After you purchase a Hybrid Cloud WAF instance, you can create and deploy a custom protection cluster for Hybrid Cloud WAF. This type of cluster is referred to as a hybrid cloud cluster. You can add your website to the Hybrid Cloud WAF instance only after you deploy a hybrid cloud cluster. This topic describes how to deploy a hybrid cloud cluster.

Prerequisites

  • A Hybrid Cloud WAF instance is purchased on the Web Application Firewall buy page. Hybrid Cloud WAF
  • The resources required to deploy the hybrid cloud cluster are prepared. The following resources are included:
    • Servers that are preinstalled with the WAF agent (vagent)

      You must add your on-premises servers to the hybrid cloud cluster as cluster nodes. Before you can add an on-premises server, you must install vagent on the server. For more information, see Install the WAF agent.

    • Load balancers

      A hybrid cloud cluster consists of management, storage, and protection components. To ensure cluster stability, we recommend that you deploy the components on different nodes. If a component involves multiple nodes, we recommend that you deploy a load balancer in front of the nodes.

    You can determine a deployment plan based on the numbers of servers and load balancers that you have. The following table describes different plans.
    Deployment plan Minimum resources required Description
    Basic cluster Two servers
    • Management and storage components: one server
    • Protection component: one server
    Disaster recovery cluster Three servers and one load balancer
    • Management and storage components: one server
    • Protection component: two or more servers and one load balancer
    Stable cluster Five servers and two load balancers
    • Storage component: one server
    • Management component: two or more servers and one load balancer
    • Protection component: two or more servers and one load balancer

Procedure

  1. Log on to the Web Application Firewall console.
  2. In the left-side navigation pane, choose System Management > Hybrid Cloud Settings.
  3. Click Create Cluster.
  4. In the Create Cluster wizard, complete the Basic Information Configuration step.
    You must configure the parameters described in the following table and click Next.
    Parameter Description
    Cluster Name Enter a name for the hybrid cloud cluster.
    Protection Nodes Specify the number of nodes for the hybrid cloud cluster.
    Note The total number of nodes that you specify for all the hybrid cloud clusters cannot exceed that you specified when you purchased your Hybrid Cloud WAF instance.

    Each node corresponds to a server and supports a maximum of 5,000 queries per second (QPS) for HTTP requests or a maximum of 2,000 QPS for HTTPS requests. You can determine the number of nodes based on the QPS of the web services that the hybrid cloud cluster protects.

    Server Port Specify the server ports for the hybrid cloud cluster. Make sure that the server ports include all the ports that are used by the web services you want to protect. When you associate the web services with the hybrid cloud cluster later, you can select the ports for the web services only from the ports for the cluster.
    Instructions:
    • Ports 80, 8080, 443, and 8443 are enabled by default. Do not change the port settings unless otherwise specified.
    • If you want to enable additional ports, manually enter the ports. You must press Enter after you enter each port to save the port.

      You cannot enter the following system ports: 22, 53, 9100, 4431, 4646, 8301, 6060, 8600, 56688, 15001, 4985, 4986, and 4987.

      Warning For security purposes, we recommend that you specify only the ports required for your web services.
    Cluster Access Mode Select the network access mode for the hybrid cloud cluster. Valid values:
    • Internet: If you select this option, the WAF console allows access from the hybrid cloud cluster only over the Internet.
    • Internal Network: If you select this option, the WAF console allows access from the hybrid cloud cluster only over an Express Connect circuit.
      Notice You can select this option only if you have deployed Express Connect.
    Remarks Enter a description for the hybrid cloud cluster.
  5. In the Create Cluster wizard, complete the Node Group Configuration step.
    You must create multiple node groups in the cluster before you can add nodes to the node groups.
    Instructions:
    • Each node group must have a load balancer to prevent unbalanced services and single point of failure.
      Note If you do not have load balancers, you can contact WAF technical support.
    • Node groups support the following types: Management, Storage, Protection, and Management and Storage. The value Management indicates the management component. You can add only one node group of this type to a hybrid cloud cluster. The value Storage indicates the storage component. You can add multiple node groups of this type to a hybrid cloud cluster to implement disaster recovery. The value Protection indicates the protection component. You can add multiple node groups of this type to a hybrid cloud cluster to implement disaster recovery. The value Management and Storage indicates the management and storage components. You can add only one node group of this type to a hybrid cloud cluster.
      You must add the node groups in sequence based on the method that you use.
      • Method 1: Add one Storage node group, then at least one Management node group, and finally at least one Protection node group. If you use this method, add at least three node groups.
      • Method 2: Add one Management and Storage node group and then at least one Protection node group. If you use this method, add at least two node groups.

    To add a node group, perform the following steps:

    1. Click Create Node Group.
    2. In the Create Node Group dialog box, configure the parameters.
      The following table describes the parameters.
      Parameter Description
      Node Group Name Enter a name for the node group.
      Server IP Address for Load Balancing Enter the public IP address of the load balancer that is bound to the node group.
      Node Group Type Select a type for the node group. Valid values: Protection, Storage, Management, and Management and Storage.
      Remarks Enter a description for the node group.
    3. Click Save.
  6. In the Create Cluster wizard, complete the Initial Node Configuration step.
    You must add your on-premises servers to the hybrid cloud cluster as cluster nodes. Before you can add a node, you must install vagent on the on-premises server. For more information, see Install the WAF agent.
    Instructions:
    • The number of nodes that you can add to the hybrid cloud cluster cannot exceed that you specified for the cluster.
    • We recommend that you add at least two nodes to the Protection node group. This way, WAF can implement online active-active disaster recovery.

    To add a node to the hybrid cloud cluster, perform the following steps:

    1. Click Create Node.
    2. In the Create Node dialog box, configure the parameters.
      The following table describes the parameters.
      Parameter Description
      Server IP Address Enter the public IP address of the on-premises server.
      Node Name Enter a name for the node.
      Region Select the region of the node.
      Server Configuration The system automatically displays the configuration of the on-premises server.
      Protection Node Group Select the node group to which you want to add the node.
    3. Click Save.
  7. After you complete the Create Cluster wizard, wait for several minutes until the cluster is created.
    After the cluster is created, you can view General Information of the cluster in the upper part of the Hybrid Cloud Settings page.

    If multiple hybrid cloud clusters are created, you can click Switch Cluster to view the basic information of a specific cluster.

What to do next

After you deploy the hybrid cloud cluster, you can go to the Website Access page and associate your web services with the cluster for protection.

In the Enter Your Website Information step, set Protection Resource to Hybrid Cloud Cluster and Name of Protected Node Group to the node group that you want to use. Configure the other parameters the same way you associate web services with a shared cluster. For more information, see Add a website. Add Domain Name