Data Loading...

Deploying the F5 BIG-IP LTM with IBM Lotus iNotes Flipbook PDF

Document version 2.1 Deployment Guide Deploying the BIG-IP LTM with IBM Lotus iNotes Welcome to the F5 and IBM Lotus iNo

126 Views
55 Downloads
FLIP PDF 214.28KB

DOWNLOAD FLIP

REPORT DMCA

Deployment Guide Document version 2.1

What's inside: 2 Configuration example 3 Configuring the BIG-IP system for IBM Lotus iNotes 4 Appendix: Optional configuration for highly available implementations 8 Document Revision History

Deploying the BIG-IP LTM with IBM Lotus iNotes Welcome to the F5 and IBM Lotus iNotes deployment guide. This guide shows you how to configure the BIG-IP Local Traffic Manager (LTM) for a highly available and easily scalable iNotes deployment. The BIG-IP LTM provides users with a seamless failover experience. The user never realizes if the original server with which they were interacting is no longer available; rather, the BIG-IP seamlessly detects any failure and sends the request on to an available server. IBM® Lotus® iNotes 8.5 software provides a security-rich messaging and collaboration platform for sharing data, connecting your employees and extended communities. It provides a Web browser alternative for accessing IBM Lotus Domino applications, including email calendar, and personal information management (PIM) capabilities, as well as instant messaging and presence awareness. For more information on iNotes, see: http://www-01.ibm.com/software/lotus/products/inotes/ For more information on the F5 BIG-IP system, see http://www.f5.com/products/big-ip To provide feedback on this deployment guide or other F5 solution documents, contact us at [email protected].

Products and versions tested Product BIG-IP LTM IBM Lotus iNotes

Version 10.0.1, 10.1, 11.2, 11.3 8.5 (applies to 8.5.1)

Important: M  ake sure you are using the most recent version of this deployment guide, found at http://www.f5.com/pdf/deployment-guides/f5-ibm-inotes-dg.pdf.

Prerequisites and configuration notes The following are prerequisites and configuration notes for this deployment. hh Y  ou must have a working deployment of IBM Lotus Domino 8.5 Email Service, and Lotus Notes 8.5 with the iNotes Web client option installed. hh The BIG-IP LTM must be running version 10.0.1 or later.

DEPLOYMENT GUIDE IBM Lotus iNotes

hh Critical: You must read and follow the instructions found in the following IBM link in order to use the solution presented in this guide: http://www.ibm.com/developerworks/lotus/library/inotes-avail/index.html hh F or more information on the iNotes configuration, see the IBM Redbook: http://www.redbooks.ibm.com/redbooks/pdfs/sg246518.pdf hh F or optional procedures for configuring a highly available iNotes implementation with the BIG-IP system, after completing the base configuration, see Appendix: Optional configuration for highly available implementations on page 4.

Configuration example The following is a sample network architecture depicting the BIG-IP managing traffic to the iNotes clients and the iNotes Domino servers. The BIG-IP provides server load balancing, high availability, server health monitoring, and SSL offload services. Additionally, the BIG-IP provides TCP and HTTP protocol optimizations, enabling a superior user experience. The BIG-IP LTMs are deployed as an activestandby pair to provide high availability. Clients

Internet

BIG-IP Local Traffic Manager

IBM Lotus Domino Servers

Figure 1: Simple, logical configuration example

2

DEPLOYMENT GUIDE IBM Lotus iNotes

Configuring the BIG-IP system for IBM Lotus iNotes Use the following table to configure the BIG-IP system for iNotes. The tables contain a list of BIG-IP LTM configuration objects along with any non-default settings you should configure as a part of this deployment. Unless otherwise specified, settings not mentioned in the table can be configured as applicable for your configuration. For specific instructions on configuring individual objects, see the online help or product manuals. BIG-IP LTM Object

Non-default settings/Notes Name

Type a unique name

Type

http

Interval

30 (recommended)

Health Monitor

Timeout

91 (recommended)

(Main tab-->Local Traffic -->Monitors)

Send String

For BIG-IP LTM versions 10.0 and 10.0.1 GET / HTTP/1.1\r\nHOST: \r\n For BIG-IP LTM versions later than 10.0.1 GET / HTTP/1.1\r\nHOST: \r\n\r\n\r\n

Receive String

Lotus1

Name

Type a unique name

Health Monitor

Select the monitor you created above

Pool (Main tab-->Local

Slow Ramp Time

Traffic -->Pools)

Load Balancing Method

Least Connections (Node)

Address

Type the IP Address of an iNotes node

Service Port

80

Persistence (Profiles-->Persistence)

Name

Type a unique name

Persistence Type

Cookie

Name

Type a unique name

Parent Profile

http

Rewrite Redirect 3

Matching3

TCP WAN (Profiles-->Protocol)

Name

Type a unique name

Parent Profile

tcp-wan-optimized

TCP LAN (Profiles-->Protocol)

Name

Type a unique name

Parent Profile

tcp-lan-optimized

Name

Type a unique name

Parent Profile

clientssl

Certificate and Key

Select the Certificate & Key you imported

2

HTTP (Profiles-->Services)

Profiles (Main tab-->Local Traffic -->Profiles)

Client SSL 3 (Profiles-->SSL)

Virtual Servers (Main tab-->Local Traffic -->Virtual Servers)

1 2 3

Click Add to repeat Address and Service Port for all nodes

Name

Type a unique name.

Address

Type the IP Address for the virtual server

Service Port

443 (for SSL offload) or 80 (if not offloading SSL)

Protocol Profile (client) 2

Select the WAN optimized TCP profile you created

Protocol Profile (server) 2

Select the LAN optimized TCP profile you created

HTTP Profile

Select the HTTP profile you created

SSL Profile (Client) 3

Select the Client SSL profile you created

SNAT Pool

Automap

Default Pool

Select the pool you created

Persistence Profile

Select the Persistence profile you created

If you modified the login screen, you may have to adjust the Receive String to match a string that appears on your home screen. You must select Advanced from the Configuration list for these options to appear Only required if offloading SSL on the BIG-IP LTM. You must have already imported a valid certificate and key onto the system.

This completes the base configuration. 3

300

DEPLOYMENT GUIDE IBM Lotus iNotes

Appendix: Optional configuration for highly available implementations Lotus Domino Notes servers can be deployed in several architectures. When deploying Notes in a High Availability architecture, one of these configurations is referred to as a Non-Mirrored Cluster. When configured in this manner, a user's mailbox data exists on more than one member of the cluster, but not all of the members in the cluster, as the mailbox is not replicated to all members of the cluster. IBM and F5 have created a joint solution to support this advanced architecture. There are 2 requirements for this: hh T he creation of the “Load Balancer Assistance Service”. This is an additional web form, running on each server in the cluster, that provides information to the BIG-IP about the exact URL location of a user's mailbox. It inserts a custom HTTP Header containing a list of members in the cluster that have a copy of a user's mailbox. hh T he creation of the BIG-IP iRule. This is high performance runtime software that will query the cluster members, and using the information provided in the custom HTTP header, correctly route each user's request to the appropriate server. Important

You must read and understand the details of this architecture and solution before attempting to configure it in your environment. For more information on how this is configured, see the IBM Developer Works article Achieving high availability with IBM Lotus iNotes: https://www.ibm.com/developerworks/lotus/library/inotes-avail/.

Configuring the DNS settings In this section, you configure the DNS settings on the BIG-IP to point to the same DNS server that Lotus iNotes is using. Note

 NS lookups go out over one of the interfaces configured on the BIG-IP system, not the management D interface. The management interface has its own, separate DNS settings.

Important

T he BIG-IP system must have a Route to the DNS server. The Route configuration is found on the Main tab by expanding Network and then clicking Routes. For specific instructions on configuring a Route on the BIG-IP system, see the online help or the product documentation. To configure DNS settings 1. On the Main tab, expand System, and then click Configuration. 2. On the Menu bar, from the Device menu, click DNS. 3. In the DNS Lookup Server List row, complete the following: a. In the Address box, type the IP address of the same DNS server that Lotus iNotes uses. b. Click the Add button. 4. Click Update.

Creating Data Group Lists Before we create the iRule, we create the Data Group List that the iRule uses. Critical

It is important to name the Data Group carefully as it is referenced by the iRule we create in the next procedure. If you modify the Data Group name in step 4, you must also modify it in the iRule. 4

DEPLOYMENT GUIDE IBM Lotus iNotes

To create an string data group 1. On the Main tab, expand Local Traffic, and then click iRules. 2. On the Menu bar, click Data Group List. 3. In the upper right corner of the screen, click Create. 4. In the Name box, type NSLOOKUPSERVER. 5. From the Type list, select String. 6. In the String box, type the FQDN host name, such as domino-host1.example.com. 7. In the Value box, type the associated IP address, such as 10.100.100.51. 8. Click Add. The entry appears in the String Records box. 9. Repeat steps 6 - 9 until you have entered all IP addresses. In our example, we add our 4 servers. 10. Click Finished.

Creating the iRule The iRule that follows is a example of what is needed to implement this solution. In our example, we have the Log messages commented out. To enable logging, simply remove the comment symbol (#). Critical

Be sure to change the name of the iNotes pool to match the names you gave the pool. To create the iRule 1. On the Main tab, expand Local Traffic, click iRules, and then click the Create button. 2. In the Name box, give the iRule a unique name. We use inotes_irule. 3. In the Definition section, copy and paste the iRule on the following page, omitting the line numbers. Note: Logging has been completely commented out of the iRule below for best performance. For troubleshooting or debugging you should uncomment the logging statements in the iRule. Because of the length of the iRule, instead of copying and pasting it from the following pages, you can download it: http://www.f5.com/solution-center/deployment-guides/files/inotes-irule.txt 4. Click the Finished button.

5

DEPLOYMENT GUIDE IBM Lotus iNotes

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62

when CLIENT_ACCEPTED { #log local0. "ACC - got new connect" set retries 0 set server_needed 0 set server_selected "none" } when HTTP_REQUEST { # when opening Notes database, set server_needed 1 if {([HTTP::uri] ends_with ".nsf?OpenDatabase") and not ([HTTP::uri] contains "names.nsf") and not ([HTTP::uri] contains "iwaredir.nsf")  and not ($server_selected == "new") and not ($server_selected == "orig") }{ set original_request [HTTP::request] set server_needed 1 set nsf "[substr [HTTP::uri] 1 ".nsf"].nsf" #log local0. "REQ - Server needed: $server_needed" #log local0. "REQ - NSF: $nsf" HTTP::uri /iwaredir.nsf/ServersLookup?OpenForm&nsfpath=$nsf #log local0. "REQ - uri: /iwaredir.nsf/ServersLookup?OpenForm&nsfpath=$nsf" } else { set server_needed 0 set original_request [HTTP::request] } # when HTTP::retry with new server from X-header, select it from pool if { $server_selected == "new" } { pool [LB::server pool] member $dest #log local0. "REQ - Using selected new server [LB::server addr] of pool: [LB::server pool] (Destination: $dest)" } } when LB_SELECTED { # when HTTP::retry because of 404-Code, reselect member # F5 unit sends a new session cookie if { ($retries > 0) and ($retries < 9) } { LB::reselect pool [LB::server pool] #log local0. "SELE - Reselection No. $retries" } } when HTTP_RESPONSE { #log local0. "RESP - Used server [LB::server addr] of pool: [LB::server pool]" # when 404-Code after automatic reselection of BIG-IP device to wrong server occurs, do another try if { ([HTTP::status] == 404) and ($retries < 8) } { #log local0. "ALERT: 404" incr retries #log local0. "RESP - Retrying original request with reselection No. $retries" HTTP::retry $original_request } # generate new session cookie (code from DevCentral) after member selection based on X-Headers because BIG-IP does not send one if { $server_selected == "new" } { set member "[LB::server addr]:[LB::server port]" scan $member "%u.%u.%u.%u:%u" a b c d e set pcookie "[scan [expr ($d