BDunbar_8799
Jan 04, 2010Nimbostratus
Bring Order out of Chaos
My LTM network just grewed like Topsy. What I'd like to do is bring some order to it, and reduce costs.
Note: this might not be very advanced as some network designs, but it the most advanced thing I've tried to in LTM. So far.
See topsy-as-is.jpg, in topsy.zip
This is a grossly simplified diagram of the LTM as it currently is.
* All users are inside the organization.
* Servers are a mixture of IIS, Apache, Oracle AS.
* Not all have SSL certificates, but most do, or need to have them.
Problems.
* We use an IP address for each virtual server/pool/application. We don't have a scarcity of IPs, but we'd like to conserve them. Because restacking subnets is a chore and we'd like to avoid that time-sink.
* Each application gets their own SSL certificate. This gets expensive.
* Last, and least, it's awkward to look at a dozen virtual servers, keep their configurations straight, in the GUI.
Where I'd like this to go.
See topsy-to-be.jpg, in topsy.zip
* A single VIP. This looks pretty straightforward.
* A single SSL certificate for all applications. When I talked to Thawte about this they referred me Sales, who tried to up-sell me on what their enterprise portal, and stressed there would be all kinds of Problems using a wildcard Cert. Is there another way to accomplish this?
* A single rule to route the traffic to the appropriate pool. What I'd like is a rule that I can put in place, then leave alone, adding pools behind it for the traffic to go to. Thoughts?