This step-by-step setup of Virtual Services leverages the Progress Kemp application template for IBM Cloud Object Storage with Layer 7.

Layer 7 by default does not use transparency and therefore the IP address of the LoadMaster is used when accessing the IBM Accesser Nodes. The X-Forwarded-For header is leveraged to provide the original source IP address in the Accesser logs for troubleshooting purposes. When a secure connection is used, a certificate must be installed on the LoadMaster to decrypt the traffic for the X-Forwarded-For header insertion. This traffic can then be re-encrypted or offloaded depending on the security requirements.

The table in each section outlines the settings configured by the application template. You can use this information to manually configure Virtual Services or using the LoadMaster Application Programming Interface (API) and automation tools.

There are three supported configurations:

  • SSL pass-through: The SSL certificate is installed on IBM COS Accesser Nodes as a custom server certificate.

  • SSL termination and reencryption: This might be beneficial if you are already doing SSL certificate management on the load balancer rather than installing the SSL certificate on the IBM COS Accesser nodes. This configuration provides the additional security benefit of limiting the attack surface to the LoadMaster.

  • SSL termination with HTTP: In this configuration, SSL is terminated on the LoadMaster and communication from the LoadMaster to IBM COS Accesser is non-encrypted to take advantage of SSL offload.