HTTPS

Section 5

1
Section objectives

Understand HTTPS
Understand AX HTTPS load balancing and its options
Configure HTTPS Virtual Server

2
HTTPS protocol

HTTPS (HTTP over TLS) RFC is 2818 (http://www.ietf.org/rfc/rfc2818.txt)

HTTPS is the "secured" version of HTTP (usually port 443)
HTTPS offers
Server Authentication (with server certificates)
(optional) Client Authentication (with client certificates)
Encryption (with TLS/SSL)

3
Server authentication

TLS/SSL is based on public certificates and private keys

Certificates are issued and signed by Certificate Authority (CA)
HTTPS clients first request the server public certificate and validate it using list of
trusted CAs
When the server certificate is validated (name, date, etc.), the client sends its HTTP
request

4
SLB configuration for HTTPS

Load balancers don't need a specific configuration for HTTPS load balancing - Any L4
SLB VIP works for HTTPS services
However, advanced load balancers provide techniques to improve HTTPS services
Better Availability
Better Flexibility
Better Performance/Acceleration
Better Security
AX offers advanced flexibility/performance/security options for HTTPS applications
HTTP templates are associated with virtual server ports of type "HTTP" or "HTTPS”

5
HTTPS communication with clients

Client SSL templates

To enable HTTPS communication with the Clients
Client SSL template
Public certificate that will be presented to Clients
Private key (and its passphrase)
SSL cipher supported ("encrypted algorithm")
(optional) Client certificate request

6
HTTPS communication with servers

Server SSL templates

To enable HTTPS communication with the Servers
Server SSL template
SSL cipher supported ("encrypted algorithm")
(optional) CA that will be used to validate the Server’s certificate

7
Cookie persistence

When to use cookie persistence

Like Source IP Persistence, Cookie Persistence is used when HTTP/HTTPS clients must have
their future connections/traffic terminated on the same server.
But Cookie Persistence provides more granularity, since even different users coming from the
same Proxy (same IP address) will get different persistence with Cookie Persistence.

8
Lab

Configure layer 7 HTTPS Virtual Server

Physical servers
Service Group
SSL Certificate
SSL Template
Source NAT
Cookie Persistence
Virtual Server
Transparent redirect
Verify functionality

9
Section summary

In this section we discussed HTTPS protocol

We have configured the following:
HTTPS Virtual Server using HTTP and HTTPS servers
HTTPS redirect
Cookie persistence

10
Course map

Section 0: Course Introduction

Section 1: Load Balancing Concepts
Section 2: AX Management
Section 3: FTP
Section 4: HTTP
Section 5: HTTPS
Section 6: AX Acceleration
Section 7: AX Security
Section 8: High Availability
Section 9: AX Troubleshooting
Section 10: aFleX

11