Author: McYork

Time to lay down a basic VIP. Sure, this is easy stuff for experts, for some, it will be very new Let’s talk about the User Acceptance to Production dilemma first then shall we?

Often we have a test environment, and (very) often we are not the application developers. Always set up a test VIP with HTTPS (only) and never concede to also having port 80 in that environment. HTTPS is a pain – I know. Here’s why you never open an HTTP port for a test environment: The app somehow is dependent upon HTTP. If you set up an HTTP path to the same resources on the test environment – the dependency is transparent to the developers. This is your fault.

If you create an HTTP direct path to the application in parallel to the HTTPS path all sorts of bad things could happen.

You say: OK, I hear that. What about a redirection?

Um yeah – is this a “hard” redirect or are you also propagating the path and full URI like so many examples might provide?

It does not matter how careful you are when providing HTTP access to the test environment. Developers are very creative (bless them). Something will go wrong. The solution to all future issues in the production environment is to create hard errors the developers see. Functionality fails and QA does not pass. Only this provides the feedback necessary to prevent deployment issues that hide behind an HTTP dependency.

When you go to production you will force a port 80 HTTP redirection to the home page of the application (with NO path or query strings) with the confidence this will not disrupt the application functionality. You know this because port 80 HTTP was never available in the test environment.

Did I promise a VIP config? Yikes. You need to define some servers – these run the app. You need to clump these into a group to get that redundancy and scale. Next, you apply a service group to a port of a VIP to then get the whole picture. Here is a minimum VIP configuration – and against my own advice, it is on port 80 HTTP. HTTPS has some moving parts we will get to post-haste.

slb server mcyork1 199.60.123.50
port 80 tcp

slb server mcyork2 199.60.123.51
port 80

slb service-group example-mcyork tcp
member mcyork1
member mcyork2

slb virtual-server example.mcyork.com 199.60.123.75
 port 80 http
  service-group example-mcyork

Was that too much? Don’t say yes. Stick with me.

This is the simplest VIP on the planet in any ADC / load balancer. VIP in this case is virtual-server. The IP address where you will direct traffic for this application. Do I need to also do a DNS primer? Whatever you go to this IP 199.60.123.75 and the result should be a response from either 199.60.123.50 or .51. Where we expect the developers are hosting the website/application or API they promised.

Promise delivered – config for the absolute minimum possible VIP. Along with the sage advice of what not to do just because you think it is easy and or the developers are asking for it – no HTTP in pre-production – ever.

Enjoy

Now Open. https://www.mcyork.com/store/

Yes it’s a little bit of fun.

What’s a phone book?  Never mind that.

“If you don’t know I am not going to tell you” is how the Internet treats you if you need to find a friend’s email address.  When they change it and don’t email everyone they know of the change (and even when they do).  You will perhaps say Facebook, Twitter, et al will come to the rescue. This may be true in a lot of cases – but why rely on a rescue plan that’s as ephemeral as a fart?

Ephemeral you say (word of the day btw)?  I’d like to use a Yahoo example.  What if Yahoo fails (and we see it has teetered a bit).  I’d hate it to fail of course, but “what if” is how we need to approach the problem.  Say it goes poof.  You have no email now.  Um… what do you do?  Well of course you search through all your contacts and send out an email – hey I changed my email to pinkbunny42@somenewISP.com.  Please DO UNNECESSARY WORK, I need you all to update your address books. People all have the lazy gene on the Internet.  They’ll assume they can get to it later.  They won’t be able to find that email when they next think of you… The common thought you all have when going through this is “The close friends in my life know how to contact me regardless”.  Yup – well in this world you might also have moved, changed your cell phone number, and, not that it is relevant, been issued 4 different credit card numbers “because we detected suspicious activity” this year.  The point is (important) stuff changes all the time.  The perfect storm can leave you in the Internet’s dust.

Not to mention every site on the Internet you log into and forgot the password of – will no longer be able to email you a password reset.  This list is LONG.  Far more onerous than changing a credit card number.

Aside: Website password advice – use lastpass.com

Imagine a rock.  One touchstone that’s always there.  No matter what.  Your email address.  From beginning to end it never changes, not once.  Are you willing to go that extra mile to save a boatload of future pain?

My domain, mcyork.com, was registered on 1995-02-03.  Not the start of the Internet by any means but the start of my online life.  Associated with mcyork.com is my very first email address ianm@mcyork.com.  I HAVE changed my email now to ian@mcyork.com.  I never sent friends an update.  If they use ianm@ – I still get the email.  My replies are now from ian@.  Over time, but without a worry on my part, they will soon start to use my newer more current email address.  In fact, the more luddite-prone friends of mine will never know or need to know, my email address was modified. @mcyok.com is mine, I control it and all the email addresses (near-infinite) that can be associated with it.

What’s the answer/point?  Own your domain / control your destiny!

“Ok, thanks but there’s a catch, right?  To manage all that is probably technical and difficult.  We KNOW you are a geek with a blog!”

Let’s go through that over beers.  I’ll get you started.