About HAProxy Enterprise Edition

HAProxy Enterprise Edition (HAPEE) is version of HAProxy packaged by HAProxy Technologies that comes with some third party components to allow you to deploy a state of the art Load Balancer with OpenSource software and associated support.

HAPEE comprises two levels of subscription:

  1. Business
  2. Premium

The differences between the two subscription levels are the support hours and guaranteed response times.

HAPEE Business and Premium

These subscription levels include the HAProxy package with features to facilitate monitoring and management:

  • The HAProxy Load-Balancer
  • Load-Balancer CLI client: socat
  • VRRP high availability: keepalived
  • System tuning
  • Management scripts
  • SNMP server: net-snmp (patched for 64 bits counters)
  • Syslog configuration, scripts, and template

They also support the following modules to extend further load balancing capabilities and ensure high availability of your services:

  • Advanced Persistent Threat Protection: HTTP protocol in-depth inspection and sanitization extension to ensure security of web applications that process HTTP headers.

  • Antibot protection: a challenge response module that allows HAProxy to block non-legitimate HTTP clients by sending them a JavaScript challenge to solve.

  • Route Health Injection: the ability to indicate the availability of a virtual service through routing protocols (BGP / OSPF / ...) in order to configure active/active clusters. This extension comprises two components:

    • a BIRD routing daemon patched to accept volatile routes
    • a monitoring daemon to update the routing daemon based on status found in the load-balancing software

HAPEE Components

The illustration below shows the HAPEE components:

img/hapee_diagram.png

The following table lists the components of HAPEE with a brief description of each:

Name Tool Subscription level Desciption
hapee-1.7r1-base   Community Common files required by other components and sysctl.d configuration examples.
hapee-1.7r1-lb HAProxy Community HAProxy 1.7 Load-balancer with SSL, IPv6, etc.
hapee-1.7r1-cli socat Community Client to monitor and control the currently running HAProxy instance via its admin socket.
hapee-1.7r1-vrrp keepalived Business or Premium Virtual IP high-availability between nodes of a cluster.
hapee-1.7r1-cli-lb   Business or Premium Scripts to automate socket operations on the running HAProxy instance.
hapee-1.7r1-update HAProxy Business or Premium HAProxy Extension to allow automatic map or acl updates download through HTTP.
hapee-1.7r1-log   Business or Premium Autonomous log system based on default operating system syslog daemon.
hapee-1.7r1-snmp net-snmp Business or Premium Improved SNMP daemon (64 bits counters) its socket.
hapee-1.7r1-snmp-lb   Business or Premium Load-Balancing counters available through SNMP daemon
hapee-1.7r1-lb-sanitize HAProxy Business or Premium Advanced Persistent Threat Protection.
hapee-1.7r1-lb-antibot HAProxy Business or Premium Challenge/response Antibot Protection module
hapee-1.7r1-route bird / rhi Business or Premium Route Health Injection.

Operating System qualified

HAPEE has been qualified and is currently available for the following operating systems:

  • CentOS 6 64 bits
  • CentOS 7 64 bits
  • Debian 7 (wheezy) 64 bits
  • Debian 8 (jessie) 64 bits
  • RedHat Enterprise 6 64 bits
  • RedHat Enterprise 7 64 bits
  • Ubuntu 14.04 LTS 64 bits

Hardware requirements

HAPEE hardware requirements looks like HAProxy’s one and really depends on the workload it has to manage.

Only CPU and Memory are taken into consideration. Disk size depends on your operating system and the amount of log you want to keep.

Note

Indications below are informational. Please contact HAProxy Technologies for an assistance on sizing your servers.

Low level workload

This work load corresponds to the following:

  • TCP or HTTP traffic
  • up to 1000 conn/s
  • very low SSL traffic or gzip compression

This type of workload can be achieved either by a Virtual Machine or a bare metal server.

You need at least:

  • 1 CPU core
  • 1G of RAM

Mid level workload

This work load corresponds to the following:

  • TCP or HTTP traffic (including HTTP manipulation)
  • up to 4000 conn/s
  • low SSL traffic or gzip compression

This type of workload can be achieved either by a Virtual Machine or a bare metal server.

You need at least:

  • 2 CPU cores
  • 1G of RAM

High level workload

This work load corresponds to the following:

  • TCP or HTTP traffic (including HTTP manipulation)
  • up to 20000 conn/s
  • 10% of traffic ciphered (SSL) or compressed

This type of workload can be achieved by a bare metal server only.

You need at least:

  • 2 CPU cores, as fast as possible
  • 4G of RAM
  • powerful network card

Other workload

HAProxy Technologies can assist you to achieve some specific workloads such as:

  • huge HTTP connections per second
  • huge SSL capacity
  • huge compression capacity

Such workloads must combine a good hardware and a smart architecture of the server components (kernel, processes, etc...)

Backported features

HAPEE 1.7 is based on Community version 1.7 and embeds features from development version of HAProxy in a stable and reliable way. For more information about backported features, please read the release notes.

License

HAPEE respects licenses from each software it embeds.

  • keepalived (hapee-1.7r1-vrrp): GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or any later version

  • net-snmp (hapee-1.7r1-snmp): http://www.net-snmp.org/about/license.html

  • socat (hapee-1.7r1-cli): GNU General Public License as published by the Free Software Foundation, version 2 of the License

  • HAProxy (hapee-1.7r1-lb) uses two licenses:

    • all the source code is under GNU General Public License version 2
    • all exportable include files are by default under GNU Lesser General Public License (LGPL) version 2.1
    • for more information about HAProxy licences, please read LICENSE file provided by haproxy.org site
  • HAProxy Extensions: the code can use any license, thanks to LGPL mentioned above.