One of the features that I keep seeing in product documentation about vCloud and vShield is the ability for vShield Edge to do HTTP load balancing. However every time I go looking for the feature in vCloud Director I couldn’t find it.
So this morning I did a little more investigating and found it! However it wasn’t in vCloud Director, but instead, it was buried down in a vSphere Client tab.
As you can see from that screenshot I was able to get it setup! In fact if you hit http://18.104.22.168 you can see a demo WordPress blog that is taking advantage of it. (I will leave this link up for a couple weeks at the least so that you can check it out. But in order to tell which VM you are hitting you can check the bottom left corner of the website. There you should find either 192.168.0.102 or 103, as these are the two VM’s behind the vShield Edge firewall.
In this screenshot you can see two browsers I have open which are hitting each of the two servers.
So what besides vShield does this take ? Well In this setup I have two Ubuntu Linux VM’s with Apache running on them, and one Ubuntu Linux VM which has MySQL running on it for the backend. Here is a Visio overview of what it looks like.
And of course I also have a screen shot of how it looks in vCloud Director, but this is just one of the ways you could do this. If you didn’t want your database server to be exposed to the internet you could take it out of the external network and put it on a vApp network which would only have access between it and the two database servers, since security isn’t a huge concern in this lab example I choose to just leave it all as one network.
Linux is the MySQL server, and Linux1-1 and Linux1-2 are the Apache web servers.
Update: I guess I left out why this is a very cool feature to have with vCloud… If you HTTP application needs more horse power you can create multiple web servers in vCloud and from the outside world it still looks like one server. Plus the vSphere backend behind vCloud can still balance those virtual machines across physical servers if needed. Overall this is a very cool solution which is just included. Obviously though if you need HTTPS or some other protocol you would have to adopt another solution or a hardware device but either way HTTP balancing is definitely a great value add.
hi Justin, nice blog. I’m trying to find the throughput of vshield edge, and how it mathematically related with the size of the vshield Edge vm. Any chance you have that information?
I don’t have that information, but I’ll check. Also if I can test max throughput in my lab from a device behind vshield to another device and monitor CPU and memory usage would that be what your looking for? I would think if a normal firewall can do it with a low end chip a software solution should be able to pull it off with a fast Xeon chips
One policy is required from external to internal network with http service allowed.
I have to define a policy in vshield 5.0 and it didnt worked without it.