Set up a highly available firewall and load balancer in the IBM cloud

Implementing security, load balancing, high availability, and anti-collocation rules in a virtual infrastructure

When to use high availability and load balancing in the cloud

In this article, we look at the most common use cases for setting up an environment with high availability (HA) and load balancing:

Load balancing enables you to spread your workload across multiple instances, increasing throughput and achieving redundancy.

Use case: Load balancing across two WEB servers running Apache HTTP Server or IBM HTTP server. You can use your own WEB server to perform load balancing and caching of data from the application server. Note: You can perform load balancing not only on HTTP, but also on other services.

High availability technology ensures that your infrastructure remains in operation even if an element becomes unavailable.

Use case: Configure the Virtual Router Redundancy Protocol (VRRP) on the firewall instance. If one of the instances fails, your infrastructure continues to run.

Anti-collocation is an IBM smartcloud Enterprise feature that allows you to configure two instances on two different physical hosts.

Use case: Make sure that each member in the HA group is configured on a different virtual Machine Manager (physical host).

Set up

Let's pause for a moment and take a look at the symbols and conventions used in this article, as well as some considerations for setting up the environment.

Commands executed as root on the system are prefixed with root@host#.

Use the user@host# sudo as root on the system to prefix with the sudo execution command.

A command executed on the system as a general user uses user@host $ as the prefix.

The command output uses a newline character to separate from the command and indents a tab to the right (as shown in the following example):

Note: We deliberately set the code block in this article to prevent pasting of the complete code section. This code can only be used as a guide, and you need to adjust for factors such as your environment, ID, scope, and so on.

root@host# 1st command-to be run as root

root@host# 2nd command-to be run as root (previous command has no output)

Output from 2nd command

user@host$ 3rd command-to be run as user

Output from 3rd command

Use sudo to run commands that require elevated privileges (or use sudo-s). Do not use sudo bash because this command retains idcuser environment settings, such as sudo yum install Rpmdevtools rpm-devel rpm-build.

Scenarios and schemas

Figure 1 shows the underlying architecture in this article.

Figure 1. Infrastructure diagram

Primary and backup firewall/load Balancer instance

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/Servers/cloud-computing/