Ward Vissers Blogging About Microsoft Exchange VMware and other interresting things about ICT
KEMP gives away the LoadMaster for free. Now the virtual appliance is available in a free edition too. Available for all supported hypervisors (VMware, Hyper-V, enz).
The free VLM has some limitations, for instance the HA setup with an active and hot stand-by unit is not supported. Another important limitation is that the free LoadMaster doesn’t come with the awesome support paying customers receive. Also there are some bandwidth and SSL TPS limitations, all in all not much special for most home, lab, testing and other non-production deployments.
- The Free LoadMaster Includes:
- Layer 4/7 load balancing
- Content switching
- Caching, compression engine
- MS Exchange 2010/2013 optimized
- Pre-configured virtual service templates
- IPS engine
- High Availability
- Edge Security Pack (ESP) – a Microsoft TMG replacement
- GSLB multi-site load balancing
- RESTful API
KEMP Releases patch for Heartbleed Vulnerability – CVE-2014-0160
Versions affected – v7.0-12a, v7.0-14a
Platforms affected – All LoadMasters
To confirm vulnerability you can visit – http://possible.lv/tools/hb/
Patches available at the locations below based on LoadMaster model.
To patch to this version you must be running version 6.0-42 or later. If your firmware does not meet these requirements please contact support.
LoadMaster v7.0-6 is available now. Here is a highlighted feature list over v7.0-4:
New Features and Feature Enhancements:
- Quickstart Wizard – Exchange 2010- The QuickStart Wizard provides a simplified method of configuring LoadMaster to work within an Exchange 2010 environment
- RESTful API v.2.0 – The RESTful API provides a REST-like interface designed to allow remote applications access to the LoadMaster in a simple and consistent manner.
- Cisco UCS B Series Support – The LoadMaster for Cisco UCS supports the B Series Blade Servers.
- Call Home – Phase 1 – The Call Home licensing model will be released for selected VLM evaluations.
- After installing or replacing a certificate, there is now an option to return to the Virtual Service page
- Quality of Service functionality is now configurable within Virtual Services
- The image sets for the ESP login screens now support a number of different languages
- The character limit within the Message of the Day has been increased
- When applying a temporary license, feedback is now provided if a temporary license has already been applied
- The traceroute and netstat utilities are available debug options
- Bulk disabling of Real Servers is possible
- L7 Transparency is available for selection within a SubVS when the parent Virtual Service uses SSL Acceleration with re-encryption enabled.
- Issues configuring eth0 on a 64 bit LoadMaster have been resolved
- Removed restriction on creating a VLAN with an identifier of 1
- Issue with deleting VSs in a state of Security Down is resolved
- Issue with HA time out values resolved
- Issue with Health Checks on ESP enabled Virtual Services have been resolved
- To conserve CPU, gathering statistics is restricted to the items displayed on the Home page, unless specified in the Collect All WUI option
- Issue with Port Following is resolved
- ACLs now working as expected when Virtual Services are set to additional ports
- Initial maximum cache size on LoadMaster for UCS is now within the valid range
- Within the LoadMaster console, an inappropriate call of Quick Help has been resolved
- Can now configure shared interfaces in the HA setup process before rebooting
- A failed adaptive health check disables the Real Server
- SNORT 2.9 rules imports correctly
- A page is not delivered when using compression and http content-length is 0 bytes
- Issues may occur with SNMP traffic when the Drop at Drain Time End option is enabled
LoadMaster version v7.0-6 supports the following hardware:
Learn more about LoadMaster 7.0:
I want to refer to two features within Kemp Loadmaster:
Drop Connections on Real Server (Exsist from 5.x) (Default not enabled!!).
Failure & Drop at Drain Time End (New feature at 7.04) (Default not Enabeld!!)
Drop Connections on Real Server Failure
By default existing connections are not closed if a Real Server fails. This can lead to issues with Outlook clients if an Exchange CAS server fails. A solution to this is to enable the Drop Connections on RS Failure option which can be found on the System Configuration > Miscellaneous > L7 Configuration screen in the WUI.
When this option is enabled, LoadMaster tracks all the incoming connections and which Real Servers they are connected to. When a Real Server fails, all connections to the Real Server are immediately dropped, forcing the connections to reconnect to a different Real Server.
Enabling this option has the added benefit of allowing relatively higher Idle Connection Timeout values to be set as the danger of the client retaining a connection to a failed server is removed.
Drop at Drain Time End
By default existing connections are not closed when a real server is disabled. This can lead to issues with Outlook clients if an Exchange CAS server is administratively disabled. A solution to this is to enable the Drop at Drain Time End option which can be found on the System Configuration > Miscellaneous > L7 Configuration screen in the WUI.
When this option is enabled, LoadMaster will sever all existing connections to a disabled server after the L7 Connection Drain Time is reached. Clients will then be fored to reestablish a connection to one of the remaining Real Servers.
Kemp announced Firmware release LoadMaster 7.0-4. Here are the details below. Watch out for more announcements on some of the features in the coming weeks.
New Features and Feature Enhancements:
- Edge Security Pack – A range of new security features has been added to the LoadMaster.
- Sub-VS Support – The LoadMaster now supports the creation and management of sub-VSs.
- Graphical Metrics – There is a new dashboard home screen with the capability to display graphical performance information.
- New License format – A new license format has been introduced
- Oracle VirtualBox VLM – A new VLM package, to support VLM installation within an Oracle VirtualBox environment is available
- MIBS files have been updated
- SID and revision information included in IPS logging
- VLAN Separation per Interface
- Support for larger TCP window sizes
- ‘Kill switch’ is now supported on all LoadMaster versions
- LM-R320 has its serial number visible on the WUI
- The Netconsole Host interface is configurable via the WUI
- Issue with SMTP STARTTLS when a client sends an EHLO is resolved
- Issue with ACL whitelist allowing other IPs is resolved
- Issue with switching VS types under load is resolved
- Some reboot issues have been resolved
- An issue with caching on Firefox has been resolved
- The “-“ character is now allowed in the DNS Search Domain field
- Issues with the MIBS have been resolved
- A circular routing problem has been resolved
- SNMP trap Source IP has been changed to pre 5.1-48 behaviour
- SSL renegotiation can be toggled on/off
- SSLv2 is no longer used for LoadMaster initiated SSL connections
- An issue with Not Available Redirection XSS has been resolved
- The Default IP is now displayed on the WUI when DHCP fails
- An issue with VS Specific insert X-Clientside header being overwritten by system default has been resolved
- The “-“ character is now allowed in the User Login field
- An issue with the Fail on Match functionality has been resolved
- An issue with Maximum Cache Size has been resolved
- Quick setup Help appears automatically if no IP address is configured on the LM if a VLAN is configured on eth0 and no IP address is assigned to the underlying interface (eth0)
LoadMaster version v7.0-4 supports the following hardware:
NOTE – ESP is supported on select LoadMaster models and new VLM installations.
Learn more about LoadMaster 7.0: