ZXTM Architecture

ZXTM performs a wide range of traffic inspection, manipulation and routing tasks, from SSL decryption and service protection, through load balancing and session persistence, to content compression and bandwidth management.

This article explains how each task fits within the architecture of ZXTM.

Virtual Servers and Pools

The key configuration objects in ZXTM are the Virtual Server and the Pool:

  • The virtual server manages the connections between the remote clients and the ZXTM system. It listens for requests on the published IP address and port of the service.

  • The pool manages the connections between ZXTM and the back-end nodes (the servers which provide the service). A pool represents a group of back-end nodes.

Everything else

Most other functions of ZXTM are associated with either a virtual server or a pool:

Virtual Server's processing

  • SSL Decryption is performed by a virtual server. It references certificates and CRLs that are stored in the configuration catalog.

  • Service Protection is configured by Service Protection Classes which reside in the catalog. Service Protection defines which requests are acceptable, and which should be discarded immediately.

  • A Virtual Server then executes any Request Rules. These rules reside in the catalog. They can manipulate traffic, and select a pool for each request.

Pool's processing

The request rules may select a pool to handle the request. If they complete without selecting a pool, the virtual server's 'default pool' is used:

  • The pool performs load-balancing calculations, as specified by its configuration. A number of load balancing algorithms are available.

  • A virtual server's request rule may have selected a session persistence class, or a pool may have a preferred session persistence class. In this case, the pool will endeavour to send requests in the same session to the same node, overriding the load-balancing decision. Session persistence classes are stored in the catalog and referenced by a pool or rule.

  • Finally, a pool may SSL-encrypt traffic before sending it to a back-end node. SSL encryption may reference client certificates, root certs and CRLs in the catalog to authenticate and authorize the connection.

Virtual Servers's processing (response)

The pool waits for a response from a back-end node, and may retry requests if an error is detected or a response is not received within a timeout period. When a response is received, it is handed back to the virtual server:

  • The virtual server may run Response Rules to modify the response, or to retry it if it was not acceptable. Response rules are stored in the catalog.

  • A virtual server may be configured to compress HTTP responses. They will only be compressed if the remote client has indicated that they can accept compressed content.

  • The virtual server may be configured to write a log file entry to record the request and response. HTTP access log formats are available, and formats for other protocols can be configured.

  • A request rule may have selected a Service Level Monitoring class to monitor the connection time, or the virtual server may have a default class. These servive level monitoring classes are stored in the catalog, and are used to detect poor response times from back-end nodes.

  • Finally, a virtual server may assign the connection to a Bandwidth Management Class. A bandwidth class is used to restrict the bandwidth available to a connection; these classes are stored in the catalog.

Many of the more complex configuration objects are stored in the configuration catalog. These objects are referenced by a virtual server, pool or rule, and they can be used by a number of different services if desired.

Other configuration objects

Two other configuration objects are worthy of note:

  • Monitors are assigned to a pool, and are used to asynchronously probe back-end nodes to detect whether they are available or not. Monitors reside in the catalog.

  • Traffic IP Groups are used to configure the fault-tolerant behavior of ZXTM. They define groups of IP addresses that are shared across a fault-tolerant cluster.

Configuration

Core service objects - Virtual Servers, Pools, Traffic IP Groups - are configured using the 'Services' part of the ZXTM Admin server:

Catalog objects and classes - Rules, Monitors, SSL certificates, Service Protection, Session Persistence, Bandwidth Management and Service Level Monitoring classes - are configured using the 'Catalogs' part of the ZXTM Admin server:

Owen Garrett [Zeus Dev Team] 01 August 2005  Permalink  
Leave a comment ...
Your email address will not be displayed.
Your URL will be displayed.
This public messageboard is not a forum for technical support. To report technical support problems, please contact our dedicated Support team using the instructions at the bottom of this page.
Options:
 
(Line breaks become <br />)
(Set cookies for name, email & url)
Download Free ZXTM Desktop Edition

Recent Articles

Other Resources



www.zeus.com

powered by
b2evolution
About this site. The ZXTM KnowledgeHub service is provided without warranty, and articles and comments may not reflect the views of Zeus Technology. For technical support queries, please contact Zeus Technical Support. Disclaimer and Privacy statement.