You create an application profile to define the behavior of a particular type of network traffic. After configuring a profile, you associate the profile with a virtual server. The virtual server then processes traffic according to the values specified in the profile. Using profiles enhances your control over managing network traffic, and makes traffic-management tasks easier and more efficient.

1

Log in to the vSphere Web Client.

2

Click Networking & Security and then click NSX Edges.

3

Double-click an NSX Edge.

4

Click Manage and then click the Load Balancer tab.

5

In the left navigation panel, click Application Profiles.

6

Click the Add icon.

7

Type a name for the profile and select the traffic type for which you are creating the profile.

8

Type the URL to which you want to re-direct HTTP traffic. For example, you can direct traffic from http://myweb.com to https://myweb.com.

9

Specify persistence for the profile. Persistence tracks and stores session data, such as the specific pool member that serviced a client request. This ensures that client requests are directed to the same pool member throughout the life of a session or during subsequent sessions.

Cookie persistence inserts a cookie to uniquely identify the session the first time a client accessed the site and then refers to that cookie in subsequent requests to persist the connection to the appropriate server. Type the cookie name and select the mode by which the cookie should be inserted. The following cookie insertion modes are supported:

Insert

NSX Edge sends a cookie. If the server sends one or more cookie, the client will receive one extra cookie (the server cookie(s) + the Edge cookie). If the server does not send any cookie, the client will receive the Edge cookie.

Prefix

This option is selected if your client does not support more than one cookie.

Note

All browsers accept multiple cookies. But you may have a proprietary application using a proprietary client that supports only one cookie. The web servers sends its cookie as usual. NSX Edge injects (as a prefix) its cookie information in the server cookie value. This cookie added information is removed when Edge sends it to the server.

App Sesssion

In this option, the server does not send a cookie; instead, it sends the user session information as a URL. For example, http://mysite.com/admin/UpdateUserServlet;jsessionid=OI24B9ASD7BSSD, where jsessionid is the user session information and is used for the persistence. It is not possible to see the App Session persistence table for troubleshooting.

SOURCEIP persistence tracks sessions based on the source IP address. When a client requests a connection to a virtual server that supports source address affinity persistence, the load balancer checks to see if that client previously connected, and if so, returns the client to the same pool member.

Microsoft Remote Desktop Protocol (MSRDP) persistence maintains persistent sessions between Windows clients and servers that are running the Microsoft Remote Desktop Protocol (RDP) service. The recommended scenario for enabling MSRDP persistence is to create a load balancing pool that consists of members running Windows Server 2003 or Windows Server 2008, where all members belong to a Windows cluster and participate in a Windows session directory.

Traffic Type

Persistence Method Supported

TCP

SOURCEIP, MSRDP

HTTP

Cookie, SOURCEIP

HTTPS

Cookie, ssl_session_id (SSL Passthrough enabled) , SOURCEIP

UDP

SOURCEIP

10

If you are creating a profile for HTTPS traffic, complete the steps below. The following HTTPS traffic pattern are allowed.

Client -> HTTPS -> LB (terminate SSL) -> HTTP -> servers

Client -> HTTPS -> LB (terminate SSL) -> HTTPS -> servers

Client -> HTTPS-> LB (SSL passthrough) -> HTTPS -> servers

Client -> HTTP-> LB -> HTTP -> servers

a

Select Insert X-Forwarded-For HTTP header for identifying the originating IP address of a client connecting to a web server through the load balancer.

b

Select the certificate/CAs/CRLs used to decrypt HTTPS traffic in Virtual Server Certificates.

c

Define the certificate/CAs/CRLs used to authenticate the load balancer from the server side in Pool Certificates.

11

In Cipher, select the cipher algorithms (or cipher suite) negotiated during the SSL/TLS handshake.

12

Specify whether client authentication is to be ignored or required. If set to required, the client must provide a certificate after the request or the handshake is aborted.

13

Click OK.