Microsoft Solutions

Load balancing MS-Active Directory and Kerberos

Jeff Browning — Fri, 12 Sep 2008 19:44:03 GMT

You know what? You never know what you might find in the DevCentral Forums. Some pretty cool stuff happens in the Solutions Forums - a place to focus on doing interesting things with F5 gear from an application perspective (i.e. Microsoft app, Oracle App, etc.).

Here's an interesting one I found recently: load balancing resources protected by MS-AD-Kerberos. Not always two technologies you expect to see together... However, thanks to user "ravi.rajan", there's the solution. The trick is that you don't add the BIG-IP to the AD (you can't). Instead, you create a Microsoft Service Principal Name (SPN) for "the HTTP services mapping to a particular domain user ids." For more, go here.

For details about SPNs if you're not familiar with them, you can learn more from Microsoft TechNet (a team I worked on many, many years ago, BTW) or at MSDN if that's more your speed.

According to "ravi.rajan", it's not just the IIS folks that get to play:

We have kerberos single sign on working for IIS, weblogic, SAP enterprise portal without any issues.

After talking about this with Colin, he made a good point: once you have this backend wired (and simply doing LB to distinct virtuals/URLs for the various services for IIS, webogic, etc.), why not bring the forms out to the front end and consolidate the process. Theoretically, you could use LTM's form-based auth on the front end. LTM can serve up a standard form and then pass auth through the various services on the backend. Here's a nice little sample (Client Auth Using HTML Forms) in the CodeShare to get you started.

Technorati Tags: active directory, microsoft, kerberos, f5, big-ip, devcentral, weblogic, sap enterprise portal, jeff browning

Share this post :

The Forgotten Network Tier?

Jeff Browning — Thu, 09 Aug 2007 19:58:48 GMT

An interesting article has been published on www.devx.com by Ty Anderson, a consultant at Cogent Company. Check it out - he does a great job of pointing out how application developers can take advantage of the network (and specifically - iRules and iControl) when writing apps. Here's a snippet...

"The reality is developers can build better, more effective applications by utilizing Application Delivery Controller (ADC). These devices are deployed in your network and track all network traffic. This includes in-coming, out-going, and internal traffic. Once installed and configured, these devices know everything that occurs in your network. This means they also know everything about the information sent and received by your applications."

For more, go here: http://www.devx.com/vstudioextensibility/Article/35158

Technorati Tags: icontrol, irule, visual studio, ADC

Live from Tokyo

Jeff Browning — Wed, 30 May 2007 23:37:23 GMT

Just starting my second day with the F5 team in Japan. I'm in Tokyo this week meeting with the team, talking about the new DevCentral-Japan, and presenting at the F5 partner conference today. It's been an awesome experience so far. As is the case with F5 around the world, the F5 Japan team is just fantastic. A few thoughts so far...

Tuesday, we announced the F5 Application Ready Network for Microsoft in Japan at an event with Microsoft Japan. As I stated recently, what makes this so cool is that this is unique, proven stuff. As part of this, customers in Japan can visit the Microsoft Chofu Technology Center to see F5 products in action. This is a great way for IT pros to see Microsoft and F5 technology working together.
The newly updated DevCentral-Japan is very cool. Ichiro and the team have done a great job updating the look and feel, added new content, and more. We are excited to get the F5 Japan community even more involved with DevCentral.
The team took me out to my first Japanese baseball game last night at the biggest venue in Japan - the Tokyo Dome, home to the Yomiuri Giants. The Giants are the most famous Japanese team - somewhat similar to the New York Yankees. They took on the Fukuoka Softbank Hawks. This game was of similar magnitude here to a Yankees vs. Red Sox game in Yankee stadium. The game was very close up until the bottom of the 8th when the powerful Giants offense opened things up with 4 runs. Earlier that inning, the Hawks had an opportunity tie the game in the top of the 8th with two runners in scoring positioning. However, Giants starter Kaneto worked out of a jam and ended up with a complete game victory. Final score was 6-2. I was amazed at the 50,000+ fans in attendence on a Wednesday night. They have a different cheer "song" for each player. I was also surprised to learn that ball and strike count are stated opposite, i.e. "1 strike, 2 balls." A very cool experience I will remember for a very long time to come.

More to come. In the meantime, here's a short video of Tokyo as seen from the hotel this AM.

Technorati Tags: F5, Microsoft, Tokyo, Yomiyuri Giants