RELIANOID Enterprise Edition, as a next-generation load balancer, stands out for its advanced traffic management, network security features, and robust customization capabilities, ideal for managing high-volume, sensitive network traffic. This guide provides best practices for installing RELIANOID Enterprise Edition from the ISO installer, covering the optimal resource setup, deployment options, security configurations, and network best practices to ensure a secure and scalable load balancing solution.

Resource Requirements for Installation #

• Processor: Minimum of 2 cores for smaller deployments; 4 cores or more are recommended for high-traffic environments.
• Memory: Minimum of 2 GB RAM for basic setups, scaling to 4 GB or more for production-grade installations handling complex traffic routing.
• Storage: Minimum of 8 GB; 12 GB or more is recommended to provide adequate space for logs and backups storage in production setups.
• Network Interfaces: At least two NICs are recommended for isolating production traffic from administrative traffic, with dedicated NICs providing better control and security. Also, if two-armed setup is required then one more NIC is recommended.

Deployment Options: Virtual, Docker, and Hardware #

RELIANOID offers flexible deployment options to fit diverse infrastructure setups. Here are key differences among virtual, Docker, and hardware installations:

• Virtual Machine (VM): Ideal for environments that prioritize flexibility and ease of scaling, VM deployments allow easy resource adjustments and VM-level redundancy. VMs are recommended for moderate traffic loads and environments with high fault tolerance requirements.
• Docker Container: Containerized installations offer rapid deployment, isolation, and resource efficiency, making them suitable for testing and development, or production environments with automated orchestration like Kubernetes. Container setups may require specific network configurations for efficient traffic management.
• Hardware Installation: Dedicated hardware provides the highest level of performance and reliability, ideal for high-traffic or security-sensitive environments. Hardware deployment benefits from direct resource access, reduced latency, and minimized virtualization overhead. This option is recommended for critical, high-availability environments.

Note: Choose the deployment type based on traffic volume, fault tolerance, and infrastructure complexity. Hardware deployments generally offer the best performance, while VMs provide the most flexibility.

Installing RELIANOID from the ISO #

Installing RELIANOID Enterprise Edition using the installable ISO is a simple and user-friendly process. However, if any guidance is needed, a step-by-step installation guide is included within the ISO file you download. This guide can help you through each stage of the setup to ensure everything is configured correctly.

During the ISO installation, you have the option to set up key system configurations, including the administration network interface, DNS settings, disk partitioning, and the root password. This allows you to customize these essential settings right from the start, ensuring your system is ready for secure and efficient operation.

Disk Management: LVM, Encryption, and Partitioning #

LVM (Logical Volume Management) offers flexibility in storage allocation and resizing, ideal for handling variable storage needs over time. It allows dynamic partition resizing without service interruption, essential in growing networks.

Partitioning #

Use separate partitions to isolate different types of data:

• System Base (/): Houses core system files.
• Logs (/var/log): Dedicated partition for logs; prevents excessive logging from affecting system files.
• Configuration files (/usr/local/relianoid/config): Keep the RELIANOID software files separate to simplify updates and backups.
• Configuration Backups (/usr/local/relianoid/backups): Houses user and configuration files.

Example for a 12GB storage disk:

Encryption #

Encrypting sensitive partitions (e.g., root, log) provides data protection and meets compliance requirements for data confidentiality. Use tools like LUKS (Linux Unified Key Setup) to encrypt disk volumes, providing security against physical and unauthorized access.

Tip: Regularly back up the LUKS encryption keys and secure backups in an offsite, secure location to prevent data loss from encryption issues.

Network Configuration for Security and Traffic Segmentation #

For optimal security and traffic management, separate network interfaces should be configured to handle administrative and production traffic:

• Administrative Interface: Dedicated to management functions, allowing access only from trusted IPs. Configure secure firewall rules to restrict this interface to specific administrative and monitoring devices.
• Production Interface: Handles all client-facing traffic. Implement firewall rules and traffic policies specific to production data flow, enhancing throughput and security.

Additional recommendations for network configuration:

• IP Binding: Use IP binding to restrict RELIANOID services to specific IPs or interfaces, reducing the attack surface.
• Firewall and ACLs: Establish access control lists (ACLs) and firewalls to prevent unauthorized access to both administrative and production interfaces.

Tip: Segmenting network interfaces reduces the risk of cross-traffic interference and simplifies traffic troubleshooting and security audits.

Password Security and User Access Control (RBAC) #

Secure Passwords #

Enforce strong password policies for all users (including root user), including at least 12-character passwords, complexity requirements, and expiration policies.

Role-Based Access Control (RBAC) #

Segment users based on roles to minimize exposure of critical settings and information.

• Monitoring Groups: Assign limited access to monitoring groups, allowing them to view logs and metrics without administrative privileges.
• Administrative Departments: Provide necessary configuration and control access to specific departments, limiting high-privilege access only to essential personnel.

Tip: Regularly audit user accounts and permissions, ensuring unused or outdated accounts are disabled.

Local Services Configuration: NTP, SNMP, and DNS #

RELIANOID benefits from local service configuration for accurate timekeeping, network monitoring, and domain name resolution:

• NTP (Network Time Protocol): Configure NTP to ensure synchronized time across servers, which is crucial for accurate log timestamps, transaction integrity, and auditing.
• SNMP (Simple Network Management Protocol): Enable SNMP for proactive network monitoring, alerting, and event logging. SNMP integration with a network monitoring tool provides insights into load balancer performance and potential issues.
• DNS: Configure a reliable DNS to support network name resolution, especially if using DNS-based traffic routing. Using local or enterprise DNS servers reduces latency and improves reliability.

Those settings can be configured in the section System > Services from the web interface.

Tip: Harden SNMP configurations by using secure versions (SNMPv3) and limiting SNMP access to trusted IPs.

Post-Installation Configuration and Testing #

After the installation, conduct initial tests and configure remaining settings for a smooth operational start:

• Instances activation: To make the load balancer instances fully operational, they need to be activated using a temporary activation certificate. This step is essential to enable all features and functions of the load balancer.
• Apply Security Updates: Ensure all system packages and RELIANOID components are up-to-date with security patches by running the command checkupgrades and then, if there are some updates to apply run checkupgrades -i.
• Configure Alerts Notification: Set up RELIANOID email notifications if required in the section System > Notifications to detect and respond as quick as possible to service interruptions or performance degradation.
• RBAC users and groups: In the System > RBAC module set up the role-based access control (RBAC) for managing the load balancer. Here, you can create specific groups, such as Administration for managing settings and configurations, and Monitoring for observing performance and metrics. This setup helps assign permissions based on roles, enhancing security and control.
• Cluster Setup: To set up a clustering system with two instances, go to the System > Cluster. From there, you can configure both instances to work together as a cluster, enhancing reliability and providing failover support.
• Testing: Use load testing tools like Apache JMeter or wrk to simulate production traffic and validate load balancing and failover functionality.

Conclusion #

Installing RELIANOID from an ISO with optimal resource allocation, partitioning, network separation, and role-based access control (RBAC) sets a strong foundation for secure, reliable, and efficient load balancing. By adhering to these best practices, you ensure that your RELIANOID setup is resilient, secure, and tailored to handle the dynamic demands of modern network environments.

Don’t doubt to contact with our Team for further information.