Bring Order out of Chaos

My LTM network just grewed like Topsy. What I'd like to do is bring some order to it, and reduce costs.

 

 

Note: this might not be very advanced as some network designs, but it the most advanced thing I've tried to in LTM. So far.

 

 

See topsy-as-is.jpg, in topsy.zip

 

 

This is a grossly simplified diagram of the LTM as it currently is.

 

 

* All users are inside the organization.

 

 

* Servers are a mixture of IIS, Apache, Oracle AS.

 

 

* Not all have SSL certificates, but most do, or need to have them.

 

 

Problems.

 

 

* We use an IP address for each virtual server/pool/application. We don't have a scarcity of IPs, but we'd like to conserve them. Because restacking subnets is a chore and we'd like to avoid that time-sink.

 

 

* Each application gets their own SSL certificate. This gets expensive.

 

 

* Last, and least, it's awkward to look at a dozen virtual servers, keep their configurations straight, in the GUI.

 

 

 

Where I'd like this to go.

 

 

See topsy-to-be.jpg, in topsy.zip

 

 

* A single VIP. This looks pretty straightforward.

 

 

* A single SSL certificate for all applications. When I talked to Thawte about this they referred me Sales, who tried to up-sell me on what their enterprise portal, and stressed there would be all kinds of Problems using a wildcard Cert. Is there another way to accomplish this?

 

 

* A single rule to route the traffic to the appropriate pool. What I'd like is a rule that I can put in place, then leave alone, adding pools behind it for the traffic to go to. Thoughts?