Configuring a Virtual Service for HTTPS-based services (with SSL Offload and without ESP)

When you choose to offload SSL, you should follow the recommendations set by Microsoft. Progress Kemp understands these recommendations to be:

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  2. Select Add New.

  3. Enter a valid Virtual Address.
  4. Enter 443 as the Port.
  5. Enter a recognizable Service Name, for example Exchange 2010 HTTPS Offloaded.
  6. Select tcp as the Protocol.
    Note: The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.
  7. Click Add this Virtual Service.
  8. Configure the settings as shown in the following table:

    * By default, a self-signed certificate is used. Click OK when a message displays indicating that there is no SSL certificate currently available for your Virtual Service and that a temporary one is used until a valid certificate is installed. Optional: You can export the appropriate certificate and key from Exchange 2010 using the Microsoft export information found at http://technet.microsoft.com/en-us/library/bb310778.aspx. Ensure to export the certificate and private key as a Personal Information File (PFX). An SSL certificate can also be obtained from any certificate authority. When prompted by a third party certificate authority to specify a server type, indicate “Apache”. The format of Apache server type certificates is recognized by the LoadMaster. Optional: You can import the appropriate PFX certificate and key file into the LoadMaster. For instructions on how to do this, refer to the Importing and Assigning an SSL Certificate section.

    Section

    Option

    Value

    		 Comment
    SSL Properties SSL Acceleration Enabled*

    Standard Options

    		Transparency Disabled
    Persistence Mode Super HTTP

    		Persistence Timeout 1 Hour

    		Scheduling Method round robin
    Idle Connection Timeout 900 Click Set Idle Timeout.
    Advanced Properties Add Header to Request FRONT-END-HTTP:ON Click Set Header.
    Redirect URL https://%h%s Click Add HTTP Redirector. This creates a redirect Virtual Service on port 80 with the same IP address.

    Real Servers

    		Real Server Check Method HTTP Protocol
    Checked Port 80 Click Set Check Port.
    URL A URL must be entered and set in the URL text box. The URL varies depending on the service to be checked. Review the Configuration Table in Appendix C: Configuration Table. As an example, if you were configuring Outlook Web App (OWA), the URL would be /owa.
  9. Click the Add New… button.

  10. Enter the CAS address in the Real Server Address text box.
  11. Ensure the Port is set to 80.
  12. Click Add This Real Server.
  13. Click OK in response to the confirmation that the Real Server was added.

To view, modify or delete any Virtual Services that have been added, select the Virtual Services > View/Modify Services option in the main menu of the LoadMaster WUI.

The settings in the HTTP redirect Virtual Service need to be configured. To do this, follow the steps in the Configuring the HTTP Redirect Virtual Service section.