LoadMaster 8020-FIPS - Load Balancer Appliance - Kemp

Scalable high-performance application delivery

Kemp LoadMaster hardware load balancers offer the scalability, feature depth and security required to enable resilient delivery of a wide range of application workloads for organizations of all sizes and capabilities. LoadMaster simplifies application delivery with easy management via web UI, API and Kemp 360 Central with a compelling TCO and outstanding customer support.

Benefits

Resilient
LoadMaster can enhance application availability and resilience with the option for Highly Available (HA) paring of appliances and geographic server load balancing (GSLB) removing single points of failure in the data center and also across data centers. Application server health checks enable redirection of traffic to healthy servers and the optional Kemp 360 Vision service provides 24/7 proactive support to ensure continuous application availability.

Secure
As the access point for applications, LoadMaster provides authentication and attack mitigation services to prevent malicious and unauthorized access to application resources. The Edge Security Pack (ESP) enables pre-authentication of clients (LDAP, Active Directory, RADIUS, and SAML) while the Web Application Firewall (WAF) offers continuous application level protection through daily rule updates.

Easily Managed
LoadMaster appliances can be managed via the intuitive web UI, via API (PowerShell/RESTful) or via Kemp 360 Central. Application templates simplify deployment and optimization, while the API provides an easy way to automate configuration and management tasks whether through DevOps toolsets or operational frameworks.

Scalable
As application delivery demands grow, LoadMaster can scale by clustering multiple appliances together into a single load balancer entity. As well as scaling to meet increasing capacity requirements, clustering also provides resilience as the failure of a cluster member is gracefully handled with remaining members continuing to provide service.

Low Cost of Ownership
LoadMaster delivers performance and functionality at a compelling price point when measured against the key metrics of SSL transactions per second, application throughput and active connections. Coupled with the low operational overheads delivered by features such as application templates and our world-class customer support services, organizations can achieve significant TCO reductions on application delivery.

Fully Featured
LoadMaster includes a comprehensive set of features to enable deployment of application delivery and interfaces and API to integrate with existing authentication, logging, management, and provisioning systems.

Features

L4-L7 Application Delivery

• Server Load Balancing (SLB) for TCP/UDP based protocols
• TLS (SSL) Offload
• Layer 7 Content Switching
• Transparent caching for HTTP/HTTPS
• Compression of static and dynamic HTTP/HTTPS content
• HTTP/2 Support
• Up to 1000 Virtual and 1000 Real Servers
• NAT-based forwarding
• Support for Direct Server Return (DSR) configurations
• Configurable S-NAT support
• VLAN Trunking (802.1Q)
• Link interface bonding (802.3ad)
• IPv6 support for addressing and features
• IPv6 - IPv4 bidirectional conversion

Health Checking

• Aggregated health checks
• ICMP health checking
• Layer 7 checking against any target server port
• Active/Hot Standby configurations for High Availability
• Stateful Failover
• Scale-out Clustering
• Aggregated health checks

Session Persistence

• Source IP (L4)
• TLS (SSL) SessionID (L4)
• HTTP/HTTPS Browser-session (L7)
• HTTP/HTTPS WebClient-session (L7)
• RDP Login ID (L7)
• Port Following for mixed HTTP/HTTPS sessions
• Session reconnection for Microsoft RDS

Scheduling and Balancing Methods

• SDN Adaptive
• Round Robin
• Weighted Round Robin
• Least Connection
• Weighted Least Connection
• Agent-based Adaptive
• Chained Failover (Fixed Weighting)
• Source-IP Hash
• Layer 7 Content Switching
• Global Server Load Balancing (GSLB)
• AD Group based traffic steering

SSL/TLS Features

• Configurable TLS (1.0, 1.1, 1.2, 1.3) and SSL (2.0, 3.0)
• Support for EV (Extended Validation) certificates
• OCSP certificate validation
• Server Name Identification (SNI) support
• Support for up to 1,000 TLS (SSL) certificates
• Automated TLS (SSL) certificate chaining
• Certificate Signing Request (CSR) generation
• FIPS 140-2 Level 1 (Level 2 on FIPS models)
• STARTTLS mail protocols (POP3, SMTP, IMAP)

Administration

• Change auditing
• Web User Interface (WUI)
• SSH & physical console
• RESTful and PowerShell APIs
• VMware vRealize Orchestrator
• Context-based help (WUI)
• Real-time display of performance and availability
• Application templates
• Remote syslogd support
• Automated configuration backup
• Selective restore of configuration
• Connection draining
• Comprehensive logging and reporting
• SNMP support
• Diagnostic shell with in-line tcpdump

Security

• Permit /Deny Access Control Lists
• IP address filtering
• IPsec Tunnel support
• DDoS mitigation, including L7 rate-based attacks
• IPSec VPN to Azure, AWS and public clouds
• Authenticated NTP

 Kemp 360 Central

• Included with Enterprise and Enterprise Plus Subscriptions
• LoadMaster Configuration Management
• Automated LoadMaster backups
• Centralized & scheduled firmware updates
• LoadMaster logfile consolidation
• Performance Management
• 3rd party load balancer support

Kemp 360 Vision

• Included with Enterprise and Enterprise Plus Subscriptions
• 24/7 Automated issue escalation service
• Proactive issue management
• Integrated with Kemp Support ticketing

Edge Security Pack

• Microsoft TMG replacement
• Pre-Authentication
• Multi-Domain Authentication & SSO
• X.509 client certificate authentication
• Custom login forms
• Two-factor authentication
• SAML, Active Directory, RADIUS & LDAP
• Forms to Forms-based authentication

Intrusion Prevention

• Snort Compatible IPS
• Permit/Deny IP by address
• Automated IP reputation updates for GSLB

Web Application Firewall (WAF)

• Real-time application threat mitigation
• Daily rule updates
• Threats Mitigated
  o Cookie tampering
  o Cross-site request forgery
  o Cross-site scripting
  o Data loss prevention
  o SQL Injection
  o PCI-DSS Section 6.6 compliance

Global Server Load Balancing (GSLB)

Scheduling and Balancing

• Round Robin
• Weighted Round Robin
• Chained Failover (Fixed Weighting)
• Regional
• Real Server Load
• Location-Based

Security

• Blacklist (Access Control List)
• IP reputation filtering with automatic updates
• DDoS mitigation

Health Checking & Failover

• ICMP health checking of server farm machines
• Layer 4 TCP checking
• HTTP/HTTPS health check
• Active/Active High Availability