Adding a HALB virtual server
To add a HALB virtual server:
In the RAS console, navigate to Farm > <Site> > HALB.
On the Virtual Servers tab in the right pane, click Tasks > Add. The HALB Configuration wizard opens.
Make sure the Enable HALB option is selected.
Type a name for this virtual server and an optional description.
In the Public address field, type a public FQDN or IP addresses of this server. This is used by the Preferred routing functionality for redirecting client connections. Please see Configuring preferred routing.
In the Virtual IP section, specify the virtual IP address properties which will be used for incoming client connections by a HALB device that you will assign to this Virtual Server later.
In the Settings section, select one or more of the following options. Note that at least one "LB" option must be selected. If you skip an option at this time, you can add it later in the virtual server properties dialog:
LB Gateway Payload: Enables load balancing of normal (unsecured) gateway connections.
LB SSL Payload: Enables load balancing of SSL connections.
Client Management: Enables management of Windows client devices connected through HALB.
Click Next.
From this point forward, depending on the payloads that you selected in the previous step, a wizard page will open where you can configure the payload properties. These pages are described below.
LB Gateway payload
Configure load balancing for normal connections:
Set the port number used by HALB devices to forward traffic to RAS Secure Gateways. The port is configured on a gateway. The default port is 80.
In the Gateways list, select a RAS Secure Gateway to be load balanced. Please note that only one IP address per gateway can be used. If you have more than one entry for the same gateway with different IP addresses, you can select just one.
LB SSL payload
Configure load balancing for SSL connections:
Set the port number used by HALB devices to forward SSL traffic to RAS Secure Gateways. The port is configured on a gateway. The default port is 443.
Select the SSL mode from Passthrough or SSL Offloading. By default, SSL connections are tunneled directly to gateways (referred to as Passthrough) where the SSL decryption process is performed.
The SSL Offloading mode requires an SSL certificate to be assigned to HALB. When you select it, click Configure and specify the following:
Accepted SSL Version: Select an SSL version.
Cipher Strength: Select the cipher strength of your choice. To specify a custom cipher, select Custom and then specify the cipher in the Cipher field.
The Use ciphers according to server preference option is ON by default. You can use client preferences by disabling this option.
Certificates: Select a desired certificate. For the information on how to create a new certificate and make it appear in this list, see the SSL Certificate Management chapter.
The <All matching usage> option will use any certificate configured to be used by HALB. When you create a certificate, you specify the "Usage" property where you can select "Gateway", "HALB", or both. If this property has the "HALB" option selected, it can be used with HALB. Please note that if you select this option, but not a single certificate matching it exists, you will see a warning and will have to create a certificate first.
Select a gateway to be load balanced. Note that only one IP address per gateway can be used.
Device Manager
Configure Windows client device management, select a gateway that will manage Windows client devices. Note that only one IP address per gateway can be used.
Devices
To assign HALB devices to the Virtual Server:
Click Tasks > Add and select or specify a HALB device. If you haven't deployed any HALB devices (appliances) yet, you can still save the Virtual Server configuration and assign HALB devices to it later. At least two HALB devices are recommended per Virtual Server. For more info, see High Availability Load Balancing (HALB). HALB device priority is set by positioning a device in the list. The device at the top is the primary HALB device. Devices under it are secondary HALB devices. To promote a device to primary, simply move it to the top of the list.
Finally, click Finish to save the Virtual Server settings and close the wizard.
The new virtual server will appear in the list in the RAS Console.
Modifying Virtual Server and configuring advanced options
To modify the Virtual Server settings, right-click it and choose Properties. The tabs in the Properties dialog have the same options as the wizard pages described above. The only exception is the Advanced tab, which is described below.
To view and configure advanced Virtual Server options, select the Advanced tab. The options that you see on this tab are applied to all HALB devices assigned to a Virtual Server. This list gives you a simple access to the HALB device options without logging in to the virtual machine directly. Please note that changing any of these values may potentially lead to undesired results. You should only change them according to specific network requirements.
The following advanced settings are available: