managing servers that are behind a 2 armed load balancer

0

When we deploy servers behind a 2 armed load balancer, how do I manage those real servers?  I get that I can load balance say port 80 among many web servers but I do I manage the servers behind the LB?

How do I RDP to one of the real serves, etc?

One of my needs is to run nessus scans on the web servers.  Nessus will do a port scan on all tcp/udp ports.  

I feel like this is a total noob question so please point me at the proper FAQ to help.

Thank you.

 

 

3 comments

Avatar
0
Mark Deegan

Hello Todd,

You can create a new service on port 3389 and add your servers to that service. they will then be able tio use the LM to route traffic and they should be addressable then. Can you test and get back to us

Thanks

Mark

Avatar
0
tod.j.larson

Thank you. I see how that can work for RDP but I feel like i'm still missing something. 

How does the exchange server get windows patches since it's gateway is the LB?  Do I need a port 443 vip as well?

How can I have nessus scan all ports?  I'm sure that creating 65000 VIPs is the wrong answer.

Or so I just need to use the one-armed topology?

 

Avatar
0
Mark Deegan

Hi Tod,

The LM is aware of the server that is behind it and when transparency is enabled it will allow the server initiated traffic to flow outwards. This allows the real servers to use the LM as their default gateway and still be secured from the outside. 

regards

Mark