PSC HA 6.5: 2a-Prepare an F5 Load Balancer

The following section explains how to configure an F5 BIG-IP Load Balancer for use with PSC 6.5 HA.

Note: This guide was written using F5 BIG-IP 12.1. Some settings may vary in older or new versions.

This configuration guide uses the following Network Information as examples.

First PSC Node (psc-ha-a1.domain.com, 192.168.2.101)
Additional PSC Node (psc-ha-a2.domain.com, 192.168.2.102)
PSC Virtual IP (psc-ha-vip.domain.com, 192.168.2.99)
F5 BIG-IP Self IP (192.168.2.98)

Log into the F5 BIG-IP Web Interface at https://

Username: admin
Password: default

1. Create an account on f5.com
2. Navigate to https://secure.f5.com/partnervekeys/modules.jsp and log in
3. Select Eval Key Duration 45 Days
4. F5 Eval Key Generator SKU: F5-BIG-LTM-VE-1G-LIC
5. Select Next
6. Select Next
7. An email will be sent with the Evaluation License Key

1. Log into the Web Interface of the F5 BIG-IP
2. Navigate to License > Activate
3. In Base Registration Key enter in your License Key
4. As Activation Method select Manual
5. Click Next
6. Copy the contents of Dossier to your clip-board
7. Open the link Click here to access F5 Licensing Server in a new Browser Window/Tab
8. Paste the copied contents into the text box
9. Click Next
10. Agree to the terms of license and Click Next
11. Copy the contents of the text box to your clip-board
12. Paste the contents into the License Text Box back on the F5 Licensing Setup
13. Click Next
14. Click Continue once the license is applied

Create a VLAN.

1. Navigate to Network > VLAN > VLAN List > New VLAN (Create).
2. Provide a Name
3. Under Resource > Interfaces, move Interface 1.1 to Untagged using the Add button.
4. Click Finished.

Configure the Interface List.

1. Navigate to Network > Interfaces > Interface List.
2. Select 1.2 and 1.3
3. Click Disable.

Note: In this guide, we are only using one Interface. You may require more than one active Interface.

Configure the Self-IP.

1. Navigate to Network > Self-IP > New Self-IP.
2. Provide a Name
3. Enter the IP Address and Netmask for the Self-IP
4. Under VLAN/Tunnel, select the VLAN created earlier.
5. Under Port Lockdown, select Allow Default.
6. Click Finished.

Note: That the Self-IP cannot exist on the same subnet as the F5 Management IP.

1. Navigate to Local Traffic > Monitors > Create.
2. Provide a Name
3. Select Type HTTPS
4. Set an interval of 30 Seconds
5. In the Send String field enter GET /websso/HealthStatus HTTP/1.1\r\nHost:\r\nConnection: Close\r\n\r\n
6. In the Receive String field enter 200
7. In Alias Service Port enter 443
8. Select Finished

1. Navigate to Local Traffic > Monitors > Create.
2. Provide a Name
3. Select Type TCP
4. Set an interval of 30 Seconds
5. In the Send String field leave it blank
6. In the Receive String field leave it black
7. In Alias Service Port enter 389
8. Select Finished

Create Member Nodes.

1. Navigate to Local Traffic > Nodes > Node List > Create.
2. Provide a Name
3. Provide the IP Address of the First PSC Node.
4. Under Health Monitors select Node Specific
5. Move icmp and psc-ha-websso-health and psc-ha-vmdir-health to the Active column using the << button
6. Click Repeat.
7. Provide a Name
8. Provide the IP Address of the Additional PSC Node.
9. Click Finished.

(Repeat the preceding steps for additional PSC Servers if you have more than two PSC)

You should have two node members created

Create PSC Pool for port 443.

1. Navigate to Local Traffic > Pools > Pool List > Create.
2. Provide a Name
3. Under Health Monitors, move tcp to Active using the << button.
4. Under Load Balancing Method, select Round Robin.
5. Under New Members, select Node List.
6. Under Address, select your First PSC Node
7. Under Service Port, enter 443.
8. Click Add.
9. Under Address, select your additional PSC Node.
10. Under Service Port, enter 443.
11. Click Add.
12. Click Finished.

Repeat preceding steps for ports 389, 636, 2012, 2014, 2020.

You should have 6 unique pools created

1. Navigate to Local Traffic > Profiles > Persistence > Create.
2. Provide a Name
3. Select Persistence Type, Source Address Affinity from the drop down menu
4. Select the Custom checkbox.
5. Enable Match across services.
6. Specify the Timeout value to be at least 28800.
7. Click Finish.

Create Virtual Server IP (VIP) for the Ports: 443, 389, 636, 2012, 2014, 2020.

1. Navigate to Local Traffic > Virtual Servers > Virtual Server List > Create.
2. Provide a Name.
3. Under Destination Address, input the Virtual IP to be used for the Load Balanced PSC FQDN.
4. Under Service Port, enter a value of 443.
5. Under Source Address Translation, select Auto Map.
6. Under Default Pool, select the Pool for 443 created earlier.
7. Under Default Persistence Profile, select the persistence profile created earlier.
8. Click Finished

Create VIP for remaining ports 389, 636, 2012, 2014, 2020.

You should have 6 unique VIP

1. Navigate to Local Traffic > Network Map
2. Verify that Each VIP contains the correct Pool and that the correct Pool contains the correct Node:Port assignment.