A10 AX Series Quick reference guide
Deployment Guide
AX Series for SharePoint 2010
DG_ACC_062011.1
AX Series for SharePoint 2010 Deployment Guide
2
TABLE OF CONTENTS
1Introduction ............................................................................................................................................5
2Deployment Guide Overview.................................................................................................................5
3Deployment Guide Prerequisites...........................................................................................................6
4AX Deployment for SharePoint 2010 Server Roles...............................................................................7
5Accessing the AX Series Load Balancer...............................................................................................7
6SharePoint 2010 Recommended Installation Procedures.....................................................................8
7Architecture Overview............................................................................................................................9
8Basic AX Configuration For SharePoint...............................................................................................10
8.1 Server Configuration ...................................................................................................................11
8.2 Health Monitor Configuration ......................................................................................................12
8.3 Service Group Configuration.......................................................................................................13
8.4 Virtual Server Configuration........................................................................................................15
8.5 Source IP Persistence.................................................................................................................17
8.5.1 Create IP Persistence Template.............................................................................................17
8.5.2 Apply IP Persistence to the VIP..............................................................................................18
8.6 IP Source NAT ............................................................................................................................18
8.6.1 Create IP Source NAT Template ............................................................................................19
8.6.2 Apply IP Source NAT to the VIP .............................................................................................20
8.7 Validate Service ..........................................................................................................................21
9Advanced AX Features for SharePoint................................................................................................22
9.1 Preparing the Configuration ........................................................................................................22
9.1.1 Import existing SharePoint webserver SSL cert or create self-signed CA from the AX .........22
9.1.2 Create one client and one server SSL template.....................................................................26
AX Series for SharePoint 2010 Deployment Guide
3
9.1.3 On the virtual server, change the service type of the virtual port from “TCP” to “HTTPS” and
apply the new client and server SSL template ....................................................................................27
9.2 SSL Offload.................................................................................................................................29
9.2.1 Change the Port Numbers in the Service Group ....................................................................30
9.2.2 On the Virtual Server, remove the Server SSL Template.......................................................30
9.2.3 Validate the Deployment.........................................................................................................31
9.3 Compression...............................................................................................................................32
9.3.1 Create HTTP Compression Template.....................................................................................32
9.3.2 Apply HTTP Compression Template to VIP............................................................................34
9.3.3 Validate the Deployment.........................................................................................................35
9.4 Cookie Persistence .....................................................................................................................35
9.4.1 Create Cookie Persistence Template .....................................................................................35
9.4.2 Apply Cookie Persistence Template to VIP ............................................................................36
9.4.3 Validating the Deployment ......................................................................................................37
9.5 Connection Reuse (TCP Offload) ...............................................................................................37
9.5.1 Create Connection Reuse Template.......................................................................................38
9.5.2 Create an IP Source NAT template.........................................................................................38
9.5.3 Apply Connection Reuse and SNAT to VIP............................................................................39
9.5.4 Validate the Deployment.........................................................................................................40
9.6 RAM Caching..............................................................................................................................40
9.6.1 Create RAM Caching Template..............................................................................................41
9.6.2 Apply RAM Caching Template on VIP....................................................................................42
9.6.3 Validate the Deployment.........................................................................................................42
9.7 Securing SharePoint via aFleX...................................................................................................43
9.7.1 Create aFleX Script.................................................................................................................43
9.7.2 Configure VIP with HTTP/Port 80 ...........................................................................................45
AX Series for SharePoint 2010 Deployment Guide
4
9.7.3 Apply AFLEX Script to VIP......................................................................................................45
9.7.4 Validate AFLEX Service..........................................................................................................46
10 Summary and Conclusion...............................................................................................................47
11 Appendix .........................................................................................................................................48
11.1 AX Series CLI sample configurations: ........................................................................................48
AX Series for SharePoint 2010 Deployment Guide
5
1 INTRODUCTION
Microsoft SharePoint 2010 is the latest web application platform developed by Microsoft for small to large
businesses. Microsoft SharePoint 2010 is designed as a centralized collaboration, content, and file
management application software. SharePoint provides many features for clients, such as support for
audio, video, and Silverlight applications, making it easy for users to build dynamic web sites. SharePoint
2010 also offers the new ribbon user interface that makes SharePoint easier to deploy, manage and
customize. In addition, SharePoint now offers easy-to-deploy templates that range from wikis to
workflows. SharePoint is a very scalable solution that can support thousands of customers and it can be
deployed in a multi-server environment. The AX Series Application Delivery Controllers (ADCs) provide
advanced load balancing services for Microsoft SharePoint 2010.
2 DEPLOYMENT GUIDE OVERVIEW
This document shows how an A10 Networks AX Series device can be deployed with Microsoft
SharePoint 2010. The tested solution is based on an AX Series device load balancing two (2) SharePoint
Web Front End (WFE) servers. The WFE servers will be referred to as web servers (WS) in the next
chapters. Refer to Table 1: AX Deployment for SharePoint 2010 Server Roles, for the details of the server
roles within the deployment guide.
The deployment guide is divided into two sections namely: Basic AX configuration and Advanced AX
configuration for SharePoint. The Basic AX configuration is a bare minimum configuration that can be
used in a SharePoint deployment. To transition configuration from Basic to Advanced there are required
configuration to be change. Please refer to the configuration changes required in Error! Reference
source not found..
This deployment document does not apply to Microsoft SharePoint 2003 or 2007 Servers. This
deployment guide only applies to Microsoft SharePoint 2010 installations.
AX Series for SharePoint 2010 Deployment Guide
6
3 DEPLOYMENT GUIDE PREREQUISITES
AX Series Requirements
The A10 Networks AX Series ADC must be running version 2.4.x
Microsoft SharePoint Requirements
The Microsoft SharePoint 2010 application was tested and deployed for internal and external
users to access the SharePoint service.
Microsoft SQL Server 2008 R2 is required.
All Microsoft SharePoint 2010 Server Components are running on Windows 2008 (64-bit)
Enterprise Edition Server Operating System.
The deployment guide was tested based on:
AX Release: 2.6.1
Clients OS: 64-bit Windows 7 Operating System.
Client browsers:
Microsoft Internet Explorer Version 8.0
Google Chrome Version 10.0
Mozilla Firefox Version 4.0.1
Note: If the Virtual IP (VIP) is accessed from an external client, the network topology needs to be
deployed on a routed mode. If the SharePoint services are accessed internally, the network has to be
deployed on a one-arm mode. If the SharePoint servers are accessed from internal and external clients,
the network topology has to be deployed in one-arm mode configuration.
Note: For additional deployment modes that the AX Series device can support, please visit the following
URL: http://www.a10networks.com/products/axseries-load-balancing101.php
AX Series for SharePoint 2010 Deployment Guide
7
4 AX DEPLOYMENT FOR SHAREPOINT 2010 SERVER ROLES
Figure 1: Provides server description for the test environment:
Figure 1: SharePoint Server Role Matrix
5 ACCESSING THE AX SERIES LOAD BALANCER
This section describes how to access the AX Series device. The AX can be accessed either from a
Command Line Interface (CLI) or Graphical User Interface (GUI):
CLI –Text-based interface in which you type commands on a command line. You can access the
CLI directly through the serial console or over the network using either of the following protocols:
Secure protocol –Secure Shell (SSH) version 2
Unsecure protocol –Telnet (if enabled)
GUI –Web-based interface in which you click to access configuration or management pages and
type or select values to configure or manage the device. You can access the GUI using the
following protocol:
AX Series for SharePoint 2010 Deployment Guide
8
Secure protocol –Hypertext Transfer Protocol over Secure Socket Layer (HTTPS)
Note: HTTP requests are redirected to HTTPS by default on the AX device.
Access information:
Default Username: “admin”
Default password is “a10”.
Default IP Address of the device is “172.31.31.31”
For detailed information how to access the AX Series device, refer to document “A10 Networks AX Series
System Configuration and Administration Guide.pdf”
6 SHAREPOINT 2010 RECOMMENDED INSTALLATION PROCEDURES
1. Prepare a list of servers that will be deployed in the topology. The required servers for SharePoint
are Application Server (AS), Web Front End (WFE), Database Server (DB), indexing/search
server, Active Directory (AD)/Domain Name Servers (DNS) server and optional Network Access
Storage (NAS).
2. Install base Windows OS (Windows 2010 64-bit) and install required software prerequisites.
Install SQL database and provision a SQL Admin account with the permission level needed to
create a database for SharePoint 2010 server.
3. Active Directory (AD) and DNS servers are required for network management and user
provisioning.
4. Install SharePoint 2010 server and configure the services based on server roles. This can be
done via the SharePoint Web Management GUI.
5. Configure an Alternate Access Mapping (AAM) on the web servers.
Note: For additional information on how to configure AAM refer to:
http://technet.microsoft.com/en-us/library/cc263208(office.12).aspx
6. Test the SharePoint site to verify that it is accessible, and then deploy the AX Series device.
Note: If you have an existing SharePoint 2010 Server already installed, you can skip the SharePoint 2010
recommended installation procedure above.
AX Series for SharePoint 2010 Deployment Guide
9
7 ARCHITECTURE OVERVIEW
Figure 2: SharePoint 2010 Deployment Topology
AX Series for SharePoint 2010 Deployment Guide
10
8 BASIC AX CONFIGURATION FOR SHAREPOINT
This chapter explains how the AX Series is configured with Microsoft SharePoint 2010 server
implementation. This chapter provides instructions for installing the real servers, service group, virtual
services, and virtual servers in a basic Microsoft SharePoint configuration with no optimization.
Basic SharePoint Configuration
Figure 3: Basic SharePoint Configuration
The simplest configuration uses the AX series device to load balance SharePoint traffic using a secured
HTTPS connection. The WFE are the only servers that are load balanced by the AX. This is because
Microsoft SharePoint 2010 has its own built-in redundancy and load balancing mechanism on the
backend servers. For detailed information explaining why Applications Servers (AS) and other SharePoint
components cannot be load balanced with any load balancer, refer to the following URLs:
http://social.technet.microsoft.com/Forums/en-CA/sharepoint2010setup/thread/f3ae16b1-8a3b-4ffa-a2e0-
e78a48889c71
http://blogs.msdn.com/b/spses/archive/2010/01/20/sharepoint-2010-shared-service-architecture-part-
1.aspx
AX Series for SharePoint 2010 Deployment Guide
11
8.1 SERVER CONFIGURATION
This section demonstrates how to configure the SharePoint webservers in the AX Series.
1. Navigate to Config Mode > SLB > Server.
2. Click Add to add a new server.
3. Within the Server section, enter the following required information.
4. Name: “WS1”
5. IP address /Host: 172.16.1.5
Note: Enter additional servers if necessary.
Figure 4: Real Server Configuration
6. In the Port section, enter Port and Protocol type, then click Add.
AX Series for SharePoint 2010 Deployment Guide
12
Figure 5: Real Server Port Configuration
7. Click OK and then click Save to store your configuration changes.
8.2 HEALTH MONITOR CONFIGURATION
The AX series automatically initiate the health status checks of real servers (ICMP) and service ports
(TCP Health Check). This provides clients assurance that all request go to functional and available
servers. If a server or a port does not respond appropriately to a health check, the server will be
temporarily removed from the list of available servers. Once the server is restored and starts responding
appropriately to the health checks, the server will be automatically added back to the list of available
servers.
For higher availability Microsoft recommends the test IIS servers with a real http “GET” request.
1. Navigate to Config Mode > SLB > Server Port > Health Monitor.
2. Click Add.
3. For the health monitor Name, enter “SharePoint HC”.
4. For the Type, select “HTTP”.
5. Click OK and then continue with the Service Group configuration.
AX Series for SharePoint 2010 Deployment Guide
13
Figure 6: Health Monitor Configuration
8.3 SERVICE GROUP CONFIGURATION
This section demonstrates how to configure the SharePoint webservers in a service group. A service
group contains a set of real servers from which the AX device can select to service client requests. A
service group supports multiple SharePoint real servers as one logical server.
1. Navigate to Config Mode > SLB > Service Group.
2. Click Add to add a new service group.
3. Within the Server Group section, enter the following required information:
Name: Enter “SharePoint Servers”.
Type: Select “TCP” from the drop-down menu.
Algorithm: Select “Round Robin” from the drop-down menu.
Health Monitor: Select “SharePoint HC” from the drop-down menu.
AX Series for SharePoint 2010 Deployment Guide
14
Figure 7: Service Group Configuration
4. Navigate to Config Mode > Service > SLB > Service Group.
5. In the Server section of the window, add one or more servers from the server drop-down list:
Server: Select “WS1” from the drop-down menu.
Port: Enter “443”.
6. Click Add and enter all the available SharePoint web servers.
Figure 8 shows that the server names "WS1" and "WS2" are entered, each with port 443.
Figure 8: Service Group Server Configuration
7. Click OK and then click Save to store your configuration changes.
AX Series for SharePoint 2010 Deployment Guide
15
8.4 VIRTUAL SERVER CONFIGURATION
This section demonstrates how to configure the VIP with the AX Series. Adding the virtual server ports
within the AX Series will generate a virtual service list based on the protocol type selected.
1. Navigate to Config Mode > SLB > Virtual Server > General.
2. Within the General section, enter the following required information:
Name: “WS-VIP”
IP Address or CIDR Subnet: 172.16.1.200
Figure 9: Virtual Server or VIP Configuration
3. Navigate to Config Mode > SLB > Virtual Server > Port.
4. Click Add.
5. Enter the Virtual Server Port information:
Type: from the drop-down menu, select “TCP”.
Port: “443”
Service Group: From the drop-down menu, select “SharePoint Servers” to bind the virtual
server to the real servers.
AX Series for SharePoint 2010 Deployment Guide
16
Figure 10: Virtual Server Port Configuration
Figure 11: Virtual Port Lists
Figure 12: Virtual Services Overview
6. Click OK and then click Save to store your configuration changes.
AX Series for SharePoint 2010 Deployment Guide
17
8.5 SOURCE IP PERSISTENCE
The AX series can support different modes of persistence; such as Cookie persistence, Destination IP
persistence, Source IP persistence, and SSL session ID persistence. The purpose of persistence is to
direct traffic from the same client to the same server.
This deployment guide focuses on Source IP Persistence in the basic SharePoint configuration. Cookie
persistence configuration will be featured within the Advanced SharePoint section.
Figure 13: Source IP Persistence
8.5.1 CREATE IP PERSISTENCE TEMPLATE
1. Navigate to Config Mode> Template > Persistent > Source IP Persistence.
2. Click Add.
3. Enter the Source IP Persistence name.
Example: “Source IP Persistence”
4. Click the Match Type drop-down menu and select “Port”.
5. Leave the Timeout set to 5 minutes (Default).
AX Series for SharePoint 2010 Deployment Guide
18
Figure 14: Source IP Persistence Overview
6. Click OK and then click Save to store your configuration changes.
8.5.2 APPLY IP PERSISTENCE TO THE VIP
To assign the template to the VIP:
1. Navigate to Config Mode > Service > SLB > Virtual Server Port.
2. From the Persistence Template Type drop-down menu, select Source IP Persistence
Template.
3. Select the corresponding template that was created. The name “Source IP Persistence” is used
as the template name in the example below.
Figure 15: Persistence Template Configuration
4. Click OK and then click Save to store your configuration changes.
8.6 IP SOURCE NAT
Optional: Only for one-arm deployment.
This section configures the IP Address pool to be used for IP Source Network Address Translation
(SNAT). When incoming traffic from a client accesses the VIP address (For example: 172.16.1.200), the
client requests are “source NAT-ed”, which means that the AX replaces the client’s source IP address
based on the configured address pool of the source NAT. SNAT is required when your network topology
is based on “one-arm” deployment and if you have internal clients that reside on the same subnet as the
VIP. The Source NAT template must be applied in the virtual server port for the NAT to take effect.
AX Series for SharePoint 2010 Deployment Guide
19
Figure 16: IP Source NAT and traffic flow overview
8.6.1 CREATE IP SOURCE NAT TEMPLATE
1. Navigate to Config Mode >Service> IP Source NAT.
2. Click Add.
3. Enter IP Source NAT Name: “SNAT”.
4. Enter Start IP Address: 172.16.1.250 (Example)
5. Enter End IP Address: 172.16.1.250 (Example)
6. Enter Netmask: 255.255.255.0
AX Series for SharePoint 2010 Deployment Guide
20
Figure 17: IP Source NAT Configuration
7. Click OK and then click Save to store your configuration changes.
Note: Apply the SNAT template to the Virtual Server Port. If the SharePoint environment will consist of
many concurrent users, it is advisable to configure multiple SNAT IP addresses. One IP address can be
used for up to 64,000 flows.
8.6.2 APPLY IP SOURCE NAT TO THE VIP
1. Navigate to Config Mode > Service > SLB > Virtual Server.
2. Select the Virtual Server name “WS-VIP”.
3. Select port “443” and click Edit.
4. From the Source NAT Pool drop-down list, select the “SNAT” template.
Figure 18: SNAT Binding
5. Click OK and then click Save to store your configuration changes.
Other manuals for AX Series
1
Table of contents
Other A10 Switch manuals
Popular Switch manuals by other brands
Comtech EF Data
Comtech EF Data CRS-280L Installation and operation manual
PureTools
PureTools PT-PSW-42MV user manual
D-Link
D-Link DXS-3600-EM-8XS Hardware installation guide
Larson Electronics
Larson Electronics EPO-20A instruction manual
TESmart
TESmart PKS0402A20 user manual
Allied Telesis
Allied Telesis AT-8948 Installation and safety guide
