Forum Discussion
Jamil_Saif
Nimbostratus
NimbostratusPublishing Applications
Greetings,
I want to publish web applications using Microsoft IIS Server (Server Farm) by deploying F5 Big-IP L7 Load Balancer in the perimeter "DMZ" do I still to deploy ARR module or it is enough to have L7 ?
In addition; if a reverse proxy is deployed on the F5 appliance in DMZ, do I still need to place IIS server in DMZ or I can place it in private zone - that is the Corp or back-end zone?
Thanking you
Jamils
The LTM can provide also L7 loadbalancing, I think it would be good to reach out to a partner reselling F5 in your region in oder to clarify what is BIG-IP, what is LTM and WAF and what can do what for you.
https://www.f5.com/partners/find-a-partner
To answer your question regarding the IIS servers - it depends. Probably it's easier to manage those IIS servers when they are member of an AD Domain. Remote Administration, Patch Management, Backup, etc. All of that might be easier. But there is not a strict requirement from the perspective of loadbalancing. For the F5 it doesn't matter whether the server is in AD or not.
- Daniel_Wolf
MVP
Hi Jamil,
You can replace ARR with BIG-IP completly. As far as I remember ARR does loadbalancing, request routing based on request information (URL, header, ...), caching and persistence. All of that can achieved with BIG-IPs LTM module too.
Regarding your architecture question... there is not one correct answer, many deployment scenarios are possible. The one you are aiming for, seperate network segments for DMZ and internal, is possible too.
KR
Daniel
Jamil_SaifHi Daniel,
Thank you very much for your reply.
as far as I know Big-IP LTM provides L3 Load balancing, and I am planning to place a Big-IP L7 load balancer along with WAF, and Reverse Proxy in the DMZ, that is routing to IIS webfarm in the backend.
So, in this case, do I need to join IIS Servers to AD Domain? or just make them workgroup members only?
Thanking you
Jamils
- Daniel_Wolf
The LTM can provide also L7 loadbalancing, I think it would be good to reach out to a partner reselling F5 in your region in oder to clarify what is BIG-IP, what is LTM and WAF and what can do what for you.
https://www.f5.com/partners/find-a-partner
To answer your question regarding the IIS servers - it depends. Probably it's easier to manage those IIS servers when they are member of an AD Domain. Remote Administration, Patch Management, Backup, etc. All of that might be easier. But there is not a strict requirement from the perspective of loadbalancing. For the F5 it doesn't matter whether the server is in AD or not.
