Pulse Secure vADC solutions are supported on Google Cloud Platform, with hourly billing options for applications that need to scale on-demand to match varying workloads. A range of Pulse Secure Virtual Traffic Manager (Pulse vTM) editions are available, including options for the Pulse vTM Developer Edition and Pulse Secure Virtual Web Application Firewall (Pulse vWAF), available as both a virtual machine and as a software installation on a Linux virtual machine. This article describes how to quickly create a new Pulse vTM instance through the Google Cloud Launcher. For additional information about the use and configuration of your Pulse vTM instance, see the product documentation available at www.pulsesecure.net/vadc-docs. Launching a Pulse vTM Virtual Machine Instance To launch a new instance of the Pulse vTM virtual machine, use the GCE Cloud Launcher Web site. Type the following URL into your Web browser: https://cloud.google.com/launcher Browse or use the search tool to locate the Pulse Secure package applicable to your requirements, then click the package icon to see the package detail screen. To deploy a new Pulse vTM instance 1. To start the process of deploying a new instance, click Launch on Compute Engine. 2. Type an identifying name for the instance, select the image version, then select the desired geographic zone and machine type. Individual zones might have differing computing resources available and specific access restrictions. Contact your support provider for further details. 3. Ensure the boot disk correspond to your computing resource requirements. Pulse Secure recommends not changing the default disk size as this might affect the performance of your Pulse vTM. 4. By default, GCE creates firewall rules to allow HTTP and HTTPS traffic, and to allow access to the Web-based Pulse vTM Admin UI on TCP port 9090. To instead restrict access to these services, untick the corresponding firewall checkboxes. Note: If you disable access to TCP port 9090, you cannot access the Pulse vTM Admin UI to configure the instance. 5. If you want to use IP Forwarding with this instance, click More and set IP forwarding to "On". 6. Pulse vTM needs access to the Google Cloud Compute API, as indicated in the API Access section. Keep this option enabled to ensure your instance can function correctly. 7. Click Deploy to launch the Pulse vTM instance. The Google Developer Console confirms that your Pulse vTM instance is being deployed. Next Steps After your new instance has been created, you can proceed to configure your Pulse vTM software through its Admin UI. To access the Admin UI for a successfully deployed instance, click Log into the admin panel. When you connect to the Admin UI for the first time, Pulse vTM presents the Initial Configuration wizard . This wizard captures the networking, date/time, and basic system settings needed by your Pulse vTM software to operate normally. For full details of the configuration process, and for instructions on performing various other administrative tasks, see the Cloud Services Installation and Getting Started Guide .
This article describes the installation, configuration, and usage of the vADC Package for VMWare vRealize Orchestrator (vRO).
The package contains a number of workflows which can communicate with both the Brocade VTM, and the Brocade Services Director via REST APIs. The workflows support licensing and registration of newly deployed vTMs, and also pushing configuration to the vTMs themselves (either directly or via the Services Director).
In this release, Pulse Secure Traffic Manager offers increased UDP performance, as well as additional functions to help with IPv6 geolocation and GLB workload. Highlights include:
UDP Performance Improvements - Traffic Manager is now able to take advantage of the Linux kernel socket option SO_REUSEPORT to improve performance when load balancing UDP traffic. In addition, new configuration options are available to customize UDP behavior. See the release notes for more details.
TrafficScript support for IPv6 Geolocation APIs - Traffic Manager now includes both IPv4 and IPv6 geolocation data, and applications can now access both IPv4 and IPv6 geolocation data in TrafficScript with a single call. Previous releases included only the IPv4 data, and required IPv6 data to be loaded separately. Example usage is the same for both IPv4 and IPv6:
$ip = request.getRemoteIP();
$country = geo.getCountry($ip);
Access to TimeZone information - From this release, Traffic Manager has an additional geolocation API function geo.getTimeZone(IP), which uses the built-in geolocation database to return the IANA text format for the timezone corresponding to the given IP. In addition, a new systems function sys.tztime.format(format, timezone, unixtime) can be used to render the time in the current timezone, for example:
$str = sys.tztime.format(format, getTimeZone($ip));
Setting GLB workloads via Monitor Scripts - Traffic Manager uses the TrafficScript function glb.service.getLocationLoad() to inspect the workload at a given location, but this must be set by an external monitor. In this release, Traffic Manager supports a simplified method to set the GLB workload by eating from stdout. In this way, a monitor script can emit a workload via stdout, which will be read directly by Traffic Manager and used for GLB weighting. The monitor script can set the workload by printing the numeric workload value to stdout, such as:
For more information, please refer to the release notes, available on the download portal. A complete set of user documentation is also available on http://pulsesecure.net/vadc-docs including getting started guides, installation, configuration and API reference documentation.
In this release, Pulse Secure Virtual Traffic Manager has more enhancements for closer integration with Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS), including support for simpler session persistence of RADIUS.
In this release, Pulse Secure Virtual Traffic Manager has additional tools to help with intelligent load balancing of Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS). In addition, new global settings for Session Persistence allow for simpler workload management with timeout of unused session entries in the persistence cache table.
Intelligent LB for PCS/PPS - Traffic Manager now supports intelligent load-balancing for Pulse Connect Secure VPN gateways and Pulse Policy Secure network access control. This capability uses a new built-in service discovery plugin to discover PCS/PPS cluster nodes, and can optimize the license usage across cluster nodes by directing new sessions based on available license capacity. Session Persistence Timeouts - Closer control over the persistence cache in Traffic Manager makes it easier to redistribute workload following node reconfiguration or failure, by providing all session persistence entries with an optional lifetime. After an entry expires it is deleted from the persistence cache: a global timeout value can be set for each of the three persistence methods, Source IP, J2EE and Universal persistence. Note that the timeout value is measured since last use, rather than first use: new SNMP monitors are also available to help track session expiry. Long-Term Support release - For customers who prefer longer support cycles to support their operational model, Pulse Secure is identifying Pulse vTM 19.2 as an LTS (Long Term Support) release. As a result, support for Pulse vTM 19.2 will be available for three years after the release date. For more information, please refer to the release notes, available on the download portal. A complete set of user documentation is also available on http://pulsesecure.net/vadc-docs including getting started guides, installation, configuration and API reference documentation.
In this release, Pulse Secure Services Director offers the capability to deploy Application Templates to automate configuration of clusters. In addition, Services Director supports a new secure websockets connection for more robust management of Traffic Manager instances in Kubernetes and NAT-enabled networks.
In this release, Pulse Secure Virtual Traffic Manager adds a new Wizard to speed up deployment of Optimal Gateway Selection for closer integration with Pulse Connect Secure. Other new features add support for Kubernetes Helm Charts, container networking and more.