The NSX Advanced Load Balancer supports layer 4 SSL virtual services. Client-facing ports can be configured either for SSL-termination or in-the-clear communication. For SSL termination of HTTP protocol, use HTTP/ HTTPs application profile. Though server side communication can be clear or encrypted, it has to be encrypted if the front-end is clear.
The UI or the CLI can be used when client-facing ports are SSL-terminated. To make client-ports communicate in the clear while server-side ports are SSL-encrypted, the CLI mode must be used.
Client-Facing Ports are SSL-terminated
To apply and tune the client-facing port feature in the NSX Advanced Load Balancer UI:
Navigate to the Virtual Service Basic or Advanced Setup wizards. Select type SSL application.
Click SSL for Application Type. Default value for Port is 443 and can be changed. The required certificate can be self-signed or be one of the other certs visible in the drop-down menu.
As shown in the following figure, the default application profile, System-SSL-Application, appears under the Application tab of Templates. The NSX Advanced Load Balancer automatically associates it with SSL type applications, unless a change is made to the settings of the virtual service.
Edit the settings for the virtual service if the system-standard defaults for the application, that is, TCP/ UDP, and SSL profiles need to be changed. For instance,
To enable the PROXY protocol for your layer 4 SSL VS, or to tune the TCP connection rate limiter settings, use the application profile editor.
You have the option to enable either version 1 or version 2 of the PROXY protocol.
Client-Facing Ports are In-the-Clear
Support for this feature is accessible through the NSX Advanced Load Balancer CLI only.
[admin:Ctrl-01]: virtualservice> services New object being created [admin:Ctrl-01]: virtualservice:services> port 9000 [admin:Abhinav-Ctrl-01]: virtualservice:services> no enable_ssl +--------------------+ | Field | Value | +--------------------+ | port | 9000 | | enable_ssl | False | +--------------------+ [admin:Ctrl-01]: virtualservice:services> save [admin:Ctrl-01]: virtualservice> save
