NLB & SSL Sites

TheMSsForum.com: The Microsoft Software Forum

I have 2 servers setup to Network Load Balance 4 SSL sites. NLB is
currently configured for Single affinity so we don't have problems with
users bouncing from one server to another. Here is my question:

We purchased a wildcard SSL certificate that serves all of our web sites
(e.g., *.mysite.com). In a typical installation each SSL site would have
it's own IP address that it is bound to. Now since we have a NLB setup we
can't do this since 2 servers with identical web sites sharing the same IPs
would cause a conflict on the network. I guess my question is - do I need
to add all 4 IP addresses as IPs to the actual Cluster? Then once this
information is propogated down to the servers can I then associate these IPs
to each SSL site?

Thinking in terms of IP addresses / Cluster IP addresses and SSL sites has
got my brain a bit confused.

Brian
Top

Re: NLB & SSL Sites by Tiffany

Tiffany
Tue Nov 18 17:28:05 CST 2003

Hi,

Under ssl each site must have it's own ip.

Normally you would not use the cluster address, but add the required under
your advanced settings tcpip on your network card. Once the machine can see
all the ips you configure your websites. Don't forget to add rules for 443
in the nlbs settings.

Regards
A.

"Brian Patterson" <bdNO_SPAMpatterson@illinoismutual.com> wrote in message
news:#AfwUgSrDHA.2500@TK2MSFTNGP10.phx.gbl...
> I have 2 servers setup to Network Load Balance 4 SSL sites. NLB is
> currently configured for Single affinity so we don't have problems with
> users bouncing from one server to another. Here is my question:
>
> We purchased a wildcard SSL certificate that serves all of our web sites
> (e.g., *.mysite.com). In a typical installation each SSL site would have
> it's own IP address that it is bound to. Now since we have a NLB setup we
> can't do this since 2 servers with identical web sites sharing the same
IPs
> would cause a conflict on the network. I guess my question is - do I need
> to add all 4 IP addresses as IPs to the actual Cluster? Then once this
> information is propogated down to the servers can I then associate these
IPs
> to each SSL site?
>
> Thinking in terms of IP addresses / Cluster IP addresses and SSL sites has
> got my brain a bit confused.
>
> Brian
>
>


Top

Re: NLB & SSL Sites by Brian

Brian
Wed Nov 19 11:24:30 CST 2003

That's about what I figured. Thanks for the response!

"Tiffany" <tiffany.edwards@vodafone.net> wrote in message
news:eW84fuirDHA.1692@TK2MSFTNGP12.phx.gbl...
> Hi,
>
> Under ssl each site must have it's own ip.
>
> Normally you would not use the cluster address, but add the required under
> your advanced settings tcpip on your network card. Once the machine can
see
> all the ips you configure your websites. Don't forget to add rules for 443
> in the nlbs settings.
>
> Regards
> A.
>
> "Brian Patterson" <bdNO_SPAMpatterson@illinoismutual.com> wrote in message
> news:#AfwUgSrDHA.2500@TK2MSFTNGP10.phx.gbl...
> > I have 2 servers setup to Network Load Balance 4 SSL sites. NLB is
> > currently configured for Single affinity so we don't have problems with
> > users bouncing from one server to another. Here is my question:
> >
> > We purchased a wildcard SSL certificate that serves all of our web sites
> > (e.g., *.mysite.com). In a typical installation each SSL site would
have
> > it's own IP address that it is bound to. Now since we have a NLB setup
we
> > can't do this since 2 servers with identical web sites sharing the same
> IPs
> > would cause a conflict on the network. I guess my question is - do I
need
> > to add all 4 IP addresses as IPs to the actual Cluster? Then once this
> > information is propogated down to the servers can I then associate these
> IPs
> > to each SSL site?
> >
> > Thinking in terms of IP addresses / Cluster IP addresses and SSL sites
has
> > got my brain a bit confused.
> >
> > Brian
> >
> >
>
>


Top