If you want ACE to simply loadbalance TCP443 (Layer 4 traffic) then you will create rules that Loadbalance based on Layer3/4 (ip & port) information.
If you want ACE to make loadbalancing decisions based on Layer 7 headers (headers,cookies..) then you need to provide ACE with the keys & certs and "offload SSL" on ACE.This way ACE will be able to decrypt the traffic and read the headers & can utilize Layer 7 info for making intelligent decisions.
If you are offloading SSL on ACE then you have two options
1. Offload SSL on ACE, Send cleartext traffic to backend servers and remove certs/Keys from Servers OR
2. (End2End SSL) Offload SSL on ACE, let ACE make the decision, "Encrypt the request again" and Send it to selected servers (servers are expecting encrypted traffic -- certs/keys installed on servers).
option1 is recommended if main objective is to free up resources on Real Servers and simplify Certificate Management (Imagine renewing certs at only ACE vs on N servers serving the app).
option2 is recommended where security is the main focus and data should not be in clear text even in the inside networks.
So if the project decides to go with end to end encrytion, should the ACE be the only device with the cert and cookie.
My confusion is that if the server is currently providing the cert and cookie and if I configure the ACE for end to end load balancing; I can't see the need for two devices having a cert and cookie at the same time.
The unmanaged mode is also known as Network only switching, which is introduced in Brazos release. It adds the flexibility for customer to use only network automation for service appliance.
If a device is configured a...
Usually, we can access ESXi Shell by pressing Alt+F1 from ESXi DCUI (Direct Console User Interface).
But on HyperFlex system, it just shows black window.
This is expected behavior because HyperFlex redirects ESXi Shell output to SoL...
Configuring an Export Policy Using the GUI
This procedure explains how to configure an Export policy using the APIC GUI. Follow these steps to trigger a backup of your data:
On the menu bar, choose Admi...