After you purchase a Hybrid Cloud WAF instance, you can create and deploy a custom protection cluster for Hybrid Cloud WAF. This type of cluster is referred to as a hybrid cloud cluster. You can add your website to the Hybrid Cloud WAF instance only after you deploy a hybrid cloud cluster. This topic describes how to deploy a hybrid cloud cluster.

Prerequisites

  • A Hybrid Cloud WAF instance is purchased on the Web Application Firewall buy page. Hybrid Cloud WAF
  • The resources that are required to deploy the hybrid cloud cluster are prepared. The following resources are included:
    • Servers that are preinstalled with the WAF agent (vagent)

      You must add your on-premises servers to the hybrid cloud cluster as cluster nodes. Before you can add an on-premises server, you must install vagent on the server. For more information, see Install the WAF agent.

    • Load balancers

      A hybrid cloud cluster consists of management, storage, and protection components. To ensure cluster stability, we recommend that you deploy the components on different nodes. If a component involves multiple nodes, we recommend that you deploy a load balancer in front of the nodes.

    For more information about the numbers of servers and load balancers that you must prepare, see Prepare cluster resources.

Prepare cluster resources

You can select a deployment plan based on your business requirements. The numbers of the required servers and load balancers vary based on deployment plans.

Protection scenario Deployment plan Required resource Description
Services that require high stability and high protection capabilities Disaster recovery deployment for protection and management components
  • Default protection capabilities of 10,000 QPS for HTTP services or 4,000 QPS for HTTPS services:

    (Recommended) Five servers and two load balancers

  • Beyond the default protection capabilities:

    Add cluster nodes based on your business requirements. Each cluster node can handle 5,000 QPS for HTTP services or 2,000 QPS for HTTPS services.

  • Storage component: one server
  • Management component: two or more servers and one load balancer
  • Protection component: two or more servers and one load balancer
Services that require high stability Disaster recovery deployment for protection components
  • Default protection capabilities of 10,000 QPS for HTTP services or 4,000 QPS for HTTPS services:

    (Recommended) Three servers and one load balancer

  • Beyond the default protection capabilities:

    Add cluster nodes based on your business requirements. Each cluster node can handle 5,000 QPS for HTTP services or 2,000 QPS for HTTPS services.

  • Management and storage component: one server
  • Protection component: two or more servers and one load balancer
Proof of concept (POC) tests of basic protection capabilities Minimum cluster deployment
  • Default protection capabilities of 10,000 QPS for HTTP services or 4,000 QPS for HTTPS services:

    Two or more servers

  • Beyond the default protection capabilities:

    Add cluster nodes based on your business requirements. Each cluster node can handle 5,000 QPS for HTTP services or 2,000 QPS for HTTPS services.

  • Management and storage component: one server
  • Protection component: one or more server

Procedure

  1. Log on to the Web Application Firewall console.
  2. In the left-side navigation pane, choose System Management > Hybrid Cloud Settings.
  3. Click Create Cluster.
  4. In the Create Cluster wizard, complete the Basic Information Configuration step.
    You must configure the parameters described in the following table and click Next.
    Parameter Description
    Cluster Name Enter a name for the hybrid cloud cluster.
    Protection Nodes Specify the number of nodes for the hybrid cloud cluster.
    Note The total number of nodes that you specify for all the hybrid cloud clusters cannot exceed that you specified when you purchased your Hybrid Cloud WAF instance.

    Each node corresponds to a server and supports a maximum of 5,000 queries per second (QPS) for HTTP services or a maximum of 2,000 QPS for HTTPS services. You can determine the number of nodes based on the QPS of the web services that the hybrid cloud cluster protects.

    Server Port Specify the server ports for the hybrid cloud cluster. Make sure that the server ports include all the ports that are used by the web services you want to protect. When you associate the web services with the hybrid cloud cluster later, you can select the ports for the web services only from the ports for the cluster.
    Instructions:
    • Ports 80, 8080, 443, and 8443 are enabled by default. Do not change the port settings unless otherwise specified.
    • If you want to enable additional ports, manually enter the ports. You must press Enter after you enter each port to save the port.

      You cannot enter the following system ports: 22, 53, 9100, 4431, 4646, 8301, 6060, 8600, 56688, 15001, 4985, 4986, and 4987.

      Warning For security purposes, we recommend that you specify only the ports required for your web services.
    Cluster Access Mode Select the network access mode for the hybrid cloud cluster. Valid values:
    • Internet: If you select this option, the WAF console allows access from the hybrid cloud cluster only over the Internet.
    • Internal Network: If you select this option, the WAF console allows access from the hybrid cloud cluster only over an Express Connect circuit.
      Notice You can select this option only if you have deployed Express Connect.
    Remarks Enter a description for the hybrid cloud cluster.
  5. In the Create Cluster wizard, complete the Node Group Configuration step.
    You must create multiple node groups in the cluster before you can add nodes to the node groups.
    Instructions:
    • Each node group must have a load balancer to prevent unbalanced services and single points of failure.
      Note If you do not have load balancers, you can contact WAF technical support.
    • Node groups support the following types: Management, Storage, Protection, and Management and Storage. The value Management indicates the management component. You can add only one node group of this type to a hybrid cloud cluster. The value Storage indicates the storage component. You can add multiple node groups of this type to a hybrid cloud cluster to implement disaster recovery. The value Protection indicates the protection component. You can add multiple node groups of this type to a hybrid cloud cluster to implement disaster recovery. The value Management and Storage indicates the management and storage component. You can add only one node group of this type to a hybrid cloud cluster.
      You must add the node groups in sequence based on the method that you use.
      • Method 1: Add one Storage node group, then at least one Management node group, and finally at least one Protection node group. If you use this method, add at least three node groups.
      • Method 2: Add one Management and Storage node group and then at least one Protection node group. If you use this method, add at least two node groups.

    To add a node group, perform the following steps:

    1. Click Create Node Group.
    2. In the Create Node Group dialog box, configure the parameters.
      The following table describes the parameters.
      Parameter Description
      Node Group Name Enter a name for the node group.
      Server IP Address for Load Balancing Enter the public IP address of the load balancer that is bound to the node group.
      Node Group Type Select a type for the node group. Valid values: Protection, Storage, Management, and Management and Storage.
      Region If you set Node Group Type to Protection, you must select the region where the node group is located. If you set Node Group Type to a different value, you do not need to configure this parameter.
      Remarks Enter a description for the node group.
    3. Click Save.
  6. In the Create Cluster wizard, complete the Initial Node Configuration step.
    You must add your on-premises servers to the hybrid cloud cluster as cluster nodes. Before you can add a node, you must install vagent on the on-premises server. For more information, see Install the WAF agent.
    Instructions:
    • The number of nodes that you can add to the hybrid cloud cluster cannot exceed that you specified for the cluster.
    • We recommend that you add at least two nodes to the Protection node group. This way, WAF can implement online active-active disaster recovery.

    To add a node to the hybrid cloud cluster, perform the following steps:

    1. Click Create Node.
    2. In the Create Node dialog box, configure the parameters. Create Node
      The following table describes the parameters.
      Parameter Description
      Server IP Address Enter the public IP address of the on-premises server.
      Node Name Enter a name for the node.
      Region Select the region of the node.
      Server Configuration The system automatically displays the configuration of the on-premises server.
      Protection Node Group Select the node group to which you want to add the node.
    3. Click Save.
  7. After you complete the Create Cluster wizard, wait for several minutes until the cluster is created.
    After the cluster is created, you can view General Information of the cluster in the upper part of the Hybrid Cloud Settings page.

    If multiple hybrid cloud clusters are created, you can click Switch Cluster to view the basic information of a specific cluster.

    General Information
  8. View the node status of the hybrid cloud cluster. Cluster Nodes
    After the cluster is created, you can view the node status and application status in the Cluster Nodes section.
    • Node Status indicates whether the server is running as expected. The value Normal indicates that the server is running as expected. The value Stopped indicates that the server is shut down.

      If the server is shut down, the node cannot provide protection. We recommend that you check the cause of the server shutdown and fix the exception at the earliest opportunity.

    • Application Status indicates whether vagent is running as expected on a node. The value Normal indicates that vagent is running as expected. The value Stopped indicates that vagent stops running.

      If vagent stops running, the node may be unable to provide protection. We recommend that you log on to your computer, check the installation and running status of vagent, and then fix the exception at the earliest opportunity. For more information, see Install the WAF agent.

What to do next

After you deploy the hybrid cloud cluster, you can go to the Website Access page and associate your web services with the cluster for protection.

In the Enter Your Website Information step, set Protection Resource to Hybrid Cloud Cluster and Name of Protected Node Group to the node group that you want to use. Configure the other parameters the same way you associate web services with a shared cluster. For more information, see Add a website. Add Domain Name