Device Manager GUI Guide vA5(2.0), Cisco ACE 4700 Series Application Control Engine Appliance
Using DM Guided Setup
Downloads: This chapterpdf (PDF - 274.0KB) The complete bookPDF (PDF - 17.94MB) | Feedback

Using DM Guided Setup

Table Of Contents

Using DM Guided Setup

Information About Guided Setup

Guidelines and Limitations

Using ACE Hardware Setup

Using Virtual Context Setup

Using Application Setup

ACE Network Topology Overview

Using Application Setup


Using DM Guided Setup


This chapter describes how to use Cisco Device Manager (DM) Guided Setup.


Note When naming ACE objects (such as a real server, virtual server, parameter map, class map, health probe, and so on), enter an alphanumeric string of 1 to 64 characters, which can include the following special characters: underscore (_), hyphen (-), dot (.), and asterisk (*). Spaces are not allowed.

If you are using DM with an ACE appliance and you configure a named object at the ACE CLI, keep in mind that DM does not support all of the special characters that the ACE CLI allows you to use when configuring a named object. If you use special characters that DM does not support, you may not be able to import or manage the ACE using DM.


This chapter includes the following sections:

Information About Guided Setup

Guidelines and Limitations

Using ACE Hardware Setup

Using Virtual Context Setup

Using Application Setup

Information About Guided Setup

DM Guided Setup provides a series of setup sequences that offer GUI window guidance and networking diagrams to simplify the configuration of DM and the network devices that it mananges.

Guided Setup allows you to quickly perform the following tasks:

Configure ACE devices that are new to the network by establishing network connectivity in either standalone or high-availability (HA) deployments.

Create and connect to an ACE virtual context.

Set up load balancing application from an ACE to a group of back-end servers.

To access Guided Setup, click the Config tab located at the top of the window, then click Guided Setup.


Note The available menu and button options on the Guided Setup tasks are under Role-Based Access Control (RBAC). Menu and button options will be grayed if proper permission has not been granted to the logged in user by the administrator. See the "Controlling Access to the Cisco ACE Appliance" section for more information about RBAC in DM.


Table 3-1 identifies the individual guided setup tasks and related topics.

Table 3-1 Guided Setup Tasks and Related Topics

Guided Setup Tasks
Purpose
Related Topics

ACE hardware setup

Launch the ACE Hardware Setup task to help you configure ACE devices that are new to the network by establishing network connectivity in either standalone or high-availability (HA) deployments.

Using ACE Hardware Setup

Managing ACE Appliance Licenses

Configuring SNMP for Virtual Contexts

Configuring Port Channel Interfaces

Configuring Gigabit Ethernet Interfaces

Configuring Virtual Context VLAN Interfaces

Configuring High Availability Peers

Virtual context setup

Launch the Virtual Context Setup task to create and connect an ACE virtual context.

Using Virtual Context Setup

Managing Resource Classes

Creating Virtual Contexts

Configuring Virtual Contexts

Application setup

Launch the Application Setup task to configure load balancing for your application. This task guides you through a complete end-to-end configuration of the ACE for many common server load-balancing situations.

Using Application Setup

Configuring Virtual Context VLAN Interfaces

Configuring Virtual Context BVI Interfaces

Configuring VLAN Interface NAT Pools

Configuring Security with ACLs

SSL Setup Sequence

Configuring Virtual Servers


Guidelines and Limitations

As you perform a Guided Setup task, use the following operating conventions:

To move between steps, click the name of the step in the menu to the left.

The steps for each task are listed in an order that is designed to prevent problems during later steps; however, you can skip steps if you know they are not applicable to your application.

Depending on your user privileges, DM may prevent you from making changes on certain steps.

You must save and deploy any changes you want to keep before leaving each page.

Each task can be run as many times as you like.

Using ACE Hardware Setup

You can use the ACE Hardware Setup task to configure ACE devices that are new to the network by establishing network connectivity in either standalone or high-availability (HA) deployments.

Assumptions

You can extend the functionality of the ACE by installing licenses. If you plan to extend the ACE functionality, ensure that you have received the proper software license key for the ACE, that ACE licenses are available on a remote server for importing to the ACE, or you have received the software license key and have copied the license file to the disk0: file system on the ACE using the copy path/]filename1 disk0: CLI command.


Note See the Administration Guide, Cisco ACE Application Control Engine for details on the copy path/]filename1 disk0: CLI command.


You must be in the Admin virtual context on an ACE appliance to configure ACE devices that are new to the network.

When importing an ACE HA pair into DM, you should follow one of the following configuration requirements so that DM can uniquely identify the ACE HA pair:

Use a unique combination of FT interface VLAN and FT IP address/peer IP address for every ACE HA pair imported into DM. For HA, it is critical that the combination of FT interface VLAN and IP address/peer IP address is always unique across every pair of ACE peer devices.

Define a peer IP address in the management interface using the management IP address of the peer ACE (module or appliance). The management IP address and management peer IP address used for this definition should be the management IP address used to import both ACE devices into DM.


Note For more information about the use of HA pairs imported into DM, see "Understanding ACE Redundancy" section.


When you are configuring the ACE, changes to the physical interfaces (including Gigabit Ethernet ports or port channels) can result in a loss of connectivity between DM and the ACE. Use caution when following the ACE Hardware Setup task if you are modifying the interface that management traffic is traversing.

Procedure


Step 1 Choose Config > Guided Setup > ACE Hardware Setup.

The ACE Hardware Setup window appears with the Configuration Type drop-down list.

Step 2 From the Configuration Type drop-down list, choose whether to set up the ACE as a standalone device or as a member of a high-availability (HA) ACE pair:

Standalone—The ACE is not to be used in an HA configuration.

HA Secondary—The ACE is to be the secondary peer in an HA configuration.

HA Primary—The ACE is to be the primary peer in an HA configuration.


Note Ensure that you complete the ACE hardware setup task for the secondary device before you set up the primary device.


Step 3 Click Start Setup.

The License window appears (Config > Guided Setup > ACE Hardware Setup > Licenses). Cisco offers licenses for ACE appliances that allows you to increase the number of default contexts, bandwidth, and SSL TPS (transactions per second). For more information, see the Administration Guide, Cisco ACE Application Control Engine on cisco.com.

If you need to install licenses at this point, go to Step 4.

If you do not need to install licenses at this point, go to Step 5.

Step 4 Install one or more ACE licenses (see the "Managing ACE Appliance Licenses" section).


Note For an ACE primary and secondary HA pair, because each ACE license is only valid on a single hardware device, licenses are not synchronized between HA peer devices. You must install an appropriate version of each license independently on both the primary and secondary ACE devices.


Step 5 Click SNMP v2c Read-Only Community String under ACE Hardware Setup (Config > Guided Setup > ACE Hardware Setup > SNMP v2c Read-Only Community String).

The SNMP v2c Read-Only Community String window appears.

Perform the following actions to configure an SNMP community string (a requirement for an ACE to be monitored by DM):

a. Click Add (+) at the top of the SNMP v2c Read-Only Community String table to create an SNMP community string. The New SNMP v2c Community window appears.


Note For DM to monitor an ACE, you must configure an SNMPv2c community string in the Admin virtual context.


b. In the Read-Only Community field, enter the SNMP read-only community string name. Valid entries are unquoted text strings with no spaces and a maximum of 32 characters.

Additional SNMP configuration selections are available under Config > Virtual Contexts > context > System > SNMP. See the "Configuring SNMP for Virtual Contexts" section.

Step 6 If you are configuring an ACE appliance, to group physical ports together on the ACE appliance to form a logical Layer 2 interface called the port-channel (sometimes known as EtherChannels), click Port Channel Interfaces under ACE Hardware Setup.

The Port Channel Interfaces window appears (Config > Guided Setup > ACE Hardware Setup > Port Channel Interfaces).


Note You must configure port channels on both the ACE appliance and the switch that the ACE is connected to.


Perform the following actions to configure a port channel interface:

a. At the top of the Port Channel Interfaces table, click Add (+) to add a port channel interface, or choose an existing port channel interface and click Edit to modify it. The New Port Channel Interface window appears.


Note If you click Edit, not all of the fields can be modified.


b. Enter the port channel interface attributes as described in the "Configuring Port Channel Interfaces" section.

c. Click Deploy Now to deploy this configuration on the ACE and save your entries to the running-configuration and startup-configuration files.

d. To display statistics and status information for a port-channel interface, choose the interface from the Port Channel Interfaces table and click Details. The show interface port-channel CLI command output appears. See the "Displaying Port Channel Interface Statistics and Status Information" section for details.

Step 7 If you are configuring an ACE appliance, to configure one or more of the Gigabit Ethernet ports on the appliance, click GigabitEthernet Interfaces under ACE Hardware Setup. The GigabitEthernet Interfaces window appears (Config > Guided Setup > ACE Hardware Setup > GigabitEthernet Interfaces).

a. Choose an existing Gigabit Ethernet interface and click Edit to modify it.

b. Enter the Gigabit Ethernet physical interface attributes as described in the "Configuring Gigabit Ethernet Interfaces" section.

c. Click Deploy Now when completed to deploy this configuration on the ACE and save your entries to the running-configuration and startup-configuration files.

d. Repeat Steps a through c for each Gigabit Ethernet interface that you want to configure.

e. To display statistics and status information for a particular Gigabit Ethernet interface, choose the interface from the GigabitEthernet Interfaces table, then click Details. The show interface gigabitEthernet CLI command output appears. See the "Displaying Gigabit Ethernet Interface Statistics and Status Information" section for details.

Step 8 If the ACE is a member of an HA ACE pair, click VLAN Interfaces under ACE Hardware Setup.

The VLAN Interfaces window appears (Config > Guided Setup > ACE Hardware Setup > VLAN Interfaces).


Note To prevent loss of management connectivity during an HA configuration, you must configure the IP addresses of the management VLAN interface correctly for your HA setup. During this procedure, choose the management VLAN interface (and click the Edit button) and make sure its IP address, alias IP address, and peer IP address are all set correctly. You can repeat this process for any VLAN interfaces that you want. If the management VLAN is properly configured before establishing HA, you will be able to return later to reconfigure other VLANs.


a. Click Add to add a new VLAN interface, or choose an existing VLAN interface and click Edit to modify it.


Note If you click Edit, not all of the fields can be modified.


b. Enter the VLAN interface attributes as described in the "Configuring Virtual Context VLAN Interfaces" section. Click More Settings to access the additional VLAN interface attributes. By default, DM hides the default VLAN interface attributes and the VLAN interface attributes which are not commonly used.

c. Click Deploy Now to deploy this configuration on the ACE and save your entries to the running-configuration and startup-configuration files.

d. To display statistics and status information for a VLAN interface, choose the VLAN interface from the VLAN Interface table, then click Details. The show interface vlan, show ipv6 interface vlan, and show ipv6 neighbors CLI commands appear. Click on the command to display its output. See the "Displaying VLAN Interface Statistics and Status Information" section for details.

Step 9 If the ACE is the primary peer in a high availability (HA) configuration, click HA Peering under ACE Hardware Setup (Config > Guided Setup > ACE Hardware Setup > HA Peering).

a. Click Edit below the HA Management section to configure the primary ACE and the secondary ACE as described in the "Configuring High Availability Peers" section. There are two columns, one for the selected ACE and another for a peer ACE.

You can specify the following information:

Identify the two members of a HA pair.

Assign IP addresses to the peer ACEs.

Assign an HA VLAN to HA peers and bind a physical Gigabit Ethernet interface to the FT VLAN.

Configure the heartbeat frequency and count on the peer ACEs in a fault-tolerant VLAN.

When completed, click Deploy Now to deploy this configuration on the ACE and save your entries to the running-configuration and startup-configuration files.

b. Click Add below the ACE HA group table to add a new high availability group. Enter the information in the configurable fields as described in the "Configuring High Availability Peers" section. When completed, click Deploy Now to deploy this configuration on the ACE and save your entries to the running-configuration and startup-configuration files.

The HA State field displays FT VLAN Compatible once HA setup has been successfully completed.


Note To display statistics and status information for a particular HA group, choose the group from the ACE HA Groups table and click Details. The show ft group group_id detail CLI command output appears. See the "Displaying High Availability Group Statistics and Status Information" section for details.


Step 10 Once the HA State field in the ACE HA Groups table shows a successful state, the ACE is ready for further configuration as follows:

To set up additional virtual contexts, continue to the Virtual Context Setup task to create and connect an ACE virtual context. See the "Using Virtual Context Setup" section.

To set up an application in an existing virtual context, continue to the Application Setup task to set up load-balancing for an application from an ACE to a group of back-end servers. See the "Using Application Setup" section.


Related Topics

Managing ACE Appliance Licenses

Configuring SNMP for Virtual Contexts

Configuring Port Channel Interfaces

Configuring Gigabit Ethernet Interfaces

Configuring Virtual Context VLAN Interfaces

Configuring High Availability Peers

Using Virtual Context Setup

You can use the Virtual Context Setup task to create and connect an ACE virtual context. Virtual contexts use virtualization to partition your ACE appliance into multiple virtual devices, or contexts. Each context contains its own set of policies, interfaces, resources, and administrators.

Before You Begin

You must be in the Admin context on the ACE to create a new user context.

Procedure


Step 1 Choose Config > Guided Setup > Virtual Context Setup.

The Virtual Context Setup window appears.

Step 2 From the ACE Device drop-down list, choose an ACE.

Step 3 Click Start Setup.

The Resource Classes window appears (Config > Guided Setup > Virtual Context Setup > Resource Classes).

Perform the following tasks to create or modify a resource class:

a. If you want to create a resource class, click Add (+). The New Resource Class configuration window appears. Enter the resource information as described in the "Managing Resource Classes" section.

b. If you want to modify an existing resource, choose the resource class that you want to modify, then click Edit. The Edit Resource Class configuration window appears. Enter the resource information as described in the "Managing Resource Classes" section.

c. Click OK to save your entries and to return to the Resource Classes table.

Make note of the resource class that you want to use because you will need it in Step 5.

Step 4 Click Virtual Context Management under Virtual Context Setup.

The Virtual Context window appears (Config > Guided Setup > Virtual Context Setup > Virtual Context Management).

Perform the following actions to create or modify a virtual context:

a. If you want to create a virtual context, click Add (+). The New Virtual Context window appears. Configure the virtual context as described in the "Configuring Virtual Contexts" section.

b. If you want to modify an existing virtual context, choose the virtual context that you want to modify and click Edit. The Primary Attributes configuration screen appears. Enter the primary attributes for this virtual context as described in the "Configuring Virtual Context Primary Attributes" section.

Step 5 When completed, click Deploy Now to deploy this configuration on the ACE and save your entries to the running-configuration and startup-configuration files. Follow these guidelines when creating or modifying the virtual context:

To connect the virtual context to the available VLANs, specify one or more VLANs in the Allocated VLANs field. You can specify multiple VLAN values and ranges (for example, "10, 14, 70-79").

For virtual contexts configured for an ACE, you must set up all VLANs used in this step as trunk or access VLANs on the port channel or Gigabit Ethernet interfaces. If you did not set up these VLANs during the ACE Hardware Setup task, you can return to the ACE Hardware Setup window to configure the required VLANs. See the "Using ACE Hardware Setup" section.

When specifying the resource class for the virtual context, choose the resource class that you created or specified in Step 3.


Note If you are unsure of the resource class to use for this virtual context, choose default. You can change the resource class setting at a later time.


If HA has been correctly configured for this ACE device, the High Availability checkbox will be checked. If the checkbox is unchecked, check it to instruct DM to automatically configure synchronization for this virtual context.


Note The High Availability checkbox is available only if HA Peering has previously been completed for the ACE hardware.


If you want to set up a separate management VLAN interface for the virtual context, under Management Settings, configure the management interface for this virtual context and create an admin user. Each context also has its own management VLAN that you can access using the DM GUI. In this case, you would assign an independent VLAN and IP address for management traffic to access the virtual context.

Step 6 To edit the load-balancing configuration for a virtual context, continue to the Application Setup task. See the "Using Application Setup" section.

Related Topics

Using ACE Hardware Setup

Using Virtual Contexts

Managing Resource Classes

Creating Virtual Contexts

Configuring Virtual Contexts

Using Application Setup

Using Application Setup

This section includes the following topics on application setup:

ACE Network Topology Overview

Using Application Setup

ACE Network Topology Overview

With respect to ACE configuration, the network topology describes where—which VLAN or subnet—client traffic comes into the ACE and where this traffic is sent to real servers. Network configuration for ACE load balancing depends on the surrounding topology. By specifying to DM the topology that is appropriate for your networking application, DM can present more relevant options and guidance.

The network topology is often determined solely by your existing network; however, the goals for your ACE deployment can also play a role. For example, when ACE acts as a router between clients and servers, it provides a level of protection by effectively hiding the servers from the clients. On the other hand, for a routed topology to work, each of those servers must be configured to route back through the ACE, which can be a significant change to the network routing.

The ACE is also capable of bridging the client and server VLANs, which does not affect server routing. However, it does require the network to have VLANs set up appropriately.

If you are not sure what topology to use, or do not want to make topology decisions immediately, use the "one-armed" topology. The one-armed topology does not typically require any changes to an existing network and can be set up with minimal knowledge of the network. You can then expand your ACE network topology to routed mode or bridged mode to better suit your networking requirements.

Figure 3-1illustrates the one-armed network topology.

Figure 3-1 Example of a One-Armed Network Topology

Figure 3-2 illustrates the routed mode network topology.

Figure 3-2 Example of a Routed Mode Network Topology

Figure 3-3 illustrates the bridged mode network topology.

Figure 3-3 Example of a Bridged Mode Network Topology

Using Application Setup

You use the Application Setup task to set up load balancing for an application.

Procedure


Step 1 Choose Config > Guided Setup > Application Setup.

The Application Setup window appears.

Step 2 From the Select Virtual Context drop-down list, choose an existing ACE virtual context.

Step 3 If your ACE is to use HTTPS when communicating with either the client or with real servers, in the Use HTTPS (SSL) field, choose Yes to specify that the ACE should be set up for secure (SSL) Hypertext Transfer Protocol (HTTP).


Note The HTTPS option does not apply to the ACE NPE software version. The radio button is set to No and cannot be changed. For more information, see the "Information About the ACE No Payload Encryption Software Version" section.


Step 4 Choose the network topology that reflects the relationship of the selected ACE virtual context to the real servers in the network.

Topology choices include one-armed, routed, or bridged. See the "ACE Network Topology Overview" section for background details on networking topology.

Step 5 Click Start Setup.

Step 6 If you selected either the one-armed or routed topology, the VLAN Interfaces window appears (Config > Guided Setup > Application Setup > VLAN Interfaces).

To communicate with the client and real servers, a VLAN interface must be specified for client and server traffic to be sent and received.

Perform the following actions to configure a VLAN interface:

a. Click Add to add a new VLAN interface, or choose an existing VLAN interface and click Edit to modify it.

b. Enter the VLAN interface attributes as described in the "Configuring Virtual Context VLAN Interfaces" section. Click More Settings to access the additional VLAN interface attributes. By default, DM hides the default VLAN interface attributes and the VLAN interface attributes which are not commonly used.


Note After you define the VLAN, write down the VLAN number. You will need this VLAN number in the ACL and virtual server steps (Steps 9 and 11) of this procedure.


c. Click Deploy Now to deploy this configuration on the ACE and save your entries to the running-configuration and startup-configuration files.

d. To display statistics and status information for a VLAN interface, choose the VLAN interface from the VLAN Interface table, then click Details. The show interface vlan, show ipv6 interface vlan, and show ipv6 neighbors CLI commands appear. Click on the command to display its output. See the "Displaying VLAN Interface Statistics and Status Information" section for details.

Step 7 If you selected the bridged topology, the BVI Interfaces window appears (Config > Guided Setup > Application Setup > BVI Interfaces).

Perform the following actions to configure a BVI interface:

a. Click Add to add a new BVI interface, or choose an existing BVI interface, then click Edit to modify it.

b. Enter the BVI interface attributes as described in the "Configuring Virtual Context BVI Interfaces" section.


Note After you define the BVI, write down the client-side VLAN number. You will need this BVI number in the ACL and virtual server steps (Steps 9 and 11) of this procedure.


c. Click Deploy Now to deploy this configuration on the ACE and save your entries to the running-configuration and startup-configuration files.

d. To display statistics and status information for a BVI interface, choose the BVI interface from the BVI Interface table, then click Details. The show interface bvi, show ipv6 interface bvi, and show ipv6 neighbors CLI commands appear. Click on the command to display its output. See the "Displaying BVI Interface Statistics and Status Information" section for details.

Step 8 If you selected the one-armed topology, click NAT Pools under Application Setup.

The NAT Pools window appears (Config > Guided Setup > Application Setup > NAT Pools). To set up a one-armed topology, you need a NAT pool to provide the set of IP addresses that ACE can use as source addresses when sending requests to the real servers.


Note You must configure the NAT pool on the same VLAN interface that you configured in Step 6.


Perform the following actions to create or modify a NAT pool for a VLAN:

a. Click Add to add a new NAT pool entry, or choose an existing NAT pool entry and click Edit to modify it. The NAT Pool configuration window appears.

b. Configure the NAT pool attributes as described in the "Configuring VLAN Interface NAT Pools" section.


Note After you define the NAT pool, write down the NAT pool ID. You will specify the NAT pool ID in the virtual server step (Step 11) of this procedure.


c. Click Deploy Now to deploy this configuration on the ACE and save your entries to the running-configuration and startup-configuration files.

Step 9 Click ACLs under Application Setup.

The ACLs window appears (Config > Guided Setup > Application Setup > ACLs). An ACL applies to one or more VLAN interfaces. Each ACL consists of a list of entries, each of which defines a source, a destination, and whether to permit or deny traffic between those locations.

Perform the following actions to create or modify an ACL:

a. Click Add to add a new ACL entry, or choose an existing ACL entry and click Edit to modify it. The Access List configuration window appears.

b. Add or edit the required fields as described in the "Configuring Security with ACLs" section.

c. Click Deploy to save this configuration.

d. To display statistics and status information for an ACL, choose an ACL from the ACLs table, then click Details. The show access-list access-list detail CLI command output appears. See the "Displaying ACL Information and Statistics" section for details.

Step 10 Click SSL Proxy under Application Setup.

This selection appears only if you specified in Step 3 that the ACE is to use HTTPS when communicating with either the client or with real servers.

The SSL Proxy window appears (Config > Guided Setup > Application Setup > SSL Proxy).


Note To terminate or initiate HTTPS connections with ACE, the virtual context must have at least one SSL proxy service. An SSL proxy contains the certificate and key information needed to terminate HTTPS connections from the client or initiate them to the servers.


Perform the following actions to create or modify an SSL proxy service:

a. To create an SSL proxy service, click SSL Proxy Setup.


Note To edit an existing SSL proxy service, choose it from the SSL Proxy table, and click Edit to modify the SSL proxy service. The SSL Proxy Service configuration window appears. Edit the required fields as described in the "Configuring SSL Proxy Service" section.


b. Add required fields as described in the "Configuring SSL Proxy Service" section.

c. Click Deploy Now to deploy this configuration on the ACE and save your entries to the running-configuration and startup-configuration files.

Step 11 Click Virtual Server under Application Setup.

The Virtual Servers window appears (Config > Guided Setup > Application Setup > Virtual Server). The virtual server defines the load-balancing configuration for an application.

Perform the following actions to create or modify a virtual server:

a. Click Add to add a new virtual server, or choose an existing virtual server, and click Edit to modify it. The Virtual Server configuration window appears with a number of configuration subsets. The subsets that you see depend on whether you use the Basic View or the Advanced View and entries you make in the Properties subset. Change views by using the View object selector at the top of the configuration pane.

b. Add or edit required fields as described in the "Virtual Server Configuration Procedure" section. Table 5-1 identifies and describes virtual server configuration subsets with links to related topics for configuration information.

Virtual servers have many configuration options. At a minimum, you need to configure the following attributes:

Set the VIP, port number (TCP or UDP), and application protocol for your application.


Note If the ACE is to terminate the client HTTPS connections, choose HTTPS as the Application Protocol.


(One-Armed Topology) For VLAN, choose the VLAN from Step 6.

(Routed Topology) For VLAN, choose the client-side VLAN from Step 6.

(Bridged Topology) For VLAN, choose the client-side VLAN from Step 6.

If the ACE is to terminate client HTTPS connections, then under the SSL Termination header, specify the SSL proxy defined in Step 10.

Under the Default L7 Loadbalancing Action, set Primary Action to Loadbalance.

Create a server farm that contains one or more real servers for this application (see Table 5-10 in the "Configuring Virtual Server Layer 7 Load Balancing" section for details on setting server farm attributes).

If the ACE is to initiate HTTPS connections to the real servers, choose the desired SSL proxy for initiation to this application from the menu next to SSL Initiation.

(One-Armed Topology) Under NAT, enter the NAT pool ID from Step 8.

After you set up a base virtual server, you can test it to validate your configuration and isolate any issues in your networking application. You can then add these more advanced load balancing options to your networking application:

Additional real servers to a server farm. See Table 5-10 in the "Configuring Virtual Server Layer 7 Load Balancing" section for details.

Health monitoring probes and attributes for the specific probe type. See Table 5-11 in the "Configuring Virtual Server Layer 7 Load Balancing" section for details.

Stickiness, where client requests for content are to be handled by a sticky group when match conditions are met. See Table 5-13 in the "Configuring Virtual Server Layer 7 Load Balancing" section for details.

Application protocol inspection, where the ACE allows the virtual server to verify protocol behavior and identify unwanted or malicious traffic passing through the ACE. See the "Configuring Virtual Server Protocol Inspection" section for details.

c. Click Deploy Now to deploy this configuration on the ACE and save your entries to the running-configuration and startup-configuration files.

d. To display statistics and status information for an existing virtual server, choose a virtual server from the Virtual Servers table, then click Details. The show service-policy global detail CLI command output appears. See the Viewing All Virtual Servers for details.


Related Topics

Using ACE Hardware Setup

Using Virtual Context Setup

Configuring Virtual Context VLAN Interfaces

Configuring Virtual Context BVI Interfaces

Configuring Virtual Context Static Routes

Configuring Security with ACLs

SSL Setup Sequence