Free Load Balancer

Kemp

Using a Free Load Balancer

The KEMP Free LoadMaster provides the same breadth of application support as our commercial solutions and is fully capable of load balancing Microsoft workloads such as Exchange, Lync and Sharepoint, as well as most any web applications. The Free LoadMaster includes all the features you would expect in a load balancer, along with additional features such as the Edge Security Pack (ESP), which offers Microsoft Forefront Threat Management Gateway (TMG) replacement features, and the Application Firewall Pack (AFP), which enables web application firewall (WAF) capabilities.

The comprehensive features included allow the Free LoadMaster to be deployed for securely publishing web applications with TLS (SSL) offload, WAF, IDS and edge security. The SSL proxy capability of the Free LoadMaster provides the flexibility to proxy any web application, including those that require custom proxy ports and SSL re-encryption.

Free LoadMaster Use Cases

Development, Test and Pre-Production Environments
For existing LoadMaster customers, Free LoadMaster enables them to align load balancing services development, test, pre-production and live environments without incurring any additional cost. A zero-cost load balancer can be used at all stages of service development and testing to minimize risks when services are delivered on a production environment.

Even if you are not an existing LoadMaster customer, a free load balancer can simplify development and test environments by using header inspection rather than host file or DNS manipulation to select the appropriate services.

Replacement of Open Source Load Balancers
Open source load balancers provide great flexibility in terms of customization to integrate with application delivery environments. However, this flexibility introduces complexity and risk as the local customization will need to be thoroughly tested with each update and requires an advanced skillset to maintain.

The Free LoadMaster removes this risk and complexity, as it is subjected to the same extensive automated test processes as our paid products and has templates to simplify deployment in even the most complex of environments.

HA and DR for Active Directory Federation Services (ADFS)
As authentication services such as active directory (AD) extend beyond the corporate data centre to cloud services such as Azure and Office 365, there is need to add resilience in these services. Core to any business continuity plan is the ability to rapidly recover in the event of a service outage with minimal impact on service users. As authentication is a fundamental building block for application access, services such as Active Directory (AD) need to survive and recover rapidly from outages.

With ADFS (Active Directory Federation Services), Free LoadMaster can use GSLB (Geographic Server Load Balancing) for cross site resilience and local load balancing to provide individual server resilience. Free LoadMaster can provide a load balanced ADFS service that incorporates in-house ADFS deployment with ADFS in a cloud service (such as Azure, Amazon Web Services or vCloud Air). In the event of a site outage, authentication services continue to be available from the remaining site so that federated services such as Office 365 continue to operate without interruption.

PCI (Payment Card Industry) Validation
Organizations that process credit card details are required to comply with the Payments Card Industry (PCI) standards. The process and requirements vary, but even the most basic PCI Self-Assessment Questionnaire (SAQ) identifies a requirement in section 6.6 to assess vulnerabilities on an ongoing basis at least annually and after any changes. This is an extremely onerous requirement if the application code has to be reviewed for vulnerabilities.

Thankfully, the PCI Security Standards Council permit the use of a WEB application firewall as an alternative to manual verification or using automated tools for PCI compliance assessment. Free LoadMaster includes a web application firewall engine that can be configured with custom rules to meet the requirements of the PCI SAQ.

Windows Network Load Balancing (WNLB) replacement
While Windows Network Load Balancing is included with Windows server platforms, it is a Layer 4 load balancer and as such has no awareness of application or server health and can only use the source IP address as a session identifier. The lack of awareness of application and server status can lead to traffic being forwarded to a server that is overloaded or a server where the application is not available to service requests. Using a free load balancer to replace WNLB not only provides the server and application status awareness for smarter load balancing, but also removes the overhead of WNLB from application servers and WNLB unicast broadcasts from the network.