Install & Update from rel. 9.1.0 to rel. 9.9.X

Back

In the presence of Internet connectivity you can install or update with automatic download of packages through the procedure “Install or update VIRTUAL APPLIANCE FROM Internet (ALL IN 1 STEP)”

Backup

Before any other thing make sure with a backup possible restoration of the previous situation.

INSTALL OR UPDATE VIRTUAL APPLIANCE FROM INTERNET (ALL IN 1 STEP)

In the presence of the Internet, you can install a VAPP using the procedure described below, starting from an installation of Linux distribution with CentOS 7 or higher or Ubuntu 16.04 or higher.

NB: To perform this procedure you must have a login and password to access to the reserved area download.oplon.net.

  • Log in as¬†root¬†in the Linux operating system
  • Go to the directory /
  • Run¬†# mkdir /share . The directory share will also be used for subsequent updates
  • Execute chmod 777 /share
  • Make sure you have internet connection necessary to the installation program to download the packages needed
  • Position in the¬†directory /share# cd /share
  • Run the following command to download the installation script¬†automatic:# wget --no-cache - no "https://www.oplon.net/LBL_INSTALL_LASTUPDATE.sh"


To execute the command you just downloaded type as below and answer the questions:# bash LBL_INSTALL_LASTUPDATE.sh

INSTALL VIRTUAL APPLIANCE (ALL IN 1 STEP)

LBL VAPP installation is possible using the procedure described below, starting from an installation of an operating system Linux distribution with CentOS 7 or higher or Ubuntu 16.04 or higher.

  • Log in as¬†root¬†in the Linux operating system
  • Go to the directory /
  • Execute #¬†mkdir¬†/shareThe directory share will also be used for subsequent updates
  • Execute¬†chmod¬†777 /share
  • Make sure that you have internet connection needed to download the packages
  • Position the following packages in the virtual appliance¬†directory /share:
    • Jdk-8U144-linux-x64.tar.gz
    • The jce_policy-8.zip
    • LBLLoadBalancer_aai_009_00X_00x.zip
    • LBLLoadBalancer_datawarehouse_009_00X_00x.zip
    • LBLManagementConsole_aai_009_00X_00x.zip
    • LBLSetup_aai_009_00X_00x.zip
    • LBL_INSTALL_UPDATE_FROM_009001000_TO_00900x00x.sh
  • From root¬†user go to in the directory /share and run ($ sudo ‚Äďi):

# bash LBL_INSTALL_UPDATE_FROM_009001000_TO_00900x00x.sh

A) If present the file jce_policy-8.zip, the updater will ask you to confirm the installation JCE Stength Unlimited jurisdiction.

B) If present Internet connection, the program will ask whether to perform the update of the kernel

(Note: In the case of installation must be present the Internet and you must confirm)

C) The system detects if there are templates of the ADC module. If there is no will ask if you want to proceed with the installation of the template, if existing are the system will ask if you want to replace with the new template. In any case, if existing and you decide to replace them with the new program update will save in a tar.gz the previous version of the template.



D) at the end of the update and set the IP address  of the management, login and password of the root user and user of delegation. Exit from the graphical interface (logout) and fall to regain the full use of the start of the tools through icons.

E) After LBL GDG will be started and is ready to be configured.

WARNING:

This is the only steps needed to create a virtual appliance

UPDATE VIRTUAL APPLIANCE (ALL IN 1 STEP)

  • Position the following packages in the virtual appliance¬†directory /share:
    • Jdk-8U144-linux-x64.tar.gz
    • The jce_policy-8.zip
    • LBLLoadBalancer_aai_009_00X_00x.zip
    • LBLLoadBalancer_datawarehouse_009_00X_00x.zip
    • LBLManagementConsole_aai_009_00X_00x.zip
    • LBLSetup_aai_009_00X_00x.zip
    • LBL_INSTALL_UPDATE_FROM_009001000_TO_00900x00x.sh
  • From root¬†user go to in the directory /share and run ($ sudo ‚Äďi):

# bash LBL_INSTALL_UPDATE_FROM_009001000_TO_00900x00x.sh

A) the update system will prompt you to perform a backup before proceeding with the update.

B) if present the file jce_policy-8.zip, the updater will ask you to confirm the installation JCE Stength Unlimited jurisdiction.

C) If the present Internet, the program will ask whether to perform the update of the kernel

D) The system detects if there are templates  of the ADC module. If there is no will ask if you want to proceed with the installation of the template, if existing are the system will ask if you want to replace with the new template. In any case, if existing and you decide to replace them with the new program update will save in a tar.gz the previous version of the template.

At the end of the updating exit from the graphical interface (logout) and fall to regain the full use of the start of the tools through icons.

WARNING:

THIS IS THE ONLY STEP NECESSARY FOR VIRTUAL APPLIANCE

CHECK SSL NOTES AND INTERCEPTORS

WARNING:

The template rewrite classes are overwritten. If it has been modified and not renamed, it is advisable to pay attention to it and to the future following the update.

TLS PERFECT FORWARD SECRECY

LBL S.A.A.I. implements the most recent directives of security and for this reason the following SSL protocols are disabled by default with the new release.

It is however possible to reactivate SSL protocols deprecated to permit the operation of some applications that it should do still use.

To modify the choice of protocols the default SSL is sufficient to insert in ADCs>Edit the following values:

These settings can also be changed for individual group, domain or endpoint.

Also the CipherSuite fall into this issue. In order not to lock the possible use of CipherSuite by applications that are not yet adequate to the maximum safety, you chose in this step of extending the use of CipherSuite enabled by default from Java 1.6.0_144.

If you want to apply the maximum security currently available is sufficient to perform these operations:

  1. Install JSSE extension (NB: Check if the country is enabled in the list of countries that may use this encryption level from the Oracle site)
  2. Set SSL protocols: TLSv1 TLSv1.1 TLSv1.2
  3.  SSL setting cipherSuites :
    CipherSuitesListeners= TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_SHA256 TLS_ECDHE_RSA_WITH_AES_128_SHA TLS_ECDHE_ECDSA_WITH_AES_128_SHA TLS_ECDHE_RSA_WITH_AES_256_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_SHA384 TLS_ECDHE_RSA_WITH_AES_256_SHA TLS_ECDHE_ECDSA_WITH_AES_256_SHA TLS_DHE_RSA_WITH_AES_128_SHA256 TLS_DHE_RSA_WITH_AES_128_SHA TLS_DHE_DSS_WITH_AES_128_SHA256 TLS_DHE_RSA_WITH_AES_256_SHA256 TLS_DHE_DSS_WITH_AES_256_SHA
    
    CipherSuitesEndpoints= TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_SHA256 TLS_ECDHE_RSA_WITH_AES_128_SHA TLS_ECDHE_ECDSA_WITH_AES_128_SHA TLS_ECDHE_RSA_WITH_AES_256_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_SHA384 TLS_ECDHE_RSA_WITH_AES_256_SHA TLS_ECDHE_ECDSA_WITH_AES_256_SHA TLS_DHE_RSA_WITH_AES_128_SHA256 TLS_DHE_RSA_WITH_AES_128_SHA TLS_DHE_DSS_WITH_AES_128_SHA256 TLS_DHE_RSA_WITH_AES_256_SHA256 TLS_DHE_DSS_WITH_AES_256_SHA

UPDATE NOTES: SOME RESOLUTIONS OF DRAWBACKS

  1. Was added a global variable of start of the modules.

If you are upgrading from a version 9.1 up to 9.5, check if there is a global variable LBL_global_TO_PROCESSES: Modules>Edit

…Node Variables

In the case the variable was not present it in all the node variables with the following values:

LBL_GLOBAL_ALL_PROCESSES РXX:+AlwaysPreTouch -XX:CompressedClassSpaceSize=128m -XX:MaxMetaspaceSize=48m

Check the start of the previous modules to make sure that the variable is inserted:

Start Command #LBL_global_TO_PROCESSES#:

For maximum performance the system must have the following parameterizations:

LBL_GLOBAL_TO_PROCESSES РXX:+AlwaysPreTouch -XX:CompressedClassSpaceSize=128m -XX:MaxMetaspaceSize=48m
LBL_GLOBAL_GARBAGE_COLLECTOR_LOADBALANCER РXX:+UseParallelGC -XX:+UseParallelOldGC
LBL_GLOBAL_GARBAGE_COLLECTOR_WEB_CACHE_DWH РXX:+UseParallelGC -XX:+UseParallelOldGC

NOTE UPDATE: INTERCEPTORS (Rewrite classes) ENHANCEMENTS

The interceptors classes are enriched with some features listed below. If you have implemented the new rules custom it is necessary to add the following methods and make the following minor changes, otherwise it is not necessary to read this chapter.

L4 TCP-UDP / L7 HTTP/S

It is now possible to manage the entire life cycle of the interceptor classes. We have added two new methods that are invoked immediately after the object is created and before its destruction. This allows you to manage asynchronous events within the class interceptor and possibly save or read data in context to the directory of the process that has carried out the class of rewriter.

@Override

Public void interceptorInit(String processHomePath) {

Initialization instructions

}

@Override

Public void interceptorEnd(String processHomePath) {

Finalization instructions

}

L4 TCP

Was introduced a new method to intercept the first response from the service, if not existing must be implemented.In addition methods can return uon true if you finish reading the logic content otherwise can return false if must continue to read until completion of one  logical stream (es.: header) to go to the  next step forward packets:

@Override

Public boolean doPrimerFromEndpoint(LBLTCPRewriteInterceptorFragment tcpFragment) {

Return true;

}

All other methods can return true or false to complete the logical sequences without and to be able to temporarily buffer values before forward.

@Override

Public boolean doPrimerFromClient(LBLTCPRewriteInterceptorFragment tcpFragment) {

Return true;

}

@Override

Public boolean doPacketFromClient(LBLTCPRewriteInterceptorFragment tcpFragment) {

Return true;

}

@Override

Public boolean doPacketFromEndpoint(LBLTCPRewriteInterceptorFragment tcpFragment) {

Return true;

}

@Override

Public boolean doPrimerFromEndpoint(LBLTCPRewriteInterceptorFragment tcpFragment) {

Return true;

}

L4 UDP

It has been completely rewritten the module for in such a way as to be able to apply the same logic of rewriting of the protocols Layer 4 UDP. As for the Layer 4 TCP it is possible to induce a session based on the contents of the packages of priming of the protocol and it is possible to intercept both streams: Request of clients and services response.

@Override

Public void interceptorInit(String processHomePath, String address, int port) {

}

@Override

Public void interceptorEnd(String processHomePath, String address, int port) {

}

@Override

Public void doAfterReceivedUDPPacketFromClient(LBLUDPRewriteInterceptorFragment udpFragment) {

}

@Override

Public void doAfterReceivedUDPPacketFromEndpoint(LBLUDPRewriteInterceptorFragment udpFragment) {

}