Topic: Ramped migration from SSL_BRIDGE to SSL VSERVER - plus GSLB (Read 626 times)

Dave · « **on:** December 02, 2011, 08:41:08 AM »

Hello,

We have 2 NetScalers with Layer 3 separation between them. We load balance to vservers between the 2 using GSLB. Right now the 2 vservers are in SSL_BRIDGE mode. We want to convert to SSL offload (SSL to the NetScaler, HTTP to the real servers). We have 10 servers and want to convert a few at a time to HTTP instead of HTTPS.

I don't want to just take down the 2 vservers and bring them back as SSL in one swoop. Anyone have a suggestion to concurrently run SSL and SSL_BRIDGE vservers with GSLB (i.e., some users will get directed to the SSL vserver some to SSL_BRIDGE for the same site)? I tried to do this with GSLB but you can't bind an SSL GSLB service and an SSL_BRIDGE GSLB service to the same GSLB vserver (not in a way I could figure out).

Or any other migration suggestion?

Thanks in advance!

evildani · « **Reply #1 on:** December 08, 2011, 01:58:07 AM »

I am guessing you have control over the DNS.
Then simply create an alternate SSL Vserver, use a redirect to send clients to your SSL service instead of the SSL_Bridge. I am assuming that the Certificate is a production certificate and no SSL errors will be displayed to the user.
After all users have been migrated, erase the old vserver and create your definite ssl vserver.
Does this suit your situation?

Netscaler Knowledgebase

News:

Author Topic: Ramped migration from SSL_BRIDGE to SSL VSERVER - plus GSLB (Read 626 times)

Dave

Ramped migration from SSL_BRIDGE to SSL VSERVER - plus GSLB

evildani

Re: Ramped migration from SSL_BRIDGE to SSL VSERVER - plus GSLB