acknowledge the self-signed certificate to proceed.

The certificate used by the WUI will take the public name used by AWS.

3. Accept to End User License Agreement (EULA).

4. A screen will then appear asking if you are OK with the LoadMaster regularly contacting KEMP to check for updates and other information. Click the relevant button to proceed.

A prompt will appear asking for the username and password. Enter bal as the username and the password that was set previously. The LoadMaster is now licensed and is ready for administration and configuration.

2.7 Initial Setup – BYOL

When using the BYOL method, the normal LoadMaster licensing and activation process is used. Access the LoadMaster using the WUI by entering the Public Address, preceded with https:// and followed by :8443. Then, proceed through the steps and license the LoadMaster.

For further information on this, please refer to the LoadMaster Licensing, Feature Description.

2.8 Create a Virtual Service

To create a Virtual Service, follow the steps below in the LoadMaster WUI:

1. In the main menu, select Virtual Services and Add New.

Create a Virtual Service.png

2. Enter the private address of the LoadMaster instance in the Virtual Address text box.

3. Enter the relevant Port which was permitted in the Security Group.

4. Enter a recognizable Service Name.

5. Select the relevant Protocol.

6. Click Add this Virtual Service.

7. Configure the settings for the Virtual Service as needed, for example:

8. To enable SSL acceleration, select the Enabled check box in the SSL Properties section. For more information on SSL offloading, refer to the SSL Accelerated Services, Feature Description.

9. To enable ESP, select the Enable ESP check box in the ESP Options section. For more information on how to configure the ESP options, refer to the ESP, Feature Description.

10. To enable the Web Application Firewall (WAF), select the Enabled check box in the WAF Options section. For more information on how to configure the WAF options, refer to the KEMP Web Application Firewall, Feature Description.

11. Add real servers in the Real Servers section.

2.9 Activate Your Support Subscription

If you are using a Pay Per Use (Hourly Usage) LoadMaster, three days after initially setting up the LoadMaster, a prompt will appear asking you to activate your support subscription. Enter your KEMP ID and Password and click Update License to do this.

Activate Your Support Subscription.png

You can activate your support subscription before three days by expanding System Configuration > System Administration, clicking the Update License option and filling in your KEMP ID and password.

3 Restart Web Services using the Console

If the initial password reset fails for any reason, for example if the default password is entered wrong, or if the new password and confirmation do not match, you will need to restart web services using the console (after the password has been reset) to enable access to the LoadMaster WUI. See below for steps on how to do this:

Restart Web Services using.png

1. In the console, go to Local Administration.

Restart Web Services using_1.png

2. Go to Web Address.

Restart Web Services using_2.png

3. Select Immediately Stop Web Server Access.

Restart Web Services using_3.png

4. When finished, select Immediately Start Web Server Access.

After doing this, the WUI should become accessible.

4 LoadMaster Firmware Downgrades

Do not downgrade from firmware version 7.2.36 or higher to a version below 7.2.36. If you do this, the LoadMaster becomes inaccessible and you cannot recover it.


While the instructions above provide a basic overview of how to deploy and configure LoadMaster for AWS, it is not designed to be a comprehensive guide to configure every possible workload. This section identifies some of many guides published on our resources section of our website. Unless otherwise specified, the following documents can be found at http://kemptechnologies.com/documentation.

LoadMaster Licensing, Feature Description

ESP, Feature Description

SSL Accelerated Services, Feature Description

KEMP Web Application Firewall, Feature Description

Web User Interface (WUI), Configuration Guide

HA for AWS, Feature Description

Document History




Reason for Change



Dec 2015

Release updates

Updated for 7.1-32



Jan 2016

Minor changes

Updated Copyright Notices



Mar 2016

Release updates

Updated for 7.1-34



Aug 2016

Minor changes

Enhancements made



Aug 2016

Minor changes

Enhancements made



Oct 2016

Release updates

Updated for 7.2.36



Jan 2017 Release updates Updated for 7.2.37 10.0 LB
Mar 2017 Release updates Updates for 7.2.38 11.0 LB
July 2017 Minor changes Enhancements made 12.0 LB


Was this article helpful?

0 out of 0 found this helpful