cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

790
Views
15
Helpful
12
Replies
ErickBCCNA
Beginner

Moving rservers to a different server farm

Hello.

I have a quick question about moving an rserver from one server farm to another server farm within the ACE.  Here's my situation.  I have 2 websites set up in a test context.  The first website we'll call "site1.xyz.com" and is listening on VIP 1.1.1.1.  This website doesn't have a certificate associated, so when I type https://site1.xyz.com, I get an error in my browswer.  The second website we'll call "site2.xyz.com".  It has a cert installed and when I type https://site2.xyz.com, I go straight to the website and I don't get an error.  It's listening for inbound connections on VIP 2.2.2.2. 

Here's what I would like to accomplish. When I type https://site2.xyz.com, I want the website that is hosted on the rserver in site1.xyz.com's server farm to display in my browser.  I thought this would be as easy as moving the rserver from site1.xyz.com's server farm to site2.xyz.com serverfarm, but it doesn't work.  I tried moving the rserver that is hosting site1.xyz.com's site to site2.xyz.com's serverfarm and took the server that is hosting site2.xyz.com out of service.  Can anyone explain to me why this doesn't work?  It seems so simple/

12 REPLIES 12
Kanwaljeet Singh
Cisco Employee

Hi Erick,

Are you able to access the site directly on rserver hosting site1.xyz.com?

What you have done looks right but ensure that rserver will reply when you type site2.xyz.com since application may be written only to reply to site1.xyz.com.

Do you get a hit on service policy? Please check using show service-policy summary.

Can you send the relevant configuration ? Also, when you moved rserver to a different farm, you should still be accessing it through https://site1.xyz.com and not https://site2.xyz.com unless rserver will reply with same content for both these URL's.

Regards,

Kanwal

Hi Kanwal,

Thanks for your reply.  I really appreciate it.

Yes.  I can access site1.xyz.com if I just use port 80.  The goal is to leverage site2's certificate and URL without having to do any sort of redirection.

I'll send the confiurations tomorrow.  I don't have access to them right now.  I will also check on getting the hits on the service policy when I get to work tomorrow as well.  I'm new to the ACE, but this seemed like such a simple task, even for a beginner like me, but I can't seem to get it to work.  I don't know how the back-end web servers are configured, I would have to ask the applications analyst those questions.  I just manage the ACE.

Hi Erick,

My pleasure. Also, you can use the existing certificate on a new serverfarm as well. But that certificate should be valid for site1.xyz.com. Normally wild card certificates are generated for similar URL's and you should be able to use them otherwise you will have to get a new certificate.

Regards,

Kanwal

Our thinking was since this is just a test environment, we would use the certificates we already have without having to buy another one just for a test context.  So we wanted to move site1's website to site2's server farm and remove the current webpage on site2 completely.

Hi Erick,

That should not be a problem normally but if a certificate is issued for site2.xyz.com specifically, you cannot use it for site1.xyz.com. Normally, in cases like these certs are issued using wild card and can be used for any url like *.xyz.com which should match both the above URLs.

Also, you moved rserver to a different serverfarm and used https://site2.xyz.com to access the server which responds to site1.xyz.com. Can you check if you directly access that rserver using http://site2.xyz.com, does it reply?. If it does, than it should have worked unless there is a config problem or cert issue etc.

For testing sake you can also try and access it through ACE with SSL termination and see if it works fine.

Regards,

Kanwal

Hi Erick,

I meant you can also try and access it through ACE without SSL termination and not with it:)

Regards,

Kanwal

Kanwaljeet Singh wrote:

Hi Erick,

I meant you can also try and access it through ACE without SSL termination and not with it:)

Regards,

Kanwal

So basically you are saying to try removing the certificate and test without it right?  If it does work, then that would imply that there is a certifiacte problem.  If it still doesn't work, it could be a configuration problem and/or a certificate problem.

Hi Erick,

Yes, you can test without SSL. You don't have to remove cert from ACE . Since server is listening on port 80, you can simply test it through ACE using port 80.

Regards,

Kanwal

Got it.  I'll do that testing tomorrow and let you know.  Thank you so much for the help on this.

Hi Erick,

You are most welcome!

Regards,

Kanwal

My issue has been resolved.  It was with the different probes that were set with for the server farms.  I had a web server that is listening on a non standard port and te probe was set to probe port 80 so the probe was failing.  Obviously, if the probe fails, the ACE will not pass any traffic to the rservers.  Once I fixed the probe, it began to work as expected.  Thanks again for the help.

Hi Erick,

Sounds good:)

Regards,

Kanwal

Content for Community-Ad
This widget could not be displayed.