Load Balancers

Infrastructure > Load Balancers

Overview

Morpheus can provision VM or Container HaProxy Load Balancers, Amazon Elastic and Application Load Balancers, Azure Load Balancers, and integrates with several external Load Balancers, including F5, A10, Citrix, and AVI.

Once created or integrated, Load Balancers are available as an option to be added during provision time or post-provisioning.

Once a Load Balancer is added to an instance, you can manually scale or configure auto-scaling based on thresholds or schedules, and burst across clouds with cloud priority.

In the Load Balancers page there are two sections:

Load Balancers

View or edit existing Load Balancers, add new Load Balancers.

Virtual Servers

View and link to Instances that are attached to load balancers.

Group and Tenant Access

Load balancers can be configured to provide specific Group and Tenant access, if desired. Group Access controls which Groups at provision time will have access to the load balancer resource. Only workloads being provisioned to the selected Groups would have visibility to the load balancer. Workloads provisioned to other Groups would not see the load balancer as an available selection. Tenant Permissions control which Tenants may see the load balancer. Public visibility allows access to the load balancer for users in all Tenants (subject to additional RBAC controls) while Private visibility allows access only for selected Tenants. Select all that may apply.

Load Balancers

The Load Balancers tab list currently available Load Balancers, which you can select, edit or delete, and is where you can create new or integrate with external Load Balancers.

Add a new Load Balancer

Select + LOAD BALANCER, chose an option, and fill in the required information:

A10 (aXAPI v3)
  • API Host

  • API Port

  • Username

  • Password

  • Internal IP

  • Public IP

  • VIP Address

  • VIP Port

Amazon ALB
  • Scheme

  • Internal

  • Internet-Facing

  • Amazon Subnets (Select + to add additional) * Specify the subnets to enable for your load balancer. You can specify only one subnet per Availability Zone. You must specify subnets from at least two Availability Zones to increase the availability of your load balancer.

  • Amazon Security Groups (Select + to add additional)

AVI
  • API Host

  • API Port

  • Username

  • Password

  • Internal IP

  • Public IP

  • VIP Address

  • VIP Port

Azure Load Balancer
  • Cloud

  • Resource Group * Populated from cloud selection

Citrix NetScaler
  • API Host

  • API Port

  • Username

  • Password

F5 BigIP (v11.4+)
  • API Host

  • API Port

  • Username

  • Password

  • Management URL

FortiADC
  • API HOST

  • API PORT

  • USERNAME

  • PASSWORD

  • INTERFACE (synced on auth)

HaProxy Container (Internal, will create a HaProxy container, must have available docker host to provision to)
  • Group

  • Cloud

  • Name

  • Description

  • Plan * Select the size of HaProxy container to be provisioned

NSX-T Load Balancer
  • NSX-T

  • Name

  • Description

  • Enabled

  • Admin State

  • Size

  • Tier-1 Gateways

  • Log Level

Upon saving your new Load Balancer will be added to the Load Balancers list and available in the Load Balancer dropdown in the Provisioning Wizard Automation Section for Instance Types that have scaling enabled.

Load Balancer Detail Pages

In the main Load Balancer page, select an existing Load Balancer to go to that Load Balancers Details Page, which lists Stats, Settings, Actions and Virtual Servers for that load balancer.

Orchestrating Load Balancers

A large part of application orchestration and automation involves tying various web services and backend services into different load balancer configurations. If the automation tool is unable to communicate or integrate with this aspect of your infrastructure, a lot of gaps will be created in the full orchestrated flow of application deployment. This is why Morpheus provides deep integration with load balancers and explicit definitions with catalog items as to how they are connected to provisioned instances. Some of the functionality includes:

  • Public Cloud Load Balancer Support

  • Private Cloud Load Balancer Support

  • Port Type definitions (Profiles like HTTP/HTTPS or UDP)

  • SSL Certificate Management and SSL Certificate Upload

  • SSL Passthrough or Forced Redirect

Not only does Morpheus have an ability to provision HAProxy based load balancer containers for easy consumption in development environments, but also has direct tie ins with several Load Balancer Types:

  • F5 BigIP

  • A10

  • Netscaler

  • NSX Advanced Load Balancer

  • Amazon ELB

  • Amazon ALB

  • Azure Load Balancer

  • Fortinet

  • Openstack Octavia

  • HA Proxy

  • NSX-T

Morpheus exposes configuration options during provisioning of an Instance relevant and common to each supported LB Integration. In some cases, Morpheus also provides direct management and sync support for VIP configurations on the various Load Balancers (such as F5, and NSX Advanced Load Balancer), However in a day to day orchestrated workflow this would not be the ideal means by which a user should consume load balancer services.

By tying the Load Balancer associations into the provisioning of instances and the definition of the instance catalog item, the lifecycle of the VIP can more easily be maintained throughout the lifecycle of whatever application may be deployed.

Setting up an Instance for Load Balancer Consumption

Several of the provided Morpheus instance types are ready to go with load balancer orchestration out of the box (Apache, Nginx, Tomcat, Node.js, etc). It is also fairly easy to extend existing generic instance types during provisioning to be tied to load balancers or to set up said catalog items in advanced for such functionality.

When creating a custom Instance Type (in Library), one can define a list of exposed ports that the node type within the instance exposes. When defining these exposed ports it prompts for a Name, Port Number, and LB Type. The LB Type is what enables load-balancer functionality. This can either be HTTP,HTTPS, or TCP. This specification helps build the correct profile for the VIP as well as setup the appropriate types of Health Monitors within the target load balancer integration.

Now, when a user consumes this custom instance type (either through single instance provisioning or full application blueprint provisioning), a section appears in the Automation phase of provisioning. Each port that is defined that exposes a load-balancer gets a dropdown to choose which load balancer integration attach to the exposed port and various prompts become available.

These prompts control features ranging from target VIP Address to selecting an SSL Certificate to be applied to the VIP. These SSL Certificates will even go so far as to create SSL Profiles in integrations for things like an F5 automatically for the application. There are also external integrations for SSL Certificate management with Venafi which allows for the consumption of certificates managed by that external system.

Once the instance is provisioned, as part of the final phase, the load balancer configuration will be applied and maintained on the instance. This association can be manipulated after the fact via the “Scale” tab found on the Instance Detail page.

Another benefit to associating load-balancers this way is that the pool members are automatically maintained during scaling events, either via auto-scaling thresholds or manual node additions / removals.

F5 Load Balancers

Add F5 Load Balancer

To add a F5 Load Balancer Integration:

  1. Navigate to Infrastructure > Load Balancers

  2. Select + ADD

  3. Select F5 BigIP

  4. Fill in the following:

    GROUP

    Select the Group the Load Balancer will be available for

    CLOUD

    Select the Cloud the Load Balancer will be available for

    NAME

    Name of the Load Balancer in Morpheus

    DESCRIPTION

    Identifying information displayed on the Load Balancer list page.

    VISIBILITY

    Define Multi-Tenant permissions

    API HOST

    IP or resolvable hostname url.

    API PORT

    Typically 8443

    USERNAME

    API user

    PASSWORD

    API user password

    MANAGEMENT URL

    Example: https://10.30.20.31:8443/xui/

    Advanced Options (optional)
    • VIRTUAL NAME

    • POOL NAME

    • SERVER NAME

  5. Save Changes

Important

The F5 API handles SSL certificate installation by downloading the certificate from a URL the user provides. Morpheus provides the “Appliance URL” configured in global settings (Administration > Settings > Appliance) to satisfy that requirement. Make sure you have configured a valid URL in this field and that F5 can reach it.

Virtual Servers

Instances attached to an F5 will be listed in the Virtual servers tab. Virtual servers can also be manually added in this section.

Add Virtual Server

  1. Navigate to Infrastructure > Load Balancers

  2. Select F5 Integration name to drill into the detail page

  3. Select + ADD in the VIRTUAL SERVERS tab

  4. Fill in the following:

    • NAME

      Name of the Virtual Server in Morpheus

    • DESCRIPTION

      Description of the Virtual Server in Morpheus

    • Enabled

      Uncheck to keep the configuration but disable F5 availability in Morpheus

    • VIP TYPE
      • Standard

      • Forwarding (Layer 2)

      • Forwarding (IP)

      • Performance (HTTP)

      • Performance (Layer 4)

      • Stateless

      • Reject

      • DHCP

      • Internal

      • Message Routing

    • VIP HOSTNAME

      Enter Hostname of the VIP (optional)

    • VIP ADDRESS

      Enter IP address for the VIP

    • VIP PORT

      Enter post used for the VIP

    • SOURCE ADDRESS

      Enter Virtual Server source address

    • PROTOCOL

      tcp, udp, or sctp

    • PROFILES

      Search for and select from available PROFILES

    • POLICIES

      Search for and select from available POLICIES

    • IRULES

      Search for and select from available RUEL SCRIPTS

    • PERSISTENCE
      • cookie

      • dest-addr

      • global-settings

      • hash

      • msrdp

      • sip

      • source-addr

      • ssl

      • universal

    • DEFAULT POOL

      Select from available POOLS

  5. Select SAVE CHANGES

Policies

Policies will be synced and listed in the Policies tab. These policies will be available options when creating Virtual Servers.

Pools

Create Pool

NAME

Name of the POOL in Morpheus

DESCRIPTION

Description of the POOL in Morpheus

BALANCE MODE
  • Round Robin

  • Least Connections

SERVICE PORT

Specify SERVICE PORT for the POOL

MEMBERS

Search for and select from available NODES

MONITORS

Search for and select from available Monitors

Profiles

SSL Profiles are synced and and will be created when an SSL Certificate is assigned in the Load balancer section when provisioning or editing a Load balancer on an Instance.

Monitors

Create Monitor

NAME

Name of the MONITOR in Morpheus

DESCRIPTION

Description of the MONITOR in Morpheus

PARENT MONITOR

Select from available MONITORS

DESTINATION

Specify Destination, such a *:443. Default is *:*

INTERVAL

Specify Monitor Interval. Default is 5

TIMEOUT

Specify Monitor Timeout. Default is 15

MONITOR CONFIG

Enter monitor config.

Nodes

Create Node

NAME

Name of the NODE in Morpheus

DESCRIPTION

Description of the NODE in Morpheus

ADDRESS

Enter node address

MONITOR

Select from available MONITORS

SERVICE PORT

Specify SERVICE PORT for the NODE

Rule Scripts

Rule Scripts will be synced and listed in the RULE SCRIPTS tab. These rules will be available options when creating Virtual Servers.

Citrix NetScaler

../../_images/netScaler-logo.png

Add NetScaler Integration

To add a NetScaler Load Balancer Integration:

  1. Navigate to Infrastructure > Load Balancers

  2. Select + ADD

  3. Select Citrix NetScaler

  4. Fill in the following:

    GROUP *

    Select the Group the Load Balancer will be available for.

    CLOUD *

    Select the Cloud the Load Balancer will be available for.

    NAME *

    Name of the Load Balancer in Morpheus.

    DESCRIPTION

    Identifying information displayed on the Load Balancer list page.

    VISIBILITY
    Define Tenant Visibility
    • Public: Available to all Tenants.

    • Private: Only available to specified Tenant.

    Tenant

    If Visibility is set to private, define the Tenant the Load Balancer will be available in.

    API URL *
    URL of the NetScaler API
    API PORT *
    NetScaler API port
    • Example: 80

    USERNAME *

    NetScaler service account username

    PASSWORD *

    NetScaler service account password

    VIRTUAL NAME
    Naming Pattern for new NetScaler Virtual Servers
    • If blank, defaults to morph_lb_${loadBalancer.id}

    SERVICE NAME
    Naming Pattern for new NetScaler Services
    • If blank, defaults to morph_service_${container.id}

    SERVER NAME
    Naming Pattern for new NetScaler Servers
    • If blank, defaults to morph_server_${server.id}

Add Load Balancer to Instance

Load Balancers can be added to Instances during Provisioning or to existing Instances. For Load Balancer settings to appear during provisioning, or for the scale tab to be available on an Instance, the instances Node Type must have a LB port defined.

Note

For Load Balancer settings to appear during provisioning, or for the scale tab to be available on an Instance, the instances Node Type must have a LB port defined.

Add Load Balancer during Provisioning

In the Instance Provisioning wizard, Load Balancers can be configured in the Automation > Load Balancer section.

  1. Navigate to Provisioning > Instances.

  2. Select + ADD.

  3. Select an Instance Type that supports scaling. (ENABLE SCALING (HORIZONTAL) flagged on Instance Type configuration)

  4. Proceed with Instance configuration to the Automation section.

  5. Fill in the following:

    VIP ADDRESS
    Define IP Address for the Virtual Server
    • Example: 10.30.23.191

    VIP PORT
    Define port for the Virtual Server
    • Example: 80

    VIP HOSTNAME
    Define hostname that will resolve to the VIP IP.
    • Example: jwDemoHaApp59.den.example.com

    VIRTUAL SERVICE NAME

    Define name for the Virtual Service. Defaults to ${instance.name}

    BALANCE MODE
    Specify balance mode for the VIP
    • Least Connections

    • Round Robin

    STICKY MODE
    Specify sticky session options for the VIP
    • Source IP

    • Cookie

    SHARED VIP ADDRESS

    Select if VIP is shared, then enter DIRECT VIP ADDRESS

    SSL CERT
    SSL Certificate that will be applied to the VIP.
    • No SSL

    • Select existing Certificate from Infrastructure > Keys & Certs or from a Trust Provider Integration.

    USE EXTERNAL ADDRESS FOR BACKEND NODES
    • Select if traffic from LB to Backend Nodes needs to be sent to the External Addresses, or leave deselected to use Internal Addresses for Backed Nodes.

  6. Optionally configure auto-scaling configuration in the Scale section

  7. Select NEXT and provision the Instance.

After all nodes in the Instance are provisioned, the LB configuration will be added to the Instance and Virtual Servers, Services and Servers will be created and configured on the NetScaler. The Load Balancer settings and status will be visible in the Instance details page LOAD BALANCER section, with additional details, links, and configurations options available in the SCALE tab.