VMware vCloud Air

1 Introduction

The Kemp Virtual LoadMaster (VLM) is a version of the LoadMaster that runs as a virtual machine within a hypervisor or cloud platform and can provide all the features and functions of a hardware-based LoadMaster.


This document describes the installation of the VLM within a VMware vCloud Air environment.

There are several different versions of the VLM available. Full details of the currently supported versions are available on our website: www.kemptechnologies.com.

1.1 Prerequisites

The VMware virtual machine guest environment for the VLM, at minimum, must include:

2 virtual CPUs (reserve 2 GHz)


16 GB disk space (sparse where possible)

There may be maximum configuration limits imposed by VMware such as maximum RAM per VM, Virtual NICs per VM and so on. For further details regarding the configuration limits imposed by VMware, please refer to the relevant VMware documentation.

2 Solution Overview

VMware vCloud® Air™ provides a hybrid cloud environment that serves as a natural extension to a VMware-powered private cloud, enabling customers to accelerate development/testing, packaged app deployment, disaster recovery as well as new enterprise and next generation application rollout. However, deploying applications in Hybrid Cloud presents unique challenges. Customers typically have requirements to:

Simplify failover

Ensure application High Availability (HA) and security

Provide hybrid traffic distribution across cloud boundaries

Deliver the same level of service as in private cloud deployment


2.1 Virtual LoadMaster for vCloud Air Benefits

VLM for vCloud Air brings the same comprehensive application delivery and global traffic distribution (Global Server Load Balancing (GSLB)) capabilities that thousands of customers benefit from in private cloud infrastructure. The VLM enables customers to easily scale applications deployed in vCloud Air and enhance performance with capabilities such as content switching, SSL offload, edge security services, server name indicator and multi-protocol application persistence. Additionally, the VLM’s GSLB capabilities allow for intelligent traffic steering of client application communication to the best location on a request-by-request basis.

3 Installing a VLM using vCloud Air

The following instructions describe how to install a VLM in VMware vCloud Air using the vCloud Air web console.

3.1 Download the OVF File

The VLM is packaged with an .ovf file for ease of deployment. This file can be freely downloaded from Kemp for a 30 day evaluation period. To download the VLM please follow these instructions:

1. Go to http://www.Kemptechnologies.com/try.

2. Click the Download Now button.

3. Within the Select your hypervisor section, select the option for vCloud Air.

4. Select your country from the drop-down list provided.

5. Read the End User License Agreement.

6. To proceed with the download, ensure the I agree to the End User License Agreement terms check box is ticked.

7. Click Download.

3.2 Deploy the OVF File

To deploy the VLM, follow the steps below:

1. Log in to the vCloud Air and launch vCloud Director.

2. Select the Catalogs tab and create a new catalog if required.

Deploy the OVF File.png

3. Select vApp Templates and upload the VLM OVF to the appropriate catalog.

Deploy the OVF File_1.png

4. In the vCloud Air web console, select the Virtual Machines tab and click Add Virtual Machine. Choose the appropriate resource pool and click Continue.

Deploy the OVF File_2.png

5. Select the My Catalog tab.

6. Select the VLM template uploaded previously and click Continue.

7. Provide a name for the VLM.

8. Allocate compute, memory and storage resources.

9. Configure the network assignment.

10. Click Deploy This Virtual Machine.

11. Select the Virtual Machines tab of the vCloud Air web console.

12. Retrieve the IP address of the VLM by opening the console where the IP address will be displayed or select the Virtual Machine and select the Networks tab to view the IP address.

3.3 Check the Virtual Machine Settings

Please verify that the Virtual Machine settings are configured with the recommended values:

2 x virtual processors


16 GB virtual hard disk capacity (sparse where possible)

3.4 Configure Firewall and NAT Rules

Firewall and Network Address Translation (NAT) rules are required for communication between clients and the Virtual LoadMaster. To configure firewall and NAT rules, navigate to the Edge Gateway in vCloud Air and configure NAT and firewall rules as follows:

1. Server Network Address Translation (SNAT) Rules:

Original = Virtual LoadMaster IP or Subnet: Any – Translated: External Gateway IP: Any – Protocol: Any

2. Destination Network Address Translation (DNAT) Rules:

Original = External Gateway IP: 443 – Translated: Virtual LoadMaster IP: 443 – Protocol: TCP

Original = External Gateway IP: 53 – Translated: Virtual LoadMaster IP: Any – Protocol: Any

3. Firewall Rules:

Source = Any: Any – Destination: Internal: 443 – Protocol: TCP

Source = Any: Any – Destination: Internal: 53 – Protocol: Any

Source = Virtual LoadMaster IP or Subnet: Any – Destination: Any: Any

As Virtual Services are added to the Virtual LoadMaster to provide traffic distribution for application services, additional Destination Network Address Translation (DNAT) rules will be required that direct traffic from the appropriate external IP to the appropriate VLM Virtual Service IP address for the correct port. This equally applies to firewall rules. For example, if a syslog service is configured on the VLM, an inbound port 514 firewall rule will be required.

3.5 License and Configure the LoadMaster

The LoadMaster must now be configured to operate within the network configuration.

1. In an internet browser, enter the IP address that was previously noted.

Ensure to enter https:// before the IP address.

2. A warning may appear regarding website security certificates. Please click the continue/ignore option.

3. The LoadMaster End User License Agreement screen appears.

Please read the license agreement and, if you are willing to accept the conditions therein, click on the Agree button to proceed.

4. A screen appears asking if you are OK with the LoadMaster regularly contacting Kemp to check for updates and other information. If you are OK with this, click Continue to proceed. If you want to disable this functionality, remove the check from the Enable Call Home check box and click Continue to proceed.

License Screen.png

5. If using the Online licensing method, fill out the fields and click License Now.

If you are starting with a trial license, there is no need to enter an Order ID. If you are starting with a permanent license, enter the Kemp Order ID# if this was provided to you.

If using the Offline Licensing method, select Offline Licensing, obtain the license text, paste it into the License field and click Apply License.

For detailed instructions on how to register for a Kemp ID and license the LoadMaster, refer to the Licensing, Feature Description on the Kemp Documentation Page.

Configure the LoadMaster_1.png

6. If you entered an Order ID, a screen appears that provides a list of available licenses for that order ID, in addition to any licenses registered for the Kemp ID based on the LoadMaster platform type. Select the license type you want to apply to this LoadMaster.

If the license type you want is not displayed, please contact your Kemp representative.

7. Click Continue.

8. The login screen appears, enter the bal user name and the password.

9. In the screen informing you that the password has changed, press the Continue button.

10. If your machine has shipped with a temporary license you should get a warning informing you that a temporary license has been installed on your machine and for how long the license is valid.


11. Click OK .

12. You should now connect to the Home screen of the LoadMaster.


13. Go to System Configuration > Network Setup in the main menu.

14. Click the eth0 menu option within the Interfaces section.

Configure the LoadMaster_4.png

15. In the Network Interface 0 screen, enter the IP address of the eth0 interface, the network facing interface of the LoadMaster, in the Interface Address input field.

16. Click the Set Address button.

17. Click the eth1 menu option within the Interfaces section.

18. In the Network Interface 1 screen, enter the IP address of the eth1 interface, the farm-side interface of the LoadMaster, in the Interface Address input field.

19. Click on the Set Address button.

This interface is optional, depending on the network configuration.

20. Click on the Local DNS Configuration > Hostname Configuration menu option.

Configure the LoadMaster_5.png

21. In the Hostname configuration screen, enter the hostname into the Current Hostname input field.

22. Click the Set Hostname button.

23. Click the Local DNS Configuration > DNS Configuration menu option.

Configure the LoadMaster_6.png

24. In the DNS configuration screen, enter the IP address(es) of the DNS Server(s)  which is used to resolve names locally on the LoadMaster into the DNS NameServer input field.

25. Click the Add button.

26. Enter the domain name that is to be prepended to requests to the DNS nameserver into the DNS NameServer input field.

27. Click the Add button.

28. Click the System Configuration > Network Setup > Default Gateway menu option.

Configure the LoadMaster_7.png

29. In the DNS configuration screen, enter the IP address of the default gateway into the IPv4 Default Gateway Address input field.

If you have an IPv6 Default Gateway, please enter the value in the IPv6 Default Gateway Address input field.

30. Click the Set IPv4 Default Gateway button.

The LoadMaster is now fully installed and ready to be used. For further information on how to configure and implement the Virtual LoadMaster, please refer to the LoadMaster documentation which can be downloaded from the http://kemptechnologies.com/documentation page.

4 Configuring Global Site Load Balancing (GSLB)

When using the LoadMaster with vSphere Hybrid Cloud Service, ensure that the GEO functionality is enabled. GEO can be enabled in the Global Balancing section of the main menu in the LoadMaster WUI.

The LoadMaster GEO add-on provides the VLM with Global Server Load Balancing (GSLB) capabilities. This enables multi-site HA and simplified disaster recovery across private cloud and vCloud Air boundaries. Even when the primary site is down, traffic is diverted to an alternate site. GEO also ensures that clients connect to their fastest performing and geographically closest target as well as allowing for defined traffic distribution policies to be applied.

4.1 Workflow for Accessing Services Distributed with GEO

The workflow for accessing services distributed with GEO is outlined below:

1. When a client initiates a request for an application, the following actions take place to achieve HA:

a) The client requests name resolution to access service or application.

b) The DNS entry for service or application (URL, for example web.example.com) is delegated to VLM appliances:

In DNS zone files, the entry may look similar to the following:

Entry Name, TTL, Type, Data

Web.example.com, Default, NS, vlm1.example.com

Web.example.com, Default, NS, vlm2.example.com

c) The authoritative DNS Server for zone example.com forwards the resolution request to the VLM appliances

2. The VLM uses GEO functionality to determine the health status of each participating LoadMaster and Virtual Service along with the configured load balancing mechanism, such as round robin or location based, to determine which target the request should resolve to.

3. The client receives a response with the service IP to connect to.

4. The client application connects to the resolved IP address, the VLM forwards the request to the application servers according to the configured load balancing mechanism and server’s health state.  

4.2 Setup DNS Integration/Delegation

Integrating the LoadMaster with your Authoritative DNS can be completed with only a few DNS records:

1. Create a new A record which is pointed to the VLM, for example lm1.example.com. Create the corresponding PTR record for the reverse lookup by IP. Forward-confirmed reverse DNS support is required.

2. For each hostname that needs to be delegated to the VLM, create an NS record and set the value to the A record created for the VLM in the previous step, for example www.web.example.com to vlm1.example.com which will be a public IP address on the vCloud Air infrastructure.

3. For a HA configuration, repeat step 1 for the second VLM using a unique hostname, for example lm2.example.com. Repeat step 2 using the second LoadMaster. This results in 2 NS records for www.example.com; one pointing to lm1.example.com and one to lm2.example.com.

4.3 DNS Responder System Configuration

Configuration of global parameters controls the behavior of the entire LoadMaster. The Source of Authority information is not required for basic functionality; however, it is recommended to populate this metadata to accurately represent the LoadMaster DNS server. 

Resource Check Parameters define the global health checking that occurs from the LoadMaster to the Clusters and Real Servers. Stickiness defines how long persistence will exist and the Location Data Patch defines the version of the GEO data files being used by the LoadMaster and allows updates to be installed.

The options can be found by selecting the Global Balancing > Miscellaneous Params option in the main menu of the Web User Interface (WUI). For more information on what each of the fields in this menu option mean, refer to the Web User Interface (WUI), Configuration Guide.

4.3.1 Stickiness

DNS Responder System Configuration.png

Global Server Load Balancing (GSLB) Persistence, also known as ‘Stickiness’, is the property that enables all name resolution requests from an individual client to be sent to the same set of resources until a specified period of time has elapsed. This ensures that users are able to retrieve and interact with session-specific data.

For further information, refer to the GEO Sticky DNS, Feature Description.

4.4 Fully Qualified Domain Name (FQDN)

A Fully Qualified Domain Name (FQDN) is the hostname in which you need to perform load balancing. The FQDN can be any hostname in the top-level domain or a hostname that is nested as a sub-domain. Each FQDN is considered an A record. Each distinct hostname must be configured in the LoadMaster individually. FQDNs can be created for www.example.com and also www.kemptechnologies.com.

4.4.1 Add an FQDN

To add an FQDN, follow the steps below:

1. In the main menu, select Global Balancing and Manage FQDNs.

2. Click the Add FQDN button.

Fully Qualified Domain Name.png

3. Enter an FQDN name, for example www.example.com in the New Fully Qualified Domain Name textbox.

Wildcards are supported here, for example *.example.com matches anything with .example.com ending.

4. Click Add FQDN.

5. Click OK on the message that appears.

Fully Qualified Domain Name_1.png

6. Select the relevant load balancing algorithm from the Selection Criteria drop-down list. For more information on the selection criteria, refer to the GEO, Feature Description.

7. If the Selection Criteria is set to Location Based, you can specify whether or not to allow Fail Over.

When the Fail Over option is enabled - if a request comes from a specific region and the target is down, the connection will fail over and be answered with the next level in the hierarchy. If this is not available, the connection will be answered by the nearest (by proximity) target. If this is not possible, the target with the lowest requests will be picked. The Fail Over setting affects all targets.

8. Select the relevant options from the Public Requests and Private Requests drop-down lists. These settings allow administrators finer control of DNS responses to configured FQDNs. Administrators may selectively respond with public or private sites based on whether the client is from a public or private IP. For example, administrators may wish to allow only private clients to be sent to private sites.

For more information on these options please consult the GEO, Feature Description.

9. A Failure Delay (minutes) can be set if needed. If a Failure Delay is set, another option called Site Recovery Mode becomes available.

10. Enter the IP address of the domain in the IP address text box.

11. If needed, select the Cluster name.

12. Click the Add Address button.

Fully Qualified Domain Name_2.png

13. Select the type of health checking to be performed from the Checker drop-down list. For further information regarding health checking options, refer to the GEO, Feature Description document.

4.5 IP Range Selection Criteria

In the IP Range Selection Criteria menu option you can specify a location or country that applies to an IP address or range. To do this, follow the steps below:

1. In the main menu of the LoadMaster WUI, select Global Balancing.

2. Select IP Range Selection Criteria.

IP Range Selection Criteria.png

3. Enter the IP Address or network. Valid entries here are either a single IP, for example, or a network in Classless Inter-Domain Routing (CIDR) format, for example

4. Click Add Address.

IP Range Selection Criteria_1.png

5. Click Modify.

6. Specify the location by entering the coordinates and click Save.

Alternatively, select the country from the Countries drop-down list.

IP Range Selection Criteria_1.png

The existing IP ranges can be modified or deleted using the buttons provided on the IP Range Selection Criteria screen.

7. In the main menu of the LoadMaster WUI, select Manage FQDNs.

IP Range Selection Criteria_2.png

8. Click Modify on the relevant FQDN.

IP Range Selection Criteria_3.png

9. If you entered a Proximity using the coordinates in the IP Range Selection Criteria screen, select Proximity in the Selection Criteria drop-down list.

If you selected a location, select Location Based.

4.6   Distributed LoadMaster Partners

When there are multiple VLM appliances distributed across multiple locations, they can be linked together to act as a single resource, similar to a cluster.

When a HA LoadMaster pair is configured to do GEO synchronization, all three IP addresses (HA1, HA2 and the shared address) must be added to each partner configuration correctly.

All the appliances remain synchronized with each other and share their DNS Configurations, FQDN information, ‘Stickiness’ information and health checking updates. Any updates are automatically shared with all the other Distributed Partners.


Figure 5‑13: Distributed GEO Partners

The Geographical IP Database used for the Proximity and Location Based load balancing methods is not distributed between the LoadMaster partners. Any updates to the Geographical IP Database must be configured on each LoadMaster individually.

To configure LoadMaster partners:

1. Select the Certificates & Security > Remote Access option from the main menu.

Distributed LoadMaster Partners_1.png

2. In the GEO LoadMaster Partners text box, enter the IP address of the LoadMaster to partner with. If there is more than one box, enter the IP addresses but separate them with a space.

3. Click the Set GEO LoadMaster access button.

4. Enter the port number that the LoadMasters will use to communicate in the GEO LoadMaster Port text box.

5. Click Set GEO LoadMaster Port.

6. In the GEO update interface drop-down list, select the GEO interface that the GEO partners will communicate through.

The Virtual LoadMaster is now fully installed and ready to be used. For further information on how to configure and implement the VLM and GSLB services, please refer to the LoadMaster documentation which can be downloaded from the http://kemptechnologies.com/documentation page.

5 Troubleshooting

5.1 Confirm that the NAT Rules are Configured Correctly

If you set up a Virtual Service or LoadMaster and you cannot get to it, or it is not behaving as expected, you may want to check to ensure that the NAT rules are set up correctly.

To confirm that the NAT rules are configured correctly, follow the steps below in the VMware vCloud Hybrid Service WUI:

Confirm that the NAT Rules.png

1. Select the Gateways tab.

Confirm that the NAT Rules_1.png

2. Click the relevant gateway.

Confirm that the NAT Rules_2.png

3. The SNAT and DNAT rules are displayed. Confirm that they are set up correctly. Confirm that the appropriate originating gateway IP address is in use for the DNAT rules and that the application LoadMaster IP or subnet address is used for SNAT rules.

DNAT stands for Destination NAT and is for the incoming rules. The first IP address (in the Original section) which is displayed in the example above is the public IP address of the LoadMaster. The second IP address (in the Translated section) is the private address that the public address is being translated to.

In the example above there is a second LoadMaster instance which is on port 8444 and is being translated to a different IP address.

5.2 Confirm that the Firewall Rules are Configured Correctly

Confirm that the appropriate allow/deny rules and protocols are selected for communication between clients/servers and LoadMasters. To confirm that the firewall rules are configured correctly, follow the steps below in the VMware vCloud Hybrid Service WUI:

Confirm that the NAT Rules.png

1. Select the Gateways tab.

Confirm that the NAT Rules_1.png

2. Click the relevant gateway.

Confirm that the Firewall.png

3. Select the Firewall Rules tab.

4. Confirm that the firewall rules have the correct source and that the destinations have been configured.

5.3 Review the Network Settings

If the LoadMaster does not have internet access, review the network settings to ensure that the appropriate private network(s) are routed to an external gateway (if public access is required). To do this, follow the steps below:

Review the Network Settings.png

1. Select the Dashboard tab.

Review the Network Settings_1.png

2. Select the relevant Virtual Data Center.

Review the Network Settings_2.png

3. Select the Virtual Machines tab.

Review the Network Settings_3.png

4. Click the link for the relevant Virtual Machine.

Review the Network Settings_4.png

5. Select the Networks tab.

The networks that the Virtual Machine is connected to are displayed here.

Review the Network Settings_5.png

There can be multiple networks here. If the network(s) on this screen are only internal it means that the Virtual Machine is not connected to a gateway IP address.

Review the Network Settings_6.png

If there is a gateway listed here, the Virtual Machine is connected to a gateway.

5.4 Confirm the Appropriate Network Rules Exist

If the Virtual Machines/LoadMasters exist on different networks, confirm that the appropriate network rules are in place to allow cross-segment communication.

Confirm that the NAT Rules.png

1. Select the Gateways tab.

Confirm that the NAT Rules_1.png

2. Click the relevant gateway.

3. Ensure that the correct NAT Rules and Firewall Rules are in place.

For example, if there is are two machines on two different networks – when traffic comes from one network to the second network it should go to a specific IP address on the second network. Similar to the Confirm that the NAT Rules are Configured Correctly and Confirm that the Firewall Rules are Configured Correctly sections, the NAT rules and firewall rules need to be configured correctly.


5.5 Problems with Network Rules

If there are problems with some network rules, logging can be enabled for each individual rule. To enable logging, follow the steps below:

Confirm that the NAT Rules.png

1. Select the Gateways tab.

Confirm that the NAT Rules_1.png

2. Click the relevant gateway.

Problems with Network Rules.png

3. Select the Firewall Rules tab.

Problems with Network Rules_1.png

4. Enable logging for any rules as needed in the Log column.

5. Let a period of time go by to ensure that sufficient logs are recorded.

6. Open a Technical Support ticket with VMware Support. VMware Support will then analyse and interpret the log files.

5.6 Cannot access the Web User Interface (WUI)

If the LoadMaster WUI is not accessible, refer to the sections below for steps on how to resolve the problem.

5.6.1 Check the Public IPs in VMware vCloud Hybrid Service

If you set up external access for certain interfaces for the LoadMaster inside of the cloud instance,

Confirm that the NAT Rules.png

1. Select the Gateways tab.

Confirm that the NAT Rules_1.png

2. Click the relevant gateway.

3. Select the Public IPs tab.

4. Confirm that the correct IP address is being used to access the WUI.

5.6.2 Configure the Network Settings Using the Console

If a connection to the WUI cannot be established, network settings can be configured using the console view.

Cannot access the Web User.png

5. Launch the console from the Virtual Machine tab in the vCloud Hybrid Cloud Service interface. Log in using the default login details:

- lb100 login: bal

- Password: 1fourall

Cannot access the Web User_1.png

6. Enter the IP address of the eth0 interface (the network-facing interface of the Virtual LoadMaster) in the the Network Side Interface Address field and press Enter on the keyboard.

Cannot access the Web User_2.png

7. Enter the IP address of the Default Gateway.

Cannot access the Web User_3.png

8. Enter a space-separated list of nameserver IP addresses.

9. A message will appear asking to continue licensing using the WUI. Try to access the IP address using a web browser. Ensure to enter https:// before the IP address.

Contact the local Kemp Customer Services Representative for further support if needed.

5.7 Factory Reset

If you perform a factory reset on your VLM, all configuration data, including the VLM’s IP address is deleted. During the subsequent reboot the VLM attempts to obtain an IP address using DHCP. If the VLM is on a different subnet to the DHCP server then an IP address will not be obtained and the IP address is set to the default

The VLM may not be accessible using this address. If this is the case then you must run through the quick setup using the console as described in the Confirm that the NAT Rules are Configured Correctly section.

5.8 VMware Tools

The VLM supports integration with VMware Tools and comes pre-packaged with NIC device drivers that are part of VMware Tools as well as elements that allow for the execution of graceful administrative functions.

For more information, refer to the VMware Tools Add-On Package, Feature Description.

5.9 Working with VMware Virtual Switches

When working with VMware Virtual Switches within your configuration, please ensure that the value of the Forged Transmit Blocking option is Accept. If this option’s value is Reject, the Virtual LoadMaster is prevented from sending traffic as it appears to come from nodes on the network other than the VLM.

Please refer to your VMware documentation for further details on how to configure the VMware Virtual Switch.


Unless otherwise specified, the below documents can be found at http://kemptechnologies.com/documentation.

Licensing, Feature Description
VMware Tools Add-On Package, Feature Description
Web User Interface (WUI), Configuration Guide
GEO, Feature Description
GEO Sticky DNS, Feature Description
Global Server Load Balancing, Feature Description

Last Updated Date

This document was last updated on 29 January 2019.

Was this article helpful?

0 out of 0 found this helpful