Configuring HTTP connectivity
Applies to: Kyvos Enterprise Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace
Kyvos Azure Marketplace Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)
This section explains the steps to be performed after deploying or upgrading to Kyvos 2020.4.x with:
For HTTP Connectivity (Public IP)
This section explains the steps to be performed after deploying or upgrading to Kyvos 2020.4.x with HTTP connectivity with a Public load balancer.
To define the pubic load balancer, perform the following:
Create a Public Load Balancer in Azure
Configure the Backend pool
Configure the Health probe
Define Load Balancing rules
Define Outbound rules
The following sections explain each of these in detail.
Creating a Public Load Balancer in Azure
To create a public load balancer in Azure, perform the following steps.
Log in to the Azure portal using Admin credentials (or a user with sufficient rights to create load balancers).
Navigate to the Load Balancers page, and click Create Load Balancer. Alternatively, you can click the Add button.
On the Create load balancer page, enter details as:
Resource Group: Select your resource group from the list or create a new one.
Name: Provide a name for the load balancer.
Region: Select the region for your load balancer instance.
Type: Select the Public option.
SKU: Select the Standard option.
Virtual Network: Choose a virtual network from the selected subscription and location.
Public IP address: Choose the public IP address to be used in the frontend IP configuration. You can also create a new address (if needed).
If you choose to create a new IP, you will need to provide the Availability Zone in which you want to deploy your public IP address. You can choose the Zone-redundant option to create a zone-redundant data path.Add a public IPv6 address: Optionally assign the load balancer a public IPv6 address in addition to the public IPv4 address. The load balancing rules may be different for IPv4 and IPv6 traffic.
Click Next: Tags.
Here, provide tags, if required by your organization.
Click Next: Review+create. The system validates your inputs.
Click the Create button if the validation is successful. Else, click Previous and make the necessary changes.
The Load Balancer is created. The system also creates the Frontend IP Address.
Configuring Backend Pool
To configure the Backend Pool, perform the following steps.
On the Load Balancer page, click Go to Resources.
From the left navigation pane, select the Backend pools option.
On the Backend pool page, enter details as:
Name: Provide a name for your backend pool.
Virtual Network: Select the virtual network pool. A backend pool can only contain resources from one virtual network.
IP version: Select the IPv4 option.
In the Virtual machines section, add all the Kyvos cluster nodes where the Web Portal service is configured (or expected to be configured).
Click Add. The Backend Pool is created and displayed in the list.
Configuring Health Probe
To configure the Health Probe, perform the following steps.
On the Load Balancer page, click Go to Resources.
From the left navigation pane, select the Health probes option.
On the Add a Health probe page, enter details as:
Name: Provide a name for the Health probe.
Protocol: Select the TCP option.
Port: Provide the port (default 8081) on which Kyvos Web Portal runs on Kyvos cluster nodes.
Interval: Select the time interval (in seconds) between probe attempts.
Unhealthy threshold: Select the number of consecutive probe failures that must occur before a virtual machine is considered unhealthy.
Click OK. The Health probe is created and added to the list.
Defining Load Balancing rules
A load balancing rule distributes incoming traffic that is sent to a selected IP address and port combination across a group of backend pool instances. Only backend instances that the health probe considers healthy receive new traffic.
To define the Load balancing rule for your public load balancer, perform the following steps.
On the Load Balancer page, click Go to Resources.
From the left navigation pane, select the Load Balancing rules option.
On the Add Load Balancing Rule page, enter details as:
Name: Provide a name for the rule.
IP Version: Select the IPv4 option.
Frontend IP address: Select the Frontend IP address created for the load balancer. You can only select a frontend IP address that has one public IP.
Protocol: Select the TCP option.
Port: Provide the port required for the load balancer (The default port is 80).
Backend port: Provide the port used for the health probe (default: 8081). You can choose to route traffic to the virtual machines in the backend pool using a different port than the one clients use to communicate with the load balancer.
Backend Pool: Select the backend pool created for your public load balancer. The virtual machines in the selected backend pool will be the target for the load-balanced traffic of this rule.
Health Probe: Select the health probe created for the load balancer (in the previous section). The selected probe is used by this rule to determine which virtual machines in the backend pool are healthy and can receive load-balanced traffic.
Session persistence: Set the value as Client IP and protocol. Session persistence specifies that the same virtual machine should handle traffic from a client in the backend pool for the duration of a session.
Idle timeout (minutes): Provide the time interval to keep a TCP or HTTP connection open without relying on clients to send keep-alive messages.
Floating IP: Select the Disabled option.
Outbound source network address translation (SNAT): Select the Use outbound rules to provide backend pool members access to the internet option.
Click OK. The rule is created.
Defining Outbound rules
To add an Outbound rule for the Load Balancer, perform the following steps.
On the Load Balancer page, click Go to Resources.
From the left navigation pane, select the Outbound rules
On the Add outbound rule page, enter details as:
Name: Provide a name for the Health probe.
Frontend IP address: Select the Frontend IP address for the outbound rule. You can select up to 16 IP addresses to be used by outbound traffic. Select more IP addresses to increase the number of ports per instance and the maximum number of backend instances.
Protocol: Select the All option.
Idle timeout (minutes): Provide the time interval in minutes to keep a TCP connection open.
TCP Reset: Select the Enable option to send a TCP reset packet when idle timeout is reached.
Backend Pool: Select the backend pool created for the load balancer. This rule applies to all instances in the backend pool.
Port allocation: Select Use the default number of outbound ports
Click the OK. The rule is added to the list.
For HTTP Connectivity (Private IP)
This section explains the steps to be performed after deploying or upgrading to Kyvos 2020.4.x with HTTP Connectivity with the Private IP of the Load Balancer.
To create a Private Load Balancer, Azure recommends creating one private (internal) and one public load balancer (with outbound rules defined) to create outbound connectivity for VMs behind an internal load balancer.
To define the Private load balancer, perform the following.
Create a Public Load Balancer in Azure, and then:
Configure Backend pool
Define Outbound rules
Create a Private Load Balancer in Azure, and then:
Configure Backend pool
Configure Health probe
Define Load Balancing rules
The following sections explain the procedures for each of these in detail.
Creating a Private Load Balancer
To create a Private Load Balancer from the Azure portal, perform the following steps.
Log in to the Azure portal using Admin credentials (or a user with sufficient rights to create load balancers).
Navigate to the Load Balancer page, and click Create Load Balancer. Alternatively, click the Add button.
On the Create load balancer page, enter details as:
Resource Group: Select your resource group from the list or create a new one.
Name: Provide a name for the load balancer.
Region: Select the region for your load balancer instance.
Type: Select the Internal option.
SKU: Select the Standard option.
In the Configure virtual network area, enter details as:
Virtual Network: Choose a virtual network from the selected subscription and location.
Subnet: Select the subnet for the virtual network.
IP address assignment: Select the Dynamic option.
Availability Zone: Provide the zone in which you want to deploy your public IP address. You can choose the Zone-redundant option to create a zone-redundant data path.
Click Next: Tags. Provide tags, if required by your organization.
Click Next: Review+create. The system validates your inputs.
Click the Create button if the validation is successful. Else, click Previous and make the necessary changes.
The Load Balancer is created. The system also creates the Frontend IP Address.
Configuring Backend Pool
To configure the Backend Pool, perform the following steps.
On the Load Balancer page, click Go to Resources.
From the left navigation pane, select the Backend pools
On the Backend pool page, enter details as:
Name: Provide a name for your backend pool.
Virtual Network: Select the virtual network pool. A backend pool can only contain resources from one virtual network.
IP version: Select the IPv4 option.
In the Virtual machines area, add all the Kyvos cluster nodes where the Web Portal service is configured (or expected to be configured).
Click Add. The Backend Pool is created and displayed in the list.
Configuring Health Probe
To configure the Health Probe, perform the following steps.
On the Load Balancer page, click Go to Resources.
From the left navigation pane, select the Health probes
On the Add health probe page, enter details as:
Name: Provide a name for the Health probe.
Protocol: Select the TCP option.
Port: Provide the port (default 8081) on which Kyvos Web Portal is running on Kyvos cluster nodes.
Interval: Select the time interval (in seconds) between probe attempts.
Unhealthy threshold: Select the number of consecutive probe failures that must occur before a virtual machine is considered unhealthy.
Click OK. The Health probe is created and added to the list.
Defining Load Balancing Rule
To define the Load balancing rule for your private load balancer, perform the following steps.
On the Load Balancer page, click Go to Resources.
From the left navigation pane, select the Load Balancing rules
On the Add load balancing rule page, enter details as:
Name: Provide a name for the rule.
IP Version: Select the IPv4 option
Frontend IP address: Select the Frontend IP address created for the load balancer. You can only select a frontend IP address that has one public IP.
HA Ports: No need to select (default).
Port: Provide the port required for the load balancer (default: 80)
Backend port: Provide the port used for the health probe (default: 8081). You can choose to route traffic to the virtual machines in the backend pool using a different port than the one clients use to communicate with the load balancer.
Backend Pool: Select the backend pool created for your private load balancer. The virtual machines in the selected backend pool will be the target for the load-balanced traffic of this rule.
Health Probe: Select the health probe created for your private load balancer (in the previous section). The selected probe is used by this rule to determine which virtual machines in the backend pool are healthy and can receive load-balanced traffic.
Session persistence: Set the value as Client IP and protocol. Session persistence specifies that the same virtual machine should handle traffic from a client in the backend pool for the duration of a session.
Idle timeout (minutes): Provide the time interval to keep a TCP or HTTP connection open without relying on clients to send keep-alive messages.
TCP Reset: Select the Disabled option.
Floating IP: Select the Disabled option.
Click the OK. The rule is created.
Create a public load balancer
To create a public load balancer in Azure, perform the following steps.
Log in to the Azure portal using Admin credentials (or a user with sufficient rights to create load balancers).
Navigate to the Load Balancers page, and click the Create Load Balancer. Alternatively, you can click the Add button.
On the Create load balancer page, enter details as:
Resource Group: Select your resource group from the list or create a new one.
Name: Provide a name for the load balancer.
Region: Select the region for your load balancer instance.
Type: Select the Public option.
SKU: Select the Standard option.
Virtual Network: Choose a virtual network from the selected subscription and location.
Public IP address: Choose the public IP address to be used in the frontend IP configuration. You can also create a new address (if needed).
If you choose to create a new IP, you will need to provide the Availability Zone, in which you want to deploy your public IP address. You can choose the Zone-redundant option to create a zone-redundant data path.Add a public IPv6 address: Optionally assign the load balancer a public IPv6 address in addition to the public IPv4 address. The load balancing rules may be different for IPv4 and IPv6 traffic.
Click Next: Tags.
Here, provide tags, if required by your organization.
Click Next: Review+create. The system validates your inputs.
Click the Create button if the validation is successful. Else, click Previous and make the necessary changes.
The Load Balancer is created. The system also creates the Frontend IP Address.
Configuring Backend Pool
To configure the Backend Pool, perform the following steps.
On the Load Balancer page, click Go to Resources.
From the left navigation pane, select the Backend pools
On the Backend pool page, enter details as:
Name: Provide a name for your backend pool.
Virtual Network: Select the virtual network pool. A backend pool can only contain resources from one virtual network.
IP version: Select the IPv4 option.
In the Virtual machines area, add all the Kyvos cluster nodes where the Web Portal service is configured (or expected to be configured).
Click Add. The Backend Pool is created and displayed in the list.
Defining Outbound Rule
Add an Outbound rule with default configuration by selecting frontend and backend pool.
To add an Outbound rule for the Load Balancer, perform the following steps.
On the Load Balancer page, click Go to Resources.
From the left navigation pane, select the Outbound rules
On the Add outbound rule page, enter details as:
Name: Provide a name for the Health probe.
Frontend IP address: Select the Frontend IP address for the outbound rule. You ca select up to 16 IP addresses to be used by outbound traffic. Select more IP addresses to increase the number of ports per instance and the maximum number of backend instances.
Protocol: Select the All
Idle timeout (minutes): Provide the time interval in minutes to keep a TCP connection open.
TCP Reset: Select the Enable option to send a TCP reset packet when idle timeout is reached.
Backend Pool: Select the backend pool created for the load balancer. This rule applies to all instances in the backend pool.
Port allocation: Select the Use the default number of outbound ports
Click OK. The rule is added to the list.
Copyright Kyvos, Inc. All rights reserved.