Progress Kemp LoadMaster

Enhance Application Delivery and Security with LoadMaster
Progress Kemp LoadMaster is a high-performance application delivery controller (ADC) and load balancer providing availability, scalability, performance and security for customers’ business-critical applications and websites. LoadMaster load balancers offer a high-performance application delivery solution with SSL offload, content switching, URL rewriting and compression in a more secure and highly-available platform that is easily deployed and managed.

LoadMaster includes a set of core features for application delivery that are enhanced with Subscriptions that add enhanced features.

Features included with all LoadMasters

General

• Server Load Balancing (SLB) for TCP/UDP based protocols
• TLS (SSL) Offload
• Layer 7 Content Switching
• Transparent caching for HTTP/HTTPS
• Compression of static and dynamic HTTP/HTTPS content
• Up to 1000 Virtual and 1000 Real Servers
• NAT-based forwarding
• Support for Direct Server Return (DSR) configurations
• Configurable S-NAT support
• VLAN Trunking (802.1Q)
• Link interface bonding (802.3ad)
• IPv6 support for addressing and features
• IPv6 - IPv4 bidirectional conversion
• Full HTTP/2 Support
• High Availability (Active/Standby)

Health Checking

• Aggregated health checks
• ICMP health checking
• Layer 7 checking against any target server port
• Active/Hot Standby configurations for High Availability
• Stateful Failover
• Scale-out Clustering
• Aggregated health checks

Session Persistence

• Source IP (L4)
• TLS (SSL) SessionID (L4)
• HTTP/HTTPS Browser-session (L7)
• HTTP/HTTPS WebClient-session (L7)
• RDP Login ID (L7)
• Port Following for mixed HTTP/HTTPS sessions
• Session reconnection for Microsoft RDS

Scheduling and Balancing Methods

• SDN Adaptive
• Round Robin
• Weighted Round Robin
• Least Connection
• Weighted Least Connection
• Agent-based Adaptive
• Chained Failover (Fixed Weighting)
• Source-IP Hash
• Layer 7 Content Switching
• Global Server Load Balancing (GSLB)
•  AD Group based traffic steering

SSL/TLS Features

• Configurable TLS (1.0, 1.1, 1.2) and SSL (2.0, 3.0)
• Support for EV (Extended Validation) certificates
• OCSP certificate validation
• Server Name Identification (SNI) support
• Support for up to 1,000 TLS (SSL) certificates
• Automated TLS (SSL) certificate chaining
• Certificate Signing Request (CSR) generation
• STARTTLS mail protocols (POP3, SMTP, IMAP)
• Certified FIPS 140-2 Level 1 encryption module
• FIPS 140-2 Level 2 Hardware Security Module option on LM-8xxx models

Administration

• Change auditing
• Web User Interface (WUI)
• SSH & physical console
• RESTful and PowerShell APIs
• VMware vRealize Orchestrator
• Context based help (WUI)
• Real time display of performance and availability
• Application templates
• Remote syslogd support
• Automated configuration backup
• Selective restore of configuration
• Connection draining
• Comprehensive logging and reporting
• SNMP support
• Diagnostic shell with in-line tcpdump

Security

• Common Criteria (ISO/IEC 15408) Certified
• Permit /Deny Access Control Lists
• IP address filtering
• IPsec Tunnel support
• DDoS mitigation, including L7 rate based attacks
• IPSec VPN to Azure, AWS and vCloud Air public clouds
• Authenticated NTP

Features enabled by Subscription

LoadMaster subscriptions enable additional features and services.

Edge Security Pack (ESP) Features

• Microsoft TMG replacement
• Pre-Authentication
• Multi-Domain authentication & SSO
• X.509 client certificate authentication
• Custom login forms
• Two factor authentication
• SAML, Active Directory, RADIUS & LDAP
• Forms to Forms based authentication

Intrusion Prevention

• Snort Compatible IPS
• Permit/Deny IP by address
• Automated IP reputation updates for GSLB

Web Application Firewall (WAF)

• Real-time application threat mitigation
• Updated reputation data daily
• Threats Mitigated
  • Cookie tampering
  • Cross site request forgery
  • Cross site scripting
  • Data loss prevention
  • SQL Injection
• PCI-DSS Section 6.6 compliance

Global Server Load Balancing (GSLB)

Scheduling and Balancing

• Round Robin
• Weighted Round Robin
• Chained Failover (Fixed Weighting)
• Regional
• Real Server Load
• Location Based

Security

• Black List (Access Control List)
• Updated reputation data daily
• DDoS mitigation

Health Checking & Failover

• ICMP health checking of server farm machines
• Layer 4 TCP checking
• Automatic reconfiguration for defective real server
• Active/Active High Availability

• Share: