Administration Best Practices

Administrator Setting up Zeus Traffic Manager is a simple process; however, there are some configuration settings that should be set up to get the best out of the product and enhance the security and functionality of your site.

1. Configure an error_file for all HTTP Virtual Servers

When a request can't be served by a pool, the traffic manager can respond in several ways. Firstly, it will try the failpool; failing that, it will use the error_file setting from the virtual server. If you haven't configured an error file a default "Service Unavailable" message will be sent to the client. While this works, it isn't best for the image of your site, so it is recommended that an error_file be configured.

The error_file in 6.0 and later is configured on the VS > Edit > Connection Management page. See also the sending custom error pages article.

2. Drain nodes before removing them from the configuration

When you are performing infrastructure maintenance which requires you to remove nodes from a pool, you should drain the node before removing it. This allows existing connections to complete, and if you are using session persistence it allows existing sessions to complete.

If you don't have session persistence you may only have to wait a minute or so for existing connections to complete; with session persistence turned on you may have to wait for an hour or so for clients to finish using their sessions. In both cases you can see whether there are any existing connections, and when the node was last used on the Activity > Draining Nodes page.

3. Configure administration server security

By default the administration server is configured with a self-signed SSL certificate. This is vulnerable to man-in-the-middle attacks by an attacker who can intercept and modify the network trafic between the administrator and the admin server. If you anticipate accessing the admin server over an insecure network, you should replace hte self-signed certificate with one signed by a known Certificate Authority; this could be an external authority, or an internal corporate authority.

The administration server is also generally accessible from all IP addresses. It is possible to restrict the IP addresses that can access the administration server. For example, you could limit access to your 10.100.0.0/16 corporate network, ensuring that users outside your network cannot access the administration server.

The administration server security settings can be changed from the System > Security page.

You should also encourage your administrators to log out of the administration server whenever they have finished making configuration changes.

4. Use different usernames for different people

While it is convenient to have a shared "admin" username for administering the traffic manager, it is not best practice. If an administrator leaves you may have to change the password, impacting everyone who shares the user login. It also means that the audit log does not track the activites of individual admin users.

It is recommended that different people have different usernames. Additional users can be created on the System > Users > Local Users page.

5. Integrate with your existing authentication system

Even better than specifying different local usernames for different people is to integrate the administration server with your existing authentication infrastructure. This allows people to use the same password, and reduces chances that a system is forgotten about when an employee leaves your company.

In Zeus 6.0 it is possible to integrate with RADIUS, LDAP and TACACS+ systems. The authenticators are configured from the System > Users -> Authenticators pages.

Once you have integrated, it is possible to remove all local users, with the exception that at least one user must remain in the "admin" group (this need not be the user named "admin").

6. Ensure SSL/TLS settings are secure

As shipped the Zeus Traffic Manager has sensible SSL/TLS settings configured, but it has options to enable what are now relatively insecure protocol versions and ciphers:

  • SSLv2 is known to be insecure in a variety of ways, and thus you should ensure it disabled (this is the default),
  • The default SSLv3/TLS ciphers are sensible, and it is recommended they be left alone, unless you want to tweak the ordering that they are used in (for instance to prefer AES ciphers).

You can configure the SSL/TLS settings on the System > Global Settings page.

7. Take regular backups

The traffic manager configuration is a vital component in maintaining the operation of your site. You should ensure that backups are created regularly. You can take a backup through the administration server, or automatically using the CLI or SOAP functions.

You should also export backups and store them on another machine in case of catastrophic hardware failure.

8. Configure alerting to receive notifications of problems

Zeus Traffic Manager 5.1 introduced a customizable alerting infrastructure. Using this functionality it is possible to let your system administrators know of problems that are occurring that are relevant to them.

It is recommended that at the very least the "Default Events" event type be used to send an email to your administrators. This event type contains all the events that are emitted when a critical failure occurs, and when things recover. If this isn't good enough, it is easy to copy the event type and customize it to just contain the relevant events for you.

Alerting is configured from the System > Alerting page.

9. Ensure your setup can cope with failures and traffic bursts

While the traffic manager performance scales well with the CPU used, care should be taken to ensure your setup can cope with failures and traffic bursts (such as the slashdot effect).

In particular, it is not good practice to be running an active-active cluster with both machines running at close to 100% CPU usage. If one of the machines fails, the other machine wouldn't be able to take over all the remaining traffic, and you would end up with dropped connections and an overloaded infrastructure.

Traffic bursts are harder to handle, but one option would be to use selective short-term caching to ensure that a sudden burst doesn't overwhelm your web server layer, an example of this is caching your website for a second.

10. Ensure your software is up to date

Last but by no means least, it is important to ensure that your software is up to date. Newer versions include security fixes and fixes to existing functionality, and so we recommend you use the latest version.

Notifications of released versions are sent to all supported customers. If you don't receive these notifications, please contact your account manager.

Crispin Flowerday [Zeus Dev Team] 22 December 2009 Bookmark with del.icio.us Post this article to Digg Post this article to reddit Post this article to Facebook Tweet this article 1 comment  

Comments:

This public messageboard is not a forum for technical support. To report technical support problems, please contact our dedicated Support team using the instructions at the bottom of this page.

Comment from: Sven [Visitor]
Hi, I'd like to know what is the best practice to do automated backups of the configuration files to a remote machine. For example it might be possible to periodically scp the configuration files using public key authorization. Is there a better way to do this?
Permalink 25 February 2009 @ 13:56
Leave a comment ...
Your email address will not be displayed.
Your URL will be displayed.
This public messageboard is not a forum for technical support. To report technical support problems, please contact our dedicated Support team using the instructions at the bottom of this page.
Options:
 
(Line breaks become <br />)
(Set cookies for name, email & url)

Recently...

Other Resources