LoadMaster for Open Telekom Cloud
Open Telekom Cloud (OTC) is an international, large-scale, public OpenStack Powered Platform from Deutsche Telekom supported and operated by T-Systems out of Europe. It has been designed for simplicity, security, compliance, affordability, and openness.
OTC customers can now use the Kemp LoadMaster for enhanced load balancing that offers additional security features and advanced load balancing capabilities in an easily-managed solution. Compared to Elastic Load Balancing on OTC, the LoadMaster makes it easy to provide the best performance and security for your applications and simplifies operation with management using a web interface or using an Application Programming Interface (API).
The LoadMaster feature highlights are as follows:
- Web Application Firewall (WAF) to protect applications against attack
- Pre-authentication and Single Sign-On (SSO) of users
- Advanced health checking for better detection of server outages
- Content rules for intelligent traffic management and control
- Advanced session persistence and load balancing options including cookies
- Support for multiple digital certificates and Server Name Indication (SNI)
- Pre-defined application templates for quick setup
- Manage using a web interface or using an API
LoadMaster is an OTC-approved solution that delivers security, resilience and application availability to over 10,000 customers worldwide.
The following prerequisites must be configured before attempting the steps in this document:
- You must have an OTC account.
- The Kemp LoadMaster private image must be uploaded to the OTC workspace.
- You must have access to the relevant Virtual Private Clouds (VPCs) and subnets.
- A security group must be configured specifying the relevant ports and protocols. Kemp recommends having:
- TCP rules for ports 8443, 6973 (for High Availability (HA) synchronization), and 8444
- A UDP rule for port 53 (for DNS)
- An SSH rule for port 22 (not essential unless it is a GEO LoadMaster or you are using Kemp 360 Central or Kemp 360 Vision)
An External IP address (EIP) must be configured.
- For a single LoadMaster with a Public IP address (PIP), if you want more than one Virtual Service IP address then you need multiple PIPs. You cannot bind PIPs to Virtual Services (only Network Interface Cards (NICs)) so the LoadMaster needs multiple NICs.
- For High Availability (HA) LoadMasters with an Enhanced Load Balancer (ELB), the ELB must be configured to allow NAT from public or multiple PIPs to each Virtual Service.
3 Deploy a LoadMaster in the Open Telekom Cloud Platform
To deploy a LoadMaster in the Open Telekom Cloud platform, follow the steps below:
1. Log in to the relevant Open Telekom Cloud workspace.
2. Click Elastic Cloud Server.
3. Click Create ECS.
4. Select the relevant Region.
5. Select the relevant specification.
Ensure to select a configuration with a minimum of 2 vCPUs and 2 GB of memory.
6. Select Private Image and select the Kemp LoadMaster image you have previously uploaded.
7. Enter the disk size.
20 GB is the recommended disk size. There is no need to add an extra disk.
8. Click Next: Configure Network in the bottom-right.
9. Select the relevant VPC and specify the IP address details.
10. Select the relevant security groups.
11. Specify the relevant Elastic IP (EIP).
12. Click Next: Configure Advanced Settings in the bottom-right.
13. Specify an ECS Name.
14. Select the relevant Key Pair (or create a new key pair) and select the check box.
15. Click Next: Confirm.
16. Confirm the settings and click Create Now.
17. Wait for the LoadMaster to be created. This can take a couple of minutes.
18. The Status changes to Running when the LoadMaster is created successfully.
19. Access the LoadMaster using the EIP by entering https://<EIP>:8443 in the address bar.
For details on licensing the LoadMaster, refer to the Licensing Feature Description document.
4 Shutting Down the LoadMaster
There are two ways to shut down the LoadMaster - using the OTC UI or the LoadMaster UI. Refer to the sections below for step-by-step instructions.
4.1 Shut Down using the OTC UI
To shut down using the OTC UI, follow these steps:
1. Log in to the relevant Open Telekom Cloud workspace.
2. Click Elastic Cloud Server.
3. Click the Name/ID of the LoadMaster to shut down.
4. Click Stop.
5. Select the Forcibly stop the preceding ECSs check box.
6. Click Yes.
4.2 Shut Down using the LoadMaster UI
To shut down the LoadMaster using the LoadMaster UI, follow these steps:
1. Log in to the LoadMaster UI.
2. Go to System Configuration > System Administration > System Reboot.
3. Click Shutdown.
5 High Availability (HA) Configuration
To set up HA, you must first configure the LoadMasters and then create an Enhanced Load Balancer in Open Telekom Cloud and add both LoadMasters as backend servers. For further details, refer to the sections below.
5.1 Configure the LoadMasters
To set up a HA configuration, follow the steps below:
1. First, deploy and license both LoadMasters following the steps in the Deploy a LoadMaster in the Open Telekom Cloud Platform section.
2. Access the LoadMaster using the EIP.
3. In the main menu, go to System Configuration > OpenCloud HA Parameters.
4. Select Master HA Mode in the OpenCloud HA Mode drop-down list.
5. Select the desired option in the Switch to Preferred Server drop-down list:
- No Preferred Host: Each unit takes over when the other unit fails. No switchover is performed when the partner is restarted.
- Prefer Master: The HA1 (master) unit always takes over. This is the default option.
6. Enter the internal address of the slave LoadMaster unit in the Partner Name/IP text box and click Set Partner Name/IP.
7. Enter 8444 as the Health Check Port and click Set Health Check Port.
The Health Check Port must be set to 8444 on both the master and slave units for HA to function correctly.
8. If using a multi-arm configuration, select the Health Check on All Interfaces check box.
If this option is disabled, the health check listens on the primary eth0 address.
9. Then, access the UI of the slave unit. Complete the same steps above in the slave unit but select Slave HA Mode as the OpenCloud HA Mode instead.
5.2 Create an Enhanced Load Balancer
Now that the LoadMaster settings are configured, you must create an Enhanced Load Balancer in Open Telekom Cloud and add both LoadMasters as backend servers. To do this, access the Open Telekom Cloud workspace and follow the steps below.
1. Click Elastic Load Balancing.
2. Click Create Enhanced Load Balancer.
3. Select the appropriate Region.
4. Complete the relevant settings, for example, select the correct VPC and Subnet.
5. Select either a new or existing EIP.
6. If you selected New EIP, set the EIP Type to Dynamic BGP and set the Bandwidth to the required rate.
7. Set the Name to be used for the Enhanced Load Balancer.
8. Click Create Now.
9. Review the configuration details and click Submit.
10. Click the Name of the ELB to configure it.
11. Select Listeners.
12. Click Add Listener.
13. Specify the Frontend Protocol/Port.
Set up the listener to use the same protocol and port as the Virtual Service in the LoadMaster configuration.
14. Click Next.
15. Either create a new backend server group or use an existing one. If creating a new one, follow the steps below. If you are using an existing backend server group, skip to the following step: Ensure Enable Health Check is enabled.
16. Set a Name for the backend server group.
17. Select HTTP as the Backend Protocol.
18. Select the appropriate Load Balancing Algorithm.
19. Ensure Enable Health Check is enabled.
20. Ensure to specify HTTP as the Protocol and 8444 as the Port.
21. Click Finish.
22. Select Backend Server Groups.
23. Select the relevant backend server group and click Add.
24. Select the relevant backend servers (LoadMasters) from the list. You can select multiple servers.
25. Click Next.
26. If you selected multiple servers, enter 80 in the Batch Add Port field.
27. Click Finish.
The servers are added and it will take a few minutes for the health check result to normalize.
It is expected that the Health Check Result for the HA master LoadMaster will be Normal and the HA slave will be Abnormal.
After successfully following these steps, HA configuration is set up and you can confirm this by connecting to the Public IP (EIP) of the Enhanced Load Balancer using a browser http://<EIPofEnhancedLoadBalancer> and this should operate based on the Load Balancing Algorithm specified when following the steps above.
6 Useful Links
For further help with Open Telekom Cloud, refer to the following links:
First Steps - https://open-telekom-cloud.com/en/support/tutorials/first-steps-with-open-telekom-cloud
Tutorials - https://open-telekom-cloud.com/en/support/tutorials
Community - https://community.open-telekom-cloud.com/community/?id=community_home
Last Updated Date
This document was last updated on 03 March 2022.