Monthly Archives: June 2012

Load Balancer Internal IP’s Appearing in IIS/Apache Logs: Quick Fix

If you are NAT’ing public to private addresses with a load balancer in between your web server and your Gateway/FireWall device you might come across the situation where the IIS/Apache logs report the IP of the Load Balancer, when what you really want, is the client IP.

It’s obvious that the biggest issue with this is that any Log Parser/Analytic’s you do against the site will all be relative to the IP of the load balancer. All useful client and geographical information is lost.

Most Load Balancer’s get around this by inserting a Header into the packet that relates to Client IP. In most cases that I have seen, both Juniper and NetScalers the Header is set to rlnclientipaddr.

What needs to be done at the web server configuration level to help pick up on and translate the header info so it can be used to translate the correct client IP into the log files. There are obviously different way to achieve this in Apache, compared to IIS and Apache has a much simply solution than IIS.

Apache:

In your apache.conf go to the LogFormat sections and modify the default format as shown below (Replace the Red text with the green text) and restart the Apache Service.


IIS
:

The IIS 5/6/7/8 solution is a little more involved, but still just as efficient and not overly complicated at the end of the day…in fact for me the hardest part was actually chasing up the DLL’s linked below. It must be noted that while this has worked perfectly for me against both a Juniper DX and NetScaler VPX load balancer I would suggest testing the solution before putting it into production. Reason being is that the ISAPI filters are specifically sourced for the Juniper DX series, but in my testing I found that they worked for the NetScalers as well. Sourcing the x64 DLL’s was a mission, so in this I am saving you a great deal of time by provided the files below.

rllog-ISAPI

Download and extract those files into your Windows root. Go to the Features View -> ISAPI Filters and Click on Add. Enter in the Name and Executable Location and click ok. Note that it’s handy to add both 32 and 64 bit version to a 64bit IIS Web Server just in case you are dealing with legacy Application that are required to run in 32bit mode. Adding the ISAPI Filter at the root config of the Web Server so it propagates down to all existing sites and any newly created sites.

isapi_dll

The Backup Delusion – Part 2

It’s been a while since my first post on this topic, but there has certainly been a lot of thought and effort put into this subject since then. At first I envisaged this to be a two part post, but I think I’m going to break this up over a couple more posts, that focus on a couple particular area’s that have come to the fore since i’ve begun to seriously think about backups as a hosting provider.

I’ve been running an internal product group that’s tasked with trying to find, test and launch the best overall Backup Application for our diverse client base. As a group we have gone through a process of trying to work out what features and benefits are most important to both us, as a business, and what’s important from a client’s perspective.

backup_sel_matrix_1

We spent some time working on a Backup Selection Matrix that could quantify and rate those features and from there, we would be able to score any Backup Product based on those numbers. In the previous post I listed out some of those features and explained how they effect they way in which, both clients and us as providers look at selecting, developing and deploying products. At the end of that process we where able to clearly graph products against an X and Y axis (as shown below) and from that, clearly get an indication on which products came out on top based on those requirements.

backup_sel_matrix_2

At the sake of not embarrassing some Backup vendor’s I’ve removed the product names from the images above. Suffice to say that some large, well known vendor products fell well short of expectation and rated very poorly. Across the board it was clear that not one product stood out…but some certainly failed and scored poorly.

What it’s allowed the group to do is to quantify against the testing, staging and real world UAT sites which in theory should lead to a calculated decision to be made on which product best fits the requirements.

In the next post in the series i’ll explain why, in some countries such as Australia where high speed broadband is not as widely available as in other countries, we have a fundamental issue with offsite backup technologies which basically cause most large offsite replication and backup jobs to fail…which ultimately renders the offsite backup solution useless…and that effectively puts service providers at risk of credibility issues if expectations are not set based on real world metrics.

The Backup Delusion – Part 1

Quick Thought: VMware’s first “Microsoft” move with SocialCast

VMware announced overnight that their aquired Private Social Media Platform SocialCast is to have full features enabled for 50 users.

http://www.vmware.com/company/news/releases/vmw-socialcast-free-06-06-12.html

I have been using SocialCast for about 6 months privately and I’ve been involved in a couple VMware run Private Beta programs using SocialCast as the social platform…it’s excellent, intuitive and easy to use.

I have seen the potential in the product and I have been excited at the prospect of potentially productising it for the SMB market here in Australia. Now, just as a sidenote, the SMB market in Australia is considered to be between 20-50 seats. Public social networks are fine for those companies not concerned with  intellectual and sensitive information being leaked and made available outside the corporate network/environment…so being able to offer a secure, private alternative with all the cool bits of a public platform would be very attractive…and if I can sell that at x amount of $ per user per month, I’m happy!

To quote the press release:

This is the first enterprise social network to offer a free option for small businesses and departments that includes an award-winning user experience backed by enterprise-level security, compliance capabilities, administration tools, mobile access, and the ability to integrate with existing applications. With full access to features, organizations can completely implement an enterprise social network and experience how social connects people, information and applications to drive business results.

Limited products don’t deliver on the potential of enterprise social,” said Tim Young, vice president of Social, VMware. ”We don’t want people to have anything but the best experience with their communities. Now we’re able to offer companies of all sizes enterprise social networks that employees will love to use, and with the confidence their data is secure.”

That’s awesome and I do applaud VMware for making this platform more accessible at the lower end of town…but the question I would ask is If this is the first step in VMware becoming more like Microsoft/Google offering their own public cloud services and undercutting their partners?

Just imagine if VMware was to start offering publicly available feature rich versions of vCloud, Zimbra…or the more obviously product…Project Octopus?

…I’m a little concerned!