cancel
Showing results for 
Search instead for 
Did you mean: 

Publishing Applications

Jamil_Saif
Nimbostratus
Nimbostratus

Greetings,

 

I want to publish web applications using Microsoft IIS Server (Server Farm) by deploying F5 Big-IP L7 Load Balancer in the perimeter "DMZ" do I still to deploy ARR module or it is enough to have L7 ?

In addition; if a reverse proxy is deployed on the F5 appliance in DMZ, do I still need to place IIS server in DMZ or I can place it in private zone - that is the Corp or back-end zone?

 

Thanking you

 

Jamils

1 ACCEPTED SOLUTION

The LTM can provide also L7 loadbalancing, I think it would be good to reach out to a partner reselling F5 in your region in oder to clarify what is BIG-IP, what is LTM and WAF and what can do what for you.

https://www.f5.com/partners/find-a-partner

 

To answer your question regarding the IIS servers - it depends. Probably it's easier to manage those IIS servers when they are member of an AD Domain. Remote Administration, Patch Management, Backup, etc. All of that might be easier. But there is not a strict requirement from the perspective of loadbalancing. For the F5 it doesn't matter whether the server is in AD or not.

View solution in original post

5 REPLIES 5

Hi Jamil,

 

You can replace ARR with BIG-IP completly. As far as I remember ARR does loadbalancing, request routing based on request information (URL, header, ...), caching and persistence. All of that can achieved with BIG-IPs LTM module too.

Regarding your architecture question... there is not one correct answer, many deployment scenarios are possible. The one you are aiming for, seperate network segments for DMZ and internal, is possible too.

 

KR

Daniel

Hi Daniel,

 

Thank you very much for your reply.

as far as I know Big-IP LTM provides L3 Load balancing, and I am planning to place a Big-IP L7 load balancer along with WAF, and Reverse Proxy in the DMZ, that is routing to IIS webfarm in the backend.

So, in this case, do I need to join IIS Servers to AD Domain? or just make them workgroup members only?

 

Thanking you

Jamils

The LTM can provide also L7 loadbalancing, I think it would be good to reach out to a partner reselling F5 in your region in oder to clarify what is BIG-IP, what is LTM and WAF and what can do what for you.

https://www.f5.com/partners/find-a-partner

 

To answer your question regarding the IIS servers - it depends. Probably it's easier to manage those IIS servers when they are member of an AD Domain. Remote Administration, Patch Management, Backup, etc. All of that might be easier. But there is not a strict requirement from the perspective of loadbalancing. For the F5 it doesn't matter whether the server is in AD or not.

The best answer to my question ever,

I am really thankful to you Daniel... many many thanks

Not applicable

 - thanks for being on top of that spammer - and  sorry about that misdirection BUT...thank you for marking Daniel's answer as best. That really helps.

 

I mopped up the spammer this morning - and I'll edit your comments lightly to streamline this Q&A for the future. Cheers.