Solved

ip / url redirect

Posted on 2016-09-26
13
74 Views
Last Modified: 2016-10-05
Hello EE,

I have a set of pooled servers and for deployment reasons , I want to use a " Blue /Green" deployment for updates . So essentially, the current production is "Blue " ( v1) and when we update a client , they are moved to "Green" v2 . For example, there are 4 servers in the pool , server1( blue) , server2 ( blue), server3 ( green) , server4 ( green) . The external ip is the same and points to all 4, but only 2 ( blue/current prod) are active , and I wish to redirect ONE CLIENT AT A TIME to green set during an update . This is a 2012 R2 IIS8 environment and each client site is hosted on the same internal ip using a wildcard cert . Example , client1.somedomain.ca, client2.somedomain.ca

Since I do not wish to change the public dns records , I need a way to redirect the traffic to the green set ( new ip internal pool) . Initially, I was going to have my could provider configure an irule on the f5 bigip device for this and redirect the traffic this way , but I wish to maintain control over the redirecting of each client from either within IIS or using a proxy service

is there a way to use a service or something in IIS8 to achieve the same result ?
0
Comment
Question by:davesnb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 28

Accepted Solution

by:
Dan McFadden earned 500 total points
ID: 41817581
Load balancers are capable of running a check against a web site to see if a specific page is available.  This is often referred to as a "health check" or "health monitor."

Link:  https://devcentral.f5.com/articles/back-to-basics-health-monitors-and-load-balancing

So in essence this would be the process (I use this in PROD):
** this assumes you have a web farm defined on the LBs **

1. choose a name for the web page to be used in the health check config
1a. I use an HTML file named healthy.html which is a properly formed HTML5 page with an <h1> element that has the content "healthy" in it.
2. place the "healthy.html" file in the content structure of each site to be checked.  I place it in the root of every site.  You could place it deeper in your site, but that is your choice and the flexibility of your LBs.
3. setup the health check on the LB.  I use a frequency of 60 seconds.
4. To take a server out of service, just rename the "healthy.html" to something like "unhealthy.html" or "offline.html."  After a few minutes, the LBs should detect a failure on the health check and prevent the server from answering requests.

This functions at the web site level.  Your server setup would look something like:

1. Server01 (blue = online)
1a.  clientsite1.domain.com - healthy.html in the site root, returns a http 200 when hit
1b.  clientsite2.domain.com - healthy.html in the site root, returns a http 200 when hit
1c.  clientsite3.domain.com - healthy.html in the site root, returns a http 200 when hit

2. Server02 (blue = online)
2a.  clientsite1.domain.com - healthy.html in the site root, returns a http 200 when hit
2b.  clientsite2.domain.com - healthy.html in the site root, returns a http 200 when hit
2c.  clientsite3.domain.com - healthy.html in the site root, returns a http 200 when hit

3. Server03 (green = online, but sites unhealthy)
3a.  clientsite1.domain.com - unhealthy.html in the root, hit to healthy.html returns 404
3b.  clientsite2.domain.com - unhealthy.html in the root, hit to healthy.html returns 404
3c.  clientsite3.domain.com - unhealthy.html in the root, hit to healthy.html returns 404

4. Server04 (green = online, but sites unhealthy)
4a.  clientsite1.domain.com - unhealthy.html in the root, hit to healthy.html returns 404
4b.  clientsite2.domain.com - unhealthy.html in the root, hit to healthy.html returns 404
4c.  clientsite3.domain.com - unhealthy.html in the root, hit to healthy.html returns 404

Deployment process:
1. drop code update on site "cliensite1.domain.com" on server 3 & 4
2. flip to Green servers
2a.  rename "healthy.html" on server 1 & 2 to "unhealthy.html"
2b.  rename "unhealthy.html" on server 3 & 4 to "healthy.html"
3. do this for each site as required

Dan
0
 

Author Closing Comment

by:davesnb
ID: 41818256
Thanks Dan I like this approach .
0
 

Author Comment

by:davesnb
ID: 41821636
HI Dan,

my cloud provider says that SSL offload is critical for this to work , is that correct ? I prefer not to use SSL oflfload due to some of the site configs .
0
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 28

Expert Comment

by:Dan McFadden
ID: 41821646
I would say that is true because if there is an SSL Certificate being used, it would need to be on the LB so that it could terminate the SSL connection.  The positive side of this is that you would only have to update the SSL Cert once or twice... on the 1 or 2 LBs in operation.

What site configs are of concern?

Dan
0
 

Author Comment

by:davesnb
ID: 41821706
I think some of our issues are coming in due to forcing of SSL (redirecting HTTP to HTTPS).  So the sites have been set incorrectly for the lb, the end result was no connection when attempting to work . Wha tis the optimal setting for the sites in IIS for the above to work with SSL offload, just have the "SSLl Settings" set to "ignore" for client certificates? is there anything else to check  ?
0
 
LVL 28

Expert Comment

by:Dan McFadden
ID: 41821731
You are using Client Certificates?

What I've done in the past is drop the production SSL Cert on the LBs.  The http->https redirect is done at the LBs as well.  The LBs are the SSL endpoint for the clients.  Then the LBs act as a client to the websites on the server, make the http(s) request on behalf of the client and forward the response back to the original requester.

If you need end-to-end SSL traffic, you could use different, internally issues SSL certs between the LB & the IIS Servers.

Dan
0
 

Author Comment

by:davesnb
ID: 41821747
No we are using server server certificates. The redirect to https is hard coded in some of the sites ( i just found out)
0
 
LVL 28

Expert Comment

by:Dan McFadden
ID: 41821788
But this may not be a big deal... If you have a wildcard SSL certificate, just use it every where.

What do you mean "hard coded?"  Actually in the code or in the IIS web site config?  I would try to get the "hard coded" redirect removed if possible.

IMO, hard coding anything today goes against any form of best practice.  IIS has redirection capabilities plus the feature of URL Rewrite (which is even more powerful), so doing a redir in code is a waste of effort and white space.

Dan
0
 

Author Comment

by:davesnb
ID: 41829940
HI Dan,

Do you have an example health monitor rule for the "healthy.hmtl"/ "unhealthy.html" for your sites loaded on the f5 that you can provide please.

D.
0
 
LVL 28

Expert Comment

by:Dan McFadden
ID: 41829956
0
 

Author Comment

by:davesnb
ID: 41829968
Thank you , is it possible to just change the domain names / ips and any other sensitive info . I just need an example compare . Thank you for the links nonetheless.

D.
0
 
LVL 28

Expert Comment

by:Dan McFadden
ID: 41829986
The how to article is the one to go thru then.  I has screenshots.

Getting a dump of my health monitor is complicated and would involve going thru the security department.  Nice ppl but suspicious of everything especially of requests for rule configurations.

Dan
0
 

Author Comment

by:davesnb
ID: 41830001
ok no worries , tks
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question