Skip to content

Deployment of HySecure Gateway in HA on AWS

This article describes the configuration of HySecure HA Gateway deployment on AWS.

Required Component

Component Purpose Required
AWS Tenant Access Administrator or co-administrator To create new resources. Yes
AWS Storage Account Access To create new storage account if required Yes
Accops HySecure gateway VHD Customer HySecure gateway VHD Yes

Detailed Technical Requirements

  • Creating a custom size AWS compliant Virtual Hard Disk (VHD) file for Accops HySecure gateway

  • Uploading an AWS-compliant VHD to AWS and creating an AWS Image

  • Creating Virtual Network and Network Security Group for HySecure Gateway in Microsoft AWS

  • Creating a HySecure Gateway virtual machine from an OsDisk/Image in AWS

  • Create an AWS Public Standard Load Balancer for Accops HySecure Backend POOL

  • Create an Internal standard load balancer for Accops HySecure DB Failover Pool

  • Pre-boot HySecure first node as Active node in Microsoft AWS

  • Adding Standby node to HySecure cluster in Microsoft AWS

  • Adding VPN Server node to HySecure Cluster in Microsoft AWS

VM Requirements

  • Minimum no of VMs required: 2

  • VMs sizing required server configuration as per the load

Architecture Diagram

AWS HySecure HA Check list (Project: Fukuoka)

Item Check list Status Remarks
Creating a custom size AWS compliant Virtual Hard Disk (VHD) file for Accops HySecure gateway Done
Uploading an AWS-compliant VHD to AWS and creating an AWS OsDisk/Image Done
Creating a HySecure Gateway virtual machine from an OsDisk/Image in AWS Done
Creating a HySecure Gateway virtual machine from an OsDisk/Image in AWS Ready
Create an AWS Public Standard Load Balancer for Accops HySecure Backend POOL Pending
Create an Internal standard load balancer for Accops HySecure DB Failover Pool Pending
Pre-boot HySecure First Node as Active Node in Microsoft AWS Done
Adding Standby node to HySecure cluster in Microsoft AWS Done
Adding VPN Server 1 node to HySecure cluster in Microsoft AWS Pending
Adding VPN Server 2 node to HySecure Cluster in Microsoft AWS Pending

General HowTos

Q1: How to create a custom size AWS compliant Virtual Hard Disk (VHD) file for Accops HySecure gateway?

Q2: How to upload an AWS-compliant VHD to AWS and creating an AWS OsDisk/Image?

Q3: How to create Virtual Network and Network Security Group for HySecure gateway in Microsoft AWS?

Q4: How to create a HySecure Gateway virtual machine from an OsDisk/Image in AWS?

Q5: Create an AWS Public Standard Load Balancer for Accops HySecure Backend Pool?

Q6: Create an Internal standard load balancer for Accops HySecure DB Failover Pool

Q7: Pre-boot HySecure First Node as Active Node in Microsoft AWS

Q8: Adding Standby node to HySecure cluster in Microsoft AWS

Q9: Adding VPN Server node to HySecure Cluster in Microsoft AWS

Q1: How to create a custom size AWS compliant Virtual Hard Disk (VHD) file for Accops HySecure gateway?

Ans: This activity is completed for Fukuoka Project. (Documentation will be added later)


Q2: How to upload an AWS-compliant VHD to AWS and creating an AWS OsDisk/Image?

Ans: This activity is completed for Fukuoka Project. (Documentation will be added later)


Q3: How to create Virtual Network and Network Security Group for HySecure gateway in Microsoft AWS?

Ans: This activity is completed for Fukuoka Project. (Documentation will be added later)


Q4: How to create a HySecure Gateway virtual machine from an OsDisk/Image in AWS?

Ans: This activity is completed for Fukuoka Project. (Documentation will be added later)


Q5: Create an AWS Public Standard Load Balancer for Accops HySecure Backend Pool?

Ans: This activity is pending for Fukuoka Project. (Please click here for step by step procedures)


Q6: Create an Internal standard load balancer for Accops HySecure DB Failover Pool

Ans: This activity is pending for Fukuoka Project. (Please click here for step by step procedures)


Q7: Pre-boot HySecure First Node as Active Node in Microsoft AWS

Ans: This activity is completed for Fukuoka Project. (Documentation will be added later)


Q8: Adding Standby node to HySecure cluster in Microsoft AWS

Ans: This activity is completed for Fukuoka Project. (Documentation will be added later)


Q9: Adding VPN Server node to HySecure Cluster in Microsoft AWS\

Ans: This activity is pending for Fukuoka Project.

Tutorial: Load balance incoming traffic to HySecure VMs using the AWS Public Load balancer.

Load balancing provides a higher level of availability and scale by spreading incoming requests across multiple virtual machines. In this tutorial, you learn about the different components of the AWS Standard Load Balancer that distribute internet traffic to HySecure Gateway VMs and provide high availability.

  • Sign in to the AWS portal

  • Create an AWS Public Load Balancer

  • Create Load Balancer resources

  • View Load Balancer in action

  • Add and remove VMs from a Load Balancer

Step 1: Sign in to the AWS portal

Sign in to the AWS portal at https://portal.AWS.com.

Step 2: Create an AWS Public Load Balancer

In this section, you create a Standard Load Balancer that helps load balance virtual machines. Standard Load Balancer only supports a Standard Public IP address. When you create a Standard Load Balancer, you must also create a new Standard Public IP address that is configured as the frontend for the Standard Load Balancer.

  1. On the top left-hand side of the screen, click Create a resource > Networking > Load Balancer.

    Or Search for load balancers

  2. Click on Add.

  3. In the Basics tab of the Create load balancer page, enter or select the following information, accept the defaults for the remaining settings, and then select Review + create:

    Setting Value
    Subscription Select your subscription.
    Resource group Select Create new and choose existing Resource Group of HySecure VM in the text box.
    Name Gateway-Public-FrontEnd-LB
    Region Select Existing Region of HySecure Gateway
    Type Select Public.
    SKU Select Standard.
    Public IP address Select Create new.
    Public IP address name Type Gateway-Public-LB-IP in the text box.
    Availability zone Select Zone redundant.

    Please see below snapshot for your reference.

Step 3: Create Load Balancer resources

In this section, you configure Load Balancer settings for a backend address pool, a health probe, and specify a balancer rule.

Create a backend address pool

To distribute traffic to the VMs, a backend address pool contains the IP addresses of the virtual (NICs) connected to the Load Balancer. Create the backend address pool Gateway-BackEnd-Pool to include virtual machines for load-balancing internet traffic.

  1. Select All services in the left-hand menu, select All resources, and then click Gateway-Public-FrontEnd-LB from the resources list.

  2. Under Settings, click Backend pools, then click Add.

  3. On the Add a backend pool page, for name, type Gateway-BackEnd-Pool, as the name for your backend pool, and then choose the Virtual Network, then Add HySecure Gateway VMs.

Create a health probe

To allow the Load Balancer to monitor the status of your app, you use a health probe. The health probe dynamically adds or removes VMs from the Load Balancer rotation based on their response to health checks. Create a health probe HySecure-Health-Probe to monitor the health of the VMs.

  1. Select All services in the left-hand menu, select All resources, and then click Gateway-Public-FrontEnd-LB  from the resources list.

  2. Under Settings, click Health probes, then click Add.

  3. Use these values to create the health probe:

    Setting Value
    Name Enter *HySecure-Health-Probe*.
    Protocol Select HTTPS.
    Port Enter 443.
    Path /hapage.html
    Interval Enter 15 for number of Interval in seconds between probe attempts.
    Unhealthy threshold Select 2 for number of Unhealthy threshold or consecutive probe failures that must occur before a VM is considered unhealthy.

  4. Select OK.

    Please refer below screenshot for your references.

Create a Load Balancer rule.

A Load Balancer rule is used to define how traffic is distributed to the VMs. You define the frontend IP configuration for the incoming traffic and the backend IP pool to receive the traffic, along with the required source and destination port. Create a Load Balancer rule HTTPS for listening to port 443 in the frontend FrontendLoadBalancer and sending load-balanced network traffic to the backend address pool Gateway-BackEnd-Pool also using port 80.

  1. Select All services in the left-hand menu, select All resources, and then click Gateway-Public-FrontEnd-LB  from the resources list.

  2. Under Settings, click Load balancing rules, then click Add.

  3. Use these values to configure the load-balancing rule:

    Setting Value
    Name Enter HTTPS
    Protocol Select TCP.
    Port Enter 443.
    Backend port Enter 443.
    Backend pool Select Gateway-BackEnd-Pool.
    Health probe Select HySecure-Health-Probe.

  4. Leave the rest of the defaults and select OK.

    Please refer below screenshot for your references.

Step 4. View Load Balancer in action

Test Public load balancer distribution to HySecure Gateway.

Case 1: If All nodes are up and health probe at\ https://HysecurePublicLoadBalancerIP/hapage.html is OK to all backend server pool.

  • AWS Load Balancer will distribute the Traffic in Round-Robin

  • User Session will be persistence.

  • Inbound connection will be accepted only from AWS Public Load balancer IP Address

Network Diagram: If all nodes are Healthy.

Case 2: If one of the node is not Healthy then connection will be forwarded to only healthy node from AWS Public Load Balancer

Step 5. Add and remove VMs from a Load Balancer

Add and removes VMs from a load balancer as per the requirement.

Select Node1 and Launch.

Choose an Instance Type and select Next.

Configure Instance and select Next.

Add Storage and Select next

Add Tags and Select next

Review and Launch

Please follow the same procedure to Launch Node2.

Once both Nodes are ready

Tutorial: HySecure DB failover with an Internal Standard load balancer in the AWS portal

Load balancing provides a higher level of availability and scale by spreading incoming requests across virtual machines (VMs). You can use the AWS portal to create a Standard load balancer and balance internal traffic among VMs. This tutorial shows you how to create and configure an internal load balancer, back-end servers, and network resources at the standard pricing tier.

  • Sign in to the AWS portal

  • Create an AWS Internal Load Balancer

  • Create Load Balancer resources

  • View Load Balancer in action

  • Add and remove VMs from a Load Balancer

Step 1: Sign into the AWS portal and choose your prefer AWS region and select EC2.

Sign into the AWS portal at https://console.aws.amazon.com.

Step 2: Create an AWS Internal Load Balancer

In this section, you create an Internal Standard Load Balancer that helps load balance virtual machines. Standard Load Balancer only supports a Standard Public IP address. When you create a Standard Load Balancer, you must also create a new Standard Public IP address that is configured as the frontend for the Standard Load Balancer.

  1. Select Load Balancers from left pane.

  2. Create New Load balancer:

  3. Select below Network Load balancer

  4. On the top left-hand side of the screen, click Create a resource > Networking > Load Balancer.

    Or Search for load balancers

  5. Click on Add.

  6. In the Basics tab of the Create load balancer page, enter or select the following information, accept the defaults for the remaining settings, and then select Review + create:

    Setting Value
    Subscription Select your subscription.
    Resource group Select Create new and choose existing Resource Group of HySecure VM in the text box.
    Name Gateway-Internal-LB
    Region Select Existing Region of HySecure Gateway
    Type Select Internal.
    SKU Select Standard.
    Virtual Network Select Existing Vnet.
    Subnet Select Existing HySecure Subnet
    IP address assignment Select Static.
    Private IP address HySecure Virtual IP Address
    Availability Zone Zone Redundant

    Please see below snapshot for your reference.

Step 3: Create Internal Load Balancer resources

In this section, you configure Internal Load Balancer settings for a backend address pool, a health probe, and specify a balancer rule.

Create a backend address pool

To distribute traffic to the VMs, a backend address pool contains the IP addresses of the virtual (NICs) connected to the Load Balancer. Create the backend address pool HySecure-Internal-Backend-Pool to include virtual machines for load-balancing internet traffic.

  1. Select All services in the left-hand menu, select All resources, and then click HySecure-Internal-LB from the resources list.

  2. Under Settings, click Backend pools, then click Add.

  3. On the Add a backend pool page, for name, type HySecure-Internal-Backend-Pool , as the name for your backend pool, and then choose the Virtual Network, then Add HySecure Gateway VMs.

Create a health probe

To allow the Load Balancer to monitor the status of your app, you use a health probe. The health probe dynamically adds or removes VMs from the Load Balancer rotation based on their response to health checks. Create a health probe HySecure-DB-Health-Probe to monitor the health of the VMs.

  1. Select All services in the left-hand menu, select All resources, and then click HySecure-Internal-LB from the resources list.

  2. Under Settings, click Health probes, then click Add.

  3. Use these values to create the health probe:

    Setting Value
    Name Enter *HySecure-DB-Health-Probe*.
    Protocol Select HTTPS.
    Port Enter 443.
    Path /dbpage.html
    Interval Enter 15 for number of Interval in seconds between probe attempts.
    Unhealthy threshold Select 2 for number of Unhealthy threshold or consecutive probe failures that must occur before a VM is considered unhealthy.

  4. Select OK.

    Please refer below screenshot for your references.

Create a Load Balancer rule.

A Load Balancer rule is used to define how traffic is distributed to the VMs. You define the frontend IP configuration for the incoming traffic and the backend IP pool to receive the traffic, along with the required source and destination port. Create a Load Balancer rule DB for listening to port 3306 in the frontend HySecure-Internal-LB and sending load-balanced network traffic to the backend address pool HySecure-Internal-Backend-Pool  also using port 3306.

  1. Select All services in the left-hand menu, select All resources, and then click HySecure-Internal-LB from the resources list.

  2. Under Settings, click Load balancing rules, then click Add.

  3. Use these values to configure the load-balancing rule:

    Setting Value
    Name Enter DB
    Protocol Select TCP.
    Port Enter 3306.
    Backend port Enter 3306.
    Backend pool Select HySecure-Internal-Backend-Pool
    Health probe Select HySecure-DB-Health-Probe.

  4. Leave the rest of the defaults and select OK.

    Below Load Balancer Rule need to be created on HySecure-Internal-LB.

    Please refer below screenshot for your references.

Step 4. View Load Balancer in action

Test Internal load balancer distribution to HySecure Gateway.

Step 5. Add and remove VMs from a Load Balancer

Add and removes VMs from a load balancer as per the requirement.