You can configure the explicit mode for Web Gateway on a blade server with load balancing performed by an external device.
We recommend that you configure a two-legged proxy solution for this mode, with two separate network interfaces on each blade server for inbound and outbound web traffic. Each of these interfaces is configured with an IP address of its own.
Additionally, a network interface for out-of-band management should be configured, which allows you to perform also management communication separately.
Load balancing is performed in this configuration not by one of the blade servers, but by an external load balancer, which directs load to the blade servers. For this purpose, the blade servers are included in a load balancing pool.
When configuring the load balancer, an algorithm can be configured that supports IP client stickiness. This ensures that functions requiring IP client stickiness are available, for example, a progress page.
If switches are installed as interconnect modules on an enclosure, link resilience can be achieved in the following way:
- Two of the ports used as uplink ports on a switch are bundled in a trunk group.
- Each of these ports is connected by a network cable to a physical link.
This means that if one the two links fails, the trunk group remains still active.
The interconnect modules and the trunk groups are mapped to the ports on the network interfaces, for example, as shown in the following table.
|Port on network interface
|Inbound web traffic interface
|Switch in interconnect bay 1
|Group 1: port21, port 22
|Outbound web traffic interface
|Switch in interconnect bay 2
|Group 2: port21, port 22
|Out-of-band management interface
|Switch in interconnect bay 3
|Group 3: port21, port 22
For more information on how to configure the interconnect modules, refer to the GbE2c Ethernet Blade Switch for c-Class BladeSystem Application Guide that is available on the website of the Skyhigh Security partner.