After you purchase a Hybrid Cloud WAF instance, you can create and deploy a custom protection cluster for Hybrid Cloud WAF. This type of cluster is referred to as a hybrid cloud cluster. You can add your website to the Hybrid Cloud WAF instance only after you deploy a hybrid cloud cluster. This topic describes how to deploy a hybrid cloud cluster.
Prerequisites
A Hybrid Cloud WAF instance is purchased.
The resources that are required to deploy the hybrid cloud cluster are prepared. The following resources are included:
Servers that are preinstalled with the WAF agent (vagent)
You must add your on-premises servers to the hybrid cloud cluster as cluster nodes. Before you can add an on-premises server, you must install vagent on the server. For more information, see Install the WAF agent.
Load balancers
A hybrid cloud cluster consists of management, storage, and protection components. To ensure cluster stability, we recommend that you deploy the components on different nodes. If a component involves multiple nodes, we recommend that you deploy a load balancer in front of the nodes.
For more information about the numbers of servers and load balancers that you must prepare, see Prepare cluster resources.
Prepare cluster resources
You can select a deployment plan based on your business requirements. The numbers of the required servers and load balancers vary based on deployment plans.
Protection scenario | Deployment plan | Required resource | Description |
Services that require high stability and high protection capabilities | Disaster recovery deployment for protection and management components |
|
|
Services that require high stability | Disaster recovery deployment for protection components |
|
|
Proof of concept (POC) tests of basic protection capabilities | Minimum cluster deployment |
|
|
Procedure
Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and the region to which the WAF instance belongs. You can select Chinese Mainland or Outside Chinese Mainland for the region.
In the left-side navigation pane, choose .
Click Create Cluster.
In the Create Cluster wizard, complete the Basic Information Configuration step.
You must configure the parameters described in the following table and click Next.
Parameter
Description
Cluster Name
Enter a name for the hybrid cloud cluster.
Protection Nodes
Specify the number of nodes for the hybrid cloud cluster.
NoteThe total number of nodes that you specify for all the hybrid cloud clusters cannot exceed that you specified when you purchased your Hybrid Cloud WAF instance.
Each node corresponds to a server and supports a maximum of 5,000 queries per second (QPS) for HTTP services or a maximum of 2,000 QPS for HTTPS services. You can determine the number of nodes based on the QPS of the web services that the hybrid cloud cluster protects.
Server Port
Specify the server ports for the hybrid cloud cluster. Make sure that the server ports include all the ports that are used by the web services you want to protect. When you associate the web services with the hybrid cloud cluster later, you can select the ports for the web services only from the ports for the cluster.
Instructions:
Ports 80, 8080, 443, and 8443 are enabled by default. Do not change the port settings unless otherwise specified.
If you want to enable additional ports, manually enter the ports. You must press Enter after you enter each port to save the port.
You cannot enter the following system ports: 22, 53, 9100, 4431, 4646, 8301, 6060, 8600, 56688, 15001, 4985, 4986, and 4987.
WarningFor security purposes, we recommend that you specify only the ports required for your web services.
Cluster Access Mode
Select the network access mode for the hybrid cloud cluster. Valid values:
Internet: If you select this option, the WAF console allows access from the hybrid cloud cluster only over the Internet.
Internal Network: If you select this option, the WAF console allows access from the hybrid cloud cluster only over an Express Connect circuit.
ImportantYou can select this option only if you have deployed Express Connect.
Remarks
Enter a description for the hybrid cloud cluster.
In the Create Cluster wizard, complete the Node Group Configuration step.
You must create multiple node groups in the cluster before you can add nodes to the node groups.
Instructions:
Each node group must have a load balancer to prevent unbalanced services and single points of failure.
NoteIf you do not have load balancers, you can contact WAF technical support.
Node groups support the following types: Management, Storage, Protection, and Management and Storage. The value Management indicates the management component. You can add only one node group of this type to a hybrid cloud cluster. The value Storage indicates the storage component. You can add multiple node groups of this type to a hybrid cloud cluster to implement disaster recovery. The value Protection indicates the protection component. You can add multiple node groups of this type to a hybrid cloud cluster to implement disaster recovery. The value Management and Storage indicates the management and storage component. You can add only one node group of this type to a hybrid cloud cluster.
You must add the node groups in sequence based on the method that you use.
Method 1: Add one Storage node group, then at least one Management node group, and finally at least one Protection node group. If you use this method, add at least three node groups.
Method 2: Add one Management and Storage node group and then at least one Protection node group. If you use this method, add at least two node groups.
To add a node group, perform the following steps:
Click Create Node Group.
In the Create Node Group dialog box, configure the parameters.
The following table describes the parameters.
Parameter
Description
Node Group Name
Enter a name for the node group.
Server IP Address for Load Balancing
Enter the public IP address of the load balancer that is bound to the node group.
Node Group Type
Select a type for the node group. Valid values: Protection, Storage, Management, and Management and Storage.
Region
If you set Node Group Type to Protection, you must select the region where the node group is located. If you set Node Group Type to a different value, you do not need to configure this parameter.
Remarks
Enter a description for the node group.
Click Save.
In the Create Cluster wizard, complete the Initial Node Configuration step.
You must add your on-premises servers to the hybrid cloud cluster as cluster nodes. Before you can add a node, you must install vagent on the on-premises server. For more information, see Install the WAF agent.
Instructions:
The number of nodes that you can add to the hybrid cloud cluster cannot exceed that you specified for the cluster.
We recommend that you add at least two nodes to the Protection node group. This way, WAF can implement online active-active disaster recovery.
To add a node to the hybrid cloud cluster, perform the following steps:
Click Create Node.
In the Create Node dialog box, configure the parameters.
The following table describes the parameters.
Parameter
Description
Server IP Address
Enter the public IP address of the on-premises server.
Node Name
Enter a name for the node.
Region
Select the region of the node.
Server Configuration
The system automatically displays the configuration of the on-premises server.
Protection Node Group
Select the node group to which you want to add the node.
Click Save.
After you complete the Create Cluster wizard, wait for several minutes until the cluster is created.
After the cluster is created, you can view General Information of the cluster in the upper part of the Hybrid Cloud Settings page.
If multiple hybrid cloud clusters are created, you can click Switch Cluster to view the basic information of a specific cluster.
View the node status of the hybrid cloud cluster.
After the cluster is created, you can view the node status and application status in the Cluster Nodes section.
Node Status indicates whether the server is running as expected. The value Normal indicates that the server is running as expected. The value Stopped indicates that the server is shut down.
If the server is shut down, the node cannot provide protection. We recommend that you check the cause of the server shutdown and fix the exception at the earliest opportunity.
Application Status indicates whether vagent is running as expected on a node. The value Normal indicates that vagent is running as expected. The value Stopped indicates that vagent stops running.
If vagent stops running, the node may be unable to provide protection. We recommend that you log on to your computer, check the installation and running status of vagent, and then fix the exception at the earliest opportunity. For more information, see Install the WAF agent.
What to do next
After you deploy the hybrid cloud cluster, you can go to the Website Access page and associate your web services with the cluster for protection.
In the Enter Your Website Information step, set Protection Resource to Hybrid Cloud Cluster and Name of Protected Node Group to the node group that you want to use. Configure the other parameters the same way you associate web services with a shared cluster. For more information, see Add a website. 