Introduction

HAPEE stands for HAProxy Enterprise Edition.

It’s a version of HAProxy packaged by HAProxy Technologies and which comes with some third party components to allow anybody to deploy a state of the art Load-Balancer with OpenSource software and associated support.

Subscription levels and Extensions

HAPEE is available through three level of subscription:

  1. starter
  2. business
  3. Premium

The main difference is the support coverage period and the third party components associated.

Some Extensions are available on top of HAPEE Business and Premium:

  • Advanced Persistent threat protection
  • RHI (Route Health Injection)

This list may grow later.

HAPEE Starter

This version includes minimal required components to build a load-balancer:

  • the Load-Balancer: HAProxy
  • Load-Balancer CLI secured client: socat (compiled without any netwok protocols)
  • System tunning

For more information about HAPEE subscriptions, please read http://haproxy.com/products/haproxy-enterprise-edition/.

HAPEE Business and Premium

This version includes the starter packages plus add-ons to ease monitoring and management:

  • the Load-Balancer with advanced Extensions: HAProxy
  • Load-Balancer CLI client: socat
  • VRRP high availability: keepalived
  • System tunning
  • Management scripts
  • SNMP server: net-snmp (patched for 64 bits counters)
  • Syslog configuration, scripts and template

For more information about HAPEE subscriptions, please read http://haproxy.com/products/haproxy-enterprise-edition/.

Advance persistent threat protection extension

HTTP protocol deep inspection and clean up extension, to enforce security of web applications.

Botnet protection

A challenge response module which allows HAProxy to block non-legitimate HTTP clients by sending them a javascript challenge to resolve.

RHI extension

RHI stands for Route Health Injection.

Ability to announce the availability of a virtual service through routing protocols (BGP / OSPF / ...).

This extension includes two components:

  1. a routing daemon, bird (patched to accept volatile routes)
  2. a monitoring daemon which update the routing daemon based on status found in the load-balancing software

Components

Summary

The table below describes briefly each component:

HAPEE components
Name Tool Subscription level Desciption
hapee-1.6r2-base   Starter Common settings required by other components
hapee-1.6r2-lb HAProxy Starter HAProxy 1.6 Load-balancer with SSL, IPv6, etc...
hapee-1.6r2-cli socat Starter Client to get connected to interract with currently running HAProxy instance
hapee-1.6r2-vrrp keepalived Business or Premium Virtual IP high-availability between nodes of a cluster
hapee-1.6r2-cli-lb   Business or Premium Scripts to ease control of HAProxy through its socket
hapee-1.6r2-update HAProxy Business or Premium HAProxy Extension to allow automatic map or acl updates download through HTTP
hapee-1.6r2-log   Business or Premium Autonomous log system based on default operating system syslog daemon
hapee-1.6r2-snmp net-snmp Business or Premium Improved SNMP daemon (64 bits counters) its socket
hapee-1.6r2-snmp-lb   Business or Premium Load-Balancing counters available through SNMP daemon
hapee-1.6r2-lb-sanitize HAProxy Extension Advanced Persistent Threat protection
hapee-1.6r2-lb-antibot HAProxy Extension Challenge/response botnet protection module
hapee-1.6r2-route bird / rhi Extension Route Health Injection

Interactions

The picture below shows interactions between HAPEE components:

_images/components_interactions.png

Operating System qualified

HAPEE has been qualified and is currently available for the following operating systems:

  • CentOS 6 64 bits
  • CentOS 7 64 bits
  • Debian 7 (wheezy) 64 bits
  • Debian 8 (jessie) 64 bits
  • RedHat Enterprise 6 64 bits
  • RedHat Enterprise 7 64 bits
  • Ubuntu 14.04 LTS 64 bits

Hardware requirements

HAPEE hardware requirements looks like HAProxy’s one and really depends on the workload it has to manage.

Only CPU and Memory are taken into consideration. Disk size depends on your operating system and the amount of log you want to keep.

Note

Indications below are informational. Please contact HAProxy Technologies for an assistance on sizing your servers.

low level workload

This work load corresponds to the following:

  • TCP or HTTP traffic
  • up to 1000 conn/s
  • very low SSL traffic or gzip compression

This type of workload can be achieved either by a Virtual Machine or a bare metal server.

You need at least:

  • 1 CPU core
  • 1G of RAM

Mid level workload

This work load corresponds to the following:

  • TCP or HTTP traffic (including HTTP manipulation)
  • up to 4000 conn/s
  • low SSL traffic or gzip compression

This type of workload can be achieved either by a Virtual Machine or a bare metal server.

You need at least:

  • 2 CPU cores
  • 1G of RAM

High level workload

This work load corresponds to the following:

  • TCP or HTTP traffic (including HTTP manipulation)
  • up to 20000 conn/s
  • 10% of traffic ciphered (SSL) or compressed

This type of workload can be achieved by a bare metal server only.

You need at least:

  • 2 CPU cores, as fast as possible
  • 4G of RAM
  • powerful network card

Other workload

HAProxy Technologies can assist you to achieve some specific workloads such as:

  • huge HTTP connections per second
  • huge SSL capacity
  • huge compression capacity

Such workloads must combine a good hardware and a smart architecture of the server components (kernel, processes, etc...)

Backported features

HAPEE 1.6 is based on Community version 1.6 and embeds features from development version of HAProxy in a stable and reliable way. For more information about backported features, please read the release notes.

License

HAPEE respects licenses from each software it embeds.

  • keepalived (hapee-1.6r2-vrrp): GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or any later version

  • net-snmp (hapee-1.6r2-snmp): http://www.net-snmp.org/about/license.html

  • socat (hapee-1.6r2-cli): GNU General Public License as published by the Free Software Foundation, version 2 of the License

  • HAProxy (hapee-1.6r2-lb) uses two licenses:

    • all the source code is under GNU General Public License version 2
    • all exportable include files are by default under GNU Lesser General Public License (LGPL) version 2.1
    • for more information about HAProxy licences, please read LICENSE file provided by haproxy.org site
  • HAProxy Extensions: the code can use any license, thanks to LGPL mentioned above.