Pulse Secure vADC

Recent software releases The most recent news on software releases and late-breaking product information         Product Briefs The feature briefs give you a step-by-step review of each feature of Traffic Manager, and the other product briefs deep-dive into implementation, performanance tuning, operations and internals.         Use Cases and Examples Look to use cases and examples to address real-world application delivery challenges, and for inspiration for new ways to use Traffic Manager         Libraries and Add-Ons A collection of extensions and tools to use with Traffic Manager, including API and TrafficScript libraries.         Solution Guides Turn to Solution Guides for tested, validated deployment guides for common packaged applications.         Product Videos See Traffic Manager in action and learn how it is used

Looking to combine advanced load balancing with application delivery features on Amazon Web Services? It's easy to run Stingray™ software on AWS Marketplace using an Amazon account of your choice.   Here are 4 simple steps to help get you going with your Stingray deployment on AWS:   1.  Watch a demo / tutorial video Video: Introduction to Stingray Load Balancing Video: Deploy Stingray in Amazon AWS Cloud   2.  Read the Stingray documentation Stingray Product Documentation (check out the AWS Getting Started Guide)   3.  Join the Stingray discussion forums and ask questions: SteelApp   4.  Learn how to use TrafficScript to control, scale, and secure your application Search for TrafficScript in the Stingray forums  

What is SteelApp?   SteelApp is a software Application Delivery Controller.  It's generally installed as a proxy, in front of groups of web servers, app servers and other networked applications.   Stingray provides the core features of a Load Balancer or Application Delivery Controller, an Application Firewall and Web Content Optimization.  It also provides a rich data-plane programming environment called TrafficScript that lets you control how users interact with your services, letting you visualize, prioritize, rewrite, filter and debug all transactions.   Read more: Check out the key Product Briefs for Stingray Traffic Manager.   Download and Install SteelApp   The quickest way to get started with Stingray is to begin with the Developer Edition.  Grab either the software (Linux or Solaris) or Virtual Appliance (VMware, Xen or OracleVM) installation and follow the instructions in the appropriate Getting Started guide.   If you have a particular project in mind and you would like assistance from Riverbed's technical and sales team, you should register for a full Stingray Evaluation.   Where to next?   Try Getting Started - Load-balancing to a website using Stingray Traffic Manager to begin.   Then you can check out the Stingray Splash Community in more depth: Learn about Stingray Traffic Manager (the Feature Brief: Introduction to the Stingray Architecture is a good place to begin) Browse through the tech tips and solutions Check out the product videos Ask a question or join a discussion Share suggestions and raise feature requests

We have created dedicated installation and configuration guides for each type of deployment option, as part of the complete documentation set for Pulse vTM.

We release major and minor updates to Traffic Manager on a periodic basis, and you are strongly advised to maintain production instances of Traffic Manager on recent releases for support, performance, stability and security reasons. How to Upgrade your Traffic Manager The Traffic Manager user documentation contains a "Getting Started Guide" specific to each type of installation, including section on upgrading to the latest version, depending on the platform type you are running on - refer to Installing and Upgrading your Pulse vADC for more information. Where to find updates   Software and Virtual Appliance updates are posted on the http://my.pulsesecure.net site, and updates are announced on the community pages, such as this article.   The update process is designed to be straightforward and minimizes disruption, although instantaneous downtime is inevitable. The process depends on the form factor of your Traffic Manager device:   Upgrading Traffic Manager Software Upgrading Traffic Manager Virtual Appliance   Am I running software or virtual appliance?   You can easily verify if you're running the software-only install (installed on your Linux/Solaris host) or a Virtual Appliance (running on VMware, Xen or another platform) by checking the header of an admin server page: Software install - identifies itself as "Traffic Manager 4000 VH" Virtual Appliance - identifies itself as "Traffic Manager Virtual Appliance 4000 VH"     Updating Cloud Instances of Traffic Manager   Public Cloud instances of Traffic Manager are provided and supported directly by Pulse - there is a "Cloud Services Getting Started" document in the article. For third-party instances of Traffic Manager, please refer to your cloud provider.   More information   For more detailed information on the installation and upgrade process, please refer to the relevant Getting Started guide in the Product Documentation

You've just downloaded and installed Traffic Manager, and you're wondering "where next?". This article talks through the process of load-balancing traffic to a public website, and explains the potential pitfalls and how to overcome them. We'll look at how to set up a basic load balanced service using the Manage a New Service wizard, then consider four potential problems: Problem Solution When you access the Web site through Traffic Manager, it responds with a 404 Not Found or other error, or redirects you directly to the website You need to correct the Host Header in the request your web browser has sent.  Use a simple Request Rule in Traffic Manager to patch the request up correctly. The web site stops working when you access it through Traffic Manager Traffic Manager is running Ping health checks against the web servers, and these are failing because the public servers won't respond to pings.  Remove the health checks, or replace them with HTTP checks. Links in the web content refer directly to the fully-qualified domain of the website, rather than to the website delivered through Traffic Manager You need to rewrite the web content to correct the fully-qualified links.  Use a response rule in Traffic Manager to make this change. HTTP Location redirects and cookies issued by the website refer to the fully-qualified domain of the website, rather than to the website delivered through Traffic Manager You need to use the connection management settings to transparently rewrite the Location and Set-Cookie headers as appropriate   Basic Load Balancing Let's start with a simple example. Select a target website, such as www.w3.org. Fire up the Manage a New Service wizard: This will pop up a new window to step you through the process of creating a new service. Warning:  If you don't see the pop-up window, your web browser may be configured to prevent popups.  Check and fix this problem.   Step through the wizard.  Create a service named web site, listening on port 80: Specify the servers ("nodes") that will host the website.  In this example, enter www.w3.org, port 80: Note:  If you get an "ERROR: Cannot resolve" message, then most likely your Traffic Manager is not configured with a correct nameserver address, or it cannot route to the outside world.  You'll need to fix these problems before continuing: You can use 8.8.8.8 as the nameserver Ensure that the networking is configured so that the Traffic Manager has external connectivity   Review your settings and commit the result: Note:  If you get a 'Cannot Bind' error when you commit the changes, then another service on the Traffic Manager is listening on port 80. If it's a pre-existing Traffic Manager Virtual Server, you should stop this virtual server It it's another service on the same host (for example, a webserver), you should stop this service Alternatively, select another port (instead of port 80). The wizard will create a virtual server object listening on port 80, and a pool object containing the www.w3.org nodes (or whatever you chose).  The Virtual Server will receive traffic and then pass it on to the pool for load balancing.   Try it out Try it out.  Go to http://your-traffic-manager-ip-address/ with your web browser.  If you are lucky, it will work first time, but most likely, you'll get an error message, or possibly a redirect to http://www.yourwebsite.com/. Problem #1: The Host Header Most webservers host many websites on the same IP address and port.  They determine which website a particular request is destined for by inspecting a parameter in the request called the 'Host Header'. The 'Host Header' is constructed from the URL that you typed in your web browser (for example: http://192.168.35.10/).  This will cause the webbrowser to include the following header in the request:   Host: 192.168.35.10 The web server will reject this request, returning either an error message, 404 Not Found, or a forceful redirect to the correct page. You can use a TrafficScript Rule to change the host header in the request to a value that the web site will recognise.   How to create the TrafficScript Rule Edit the 'web site' virtual server you created and navigate to the 'Rules' page.  In the 'Request Rules' section, click the 'Manage Rules in Catalog' link to create a new rule that is associated with that virtual server: Create a TrafficScript rule called 'w3.org host header':   with the following text http.setHeader( "Host", "www.w3.org" ); and save your changes. Now, Traffic Manager will fix up the host header in every request and the site should render correctly. Problem #2: Health Monitors If your Traffic Manager service works for a short time, then starts returning a "Service Unavailable" error message, you've most likely hit a health monitoring problem. When Traffic Manager creates a new pool, it assigns a 'ping' health monitor to the nodes.  Many public webservers, and websites that are delivered over a CDN, do not respond to 'ping' healthchecks, so this monitor will quickly fail and mark the nodes as unavailable. Edit the 'web site pool' Pool object and locate the Health Monitoring section.  Remove the Ping health monitor: This will clear the error.  You could replace the Ping health check with an HTTP health check (for example) if you wished. Problem #3: Embedded Links As you click round the website that is delivered through Traffic Manager, you may find that you jump off the http://your-traffic-manager-IP-address/ version of the site and start going directly to the http://www.site.com/ URLs. This may happen because the website content contains absolute, fully-qualified links: <a href="http://www.nytimes.com/headlines">Headlines</a> rather than unqualified links: <a href="https://community.brocade.com/headlines">Headlines</a>   Yes, this is a problem if you load-balance to www.nytimes.com for example. You can fix those links up by rewriting the HTML responses from the webservers using a Response Rule in Traffic Manager: $contentType = http.getResponseHeader( "Content-Type" ); if( string.startsWith( $contentType, "text/html" ) ) {   $body = http.getResponseBody(); $body = string.replaceAll( $body, "http://www.nytimes.com/", "/" );   http.setResponseBody( $body ); }   Problem #4: Cookies and Location redirects The origin webserver may issue cookies and Location redirects that reference the fully-qualified domain of the website, rather than the IP address of the Traffic Manager device.  Your web browser will not submit those cookies, and it will jump to the origin website if it follows a Location redirect.   Traffic Manager can automatically patch up these parts of the HTTP response, using the Cookie and Location Header settings in the Connection Management page of your Virtual Server's configuration:   Rewrite domains, paths and other cookie parameters when proxying a website using a different URL Intelligently rewrite location redirects so that users are not hopped on to the origin server Use these settings to address any inconsistencies and problems related to cookies or location redirects. Conclusion These three problems (host header, health monitors, embedded links) can occur when you load-balance public websites; they are a lot less likely to happen in production because there won't be a firewall blocking pings between Traffic Manager and the local webservers, and the DNS for www.site.com will resolve to a traffic IP address on the Traffic Manager so the host header and embedded links will be correct. Watch out for situations where the web server sends HTTP redirects to another domain.  For example, when I tested by load balancing to www.yahoo.com, the website immediately tried to redirect me to www.uk.yahoo.com (I was based in the UK).  You have no control over this behavior by a public website; I configured my Traffic Manager to forward traffic to www.uk.yahoo.com instead. Now that you have a working load-balancing configuration, you can: Check out the Activity Monitors and Connections Reports to observe the traffic that Traffic Manager is managing Start experimenting with some of the examples and use cases from the list in Top Pulse vADC Examples and Use Cases Read some of the Product Briefs for Traffic Manager to understand how it can manage and control traffic  

Welcome to Pulse Secure Application Delivery solutions!  

This video gives a general overview of Load Balancing with Stingray as well as recommendations on what Load Balancing algorithms to use depending on the situation.

Video: Introduction to TrafficScript

In this hands-on technical video, Vinay Reddy, Senior Technical Marketing Engineer at Riverbed Technology, takes you through a step-by-step demo of Stingray Traffic Manager in Amazon AWS Cloud, including: Exploring AWS Marketplace Launching Stingray from the Amazon console Use Amazon console to choose instance types and deployment configuration Open the Stingray admin console and prepare to configure nodes and virtual servers

Top examples of Pulse vADC in action   Examples of how SteelApp can be deployed to address a range of application delivery challenges.   Modifying Content   Simple web page changes - updating a copyright date Adding meta-tags to a website with Traffic Manager Tracking user activity with Google Analytics and Google Analytics revisited Embedding RSS data into web content using Traffic Manager Add a Countdown Timer Using TrafficScript to add a Twitter feed to your web site Embedded Twitter Timeline Embedded Google Maps Watermarking PDF documents with Traffic Manager and Java Extensions Watermarking Images with Traffic Manager and Java Extensions Watermarking web content with Pulse vADC and TrafficScript   Prioritizing Traffic   Evaluating and Prioritizing Traffic with Traffic Manager HowTo: Control Bandwidth Management Detecting and Managing Abusive Referers Using Pulse vADC to Catch Spiders Dynamic rate shaping slow applications Stop hot-linking and bandwidth theft! Slowing down busy users - driving the REST API from TrafficScript   Performance Optimization   Cache your website - just for one second? HowTo: Monitor the response time of slow services HowTo: Use low-bandwidth content during periods of high load   Fixing Application Problems   No more 404 Not Found...? Hiding Application Errors Sending custom error pages   Compliance Problems   Satisfying EU cookie regulations using The cookiesDirective.js and TrafficScript   Security problems   The "Contact Us" attack against mail servers Protecting against Java and PHP floating point bugs Managing DDoS attacks with Traffic Manager Enhanced anti-DDoS using TrafficScript, Event Handlers and iptables How to stop 'login abuse', using TrafficScript Bind9 Exploit in the Wild... Protecting against the range header denial-of-service in Apache HTTPD Checking IP addresses against a DNS blacklist with Traffic Manager Heartbleed: Using TrafficScript to detect TLS heartbeat records TrafficScript rule to protect against "Shellshock" bash vulnerability (CVE-2014-6271) SAML 2.0 Protocol Validation with TrafficScript Disabling SSL v3.0 for SteelApp   Infrastructure   Transparent Load Balancing with Traffic Manager HowTo: Launch a website at 5am Using Stingray Traffic Manager as a Forward Proxy Tunnelling multiple protocols through the same port AutoScaling Docker applications with Traffic Manager Elastic Application Delivery - Demo How to deploy Traffic Manager Cluster in AWS VPC   Other solutions   Building a load-balancing MySQL proxy with TrafficScript Serving Web Content from Traffic Manager using Python and Serving Web Content from Traffic Manager using Java Virtual Hosting FTP services Managing WebSockets traffic with Traffic Manager TrafficScript can Tweet Too Instrument web content with Traffic Manager Antivirus Protection for Web Applications Generating Mandelbrot sets using TrafficScript Content Optimization across Equatorial Boundaries

Pulse Secure vADC solutions are supported on Google Cloud Platform, with hourly billing options for applications that need to scale on-demand to match varying workloads. A range of Pulse Secure Virtual Traffic Manager (Pulse vTM) editions are available, including options for the Pulse vTM Developer Edition and Pulse Secure Virtual Web Application Firewall (Pulse vWAF), available as both a virtual machine and as a software installation on a Linux virtual machine.   This article describes how to quickly create a new Pulse vTM instance through the Google Cloud Launcher. For additional information about the use and configuration of your Pulse vTM instance, see the product documentation available at www.pulsesecure.net/vadc-docs.   Launching a Pulse vTM Virtual Machine Instance   To launch a new instance of the Pulse vTM virtual machine, use the GCE Cloud Launcher Web site. Type the following URL into your Web browser:   https://cloud.google.com/launcher Browse or use the search tool to locate the Pulse Secure package applicable to your requirements, then click the package icon to see the package detail screen.       To deploy a new Pulse vTM instance   1.  To start the process of deploying a new instance, click Launch on Compute Engine.   2.  Type an identifying name for the instance, select the image version, then select the desired geographic zone and machine type. Individual zones might have differing computing resources available and specific access restrictions. Contact your support provider for further details. 3.  Ensure the boot disk correspond to your computing resource requirements. Pulse Secure recommends not changing the default disk size as this might affect the performance of your Pulse vTM.   4.  By default, GCE creates firewall rules to allow HTTP and HTTPS traffic, and to allow access to the Web-based Pulse vTM Admin UI on TCP port 9090. To instead restrict access to these services, untick the corresponding firewall checkboxes.   Note: If you disable access to TCP port 9090, you cannot access the Pulse vTM Admin UI to configure the instance.   5.  If you want to use IP Forwarding with this instance, click More and set IP forwarding to "On".   6.  Pulse vTM needs access to the Google Cloud Compute API, as indicated in the API Access section. Keep this option enabled to ensure your instance can function correctly.   7.  Click Deploy to launch the Pulse vTM instance.   The Google Developer Console confirms that your Pulse vTM instance is being deployed.     Next Steps   After your new instance has been created, you can proceed to configure your Pulse vTM software through its Admin UI.   To access the Admin UI for a successfully deployed instance, click Log into the admin panel.       When you connect to the Admin UI for the first time, Pulse vTM presents the Initial Configuration wizard. This wizard captures the networking, date/time, and basic system settings needed by your Pulse vTM software to operate normally.   For full details of the configuration process, and for instructions on performing various other administrative tasks, see the Cloud Services Installation and Getting Started Guide.

A short document that describes the features and options of Stingray software editions on the AWS Marketplace

Stingray MSM is an integrated management solution that gives a coordinated view of your application delivery fabric, which may span multiple, geographically distributed, data centers and cloud-based environments. As an advanced feature, MSM makes it easier to manage clusters of StingrayTM Traffic Manager deployments, greatly reducing the complexity of multi-site installations. In addition, the integrated global load balancing (GLB) feature allows you to control where traffic is directed throughout the world, based on factors such as geographic location and data center load.