Kemp LB for Log Insight Mgr

Just recently I was playing around with log insight or as they now like to call it vRealize Log Insight. One of the new features with 2.5 is the ability to have to have an integrated load balancer. In previous versions VMware allowed for log insight worker nodes to scale out but this introduced an issue with evenly distributing the load. With 2.5, the claim is an external load balancer is no longer needed.

KEMP has been in the industry for some time and offers load balancer for all kinds of solutions. In fact it was one of the first vendors to ever make a virtual load balancers for VMware ESXi back when it was just ESX as well as other hypervisors. Some of their VMware specific load balancers can be found here. The one we are interested in is called the LoadMaster for VMware vCenter Log Insight Manager. I know this can be a mouthful. But its functionality is pretty straightforward with simple deployment and maintenance.

I don’t want to go into the details of how to deploy KEMP’s LB. We will be referring to it as the VLM (Virtual LoadMaster). It is an OVF that can be downloaded from the KEMP Website. Once the OVF is deployed it takes minutes for this bad boy to start working. Their deployment guide can be found here which covers their entire process of deployment . Hence, there is no point in me repeating the same information. However, I will point out a couple of things which might make your deployment a bit easier specially if load balancing is not something you don’t work with on the regular basis or if you are new to log insight:

  1. You will need at least 2 Log Insight nodes deployed (you can work with 1 but then what’s the value of a LB?)
  2. Do not enable the ILB (internal load balancer if you are using log insight 2.5)
  3. Do not forget to install the Log Insight Add On pack once you have deployed the VLM (section 2)

NOTE: The LoadMaster build that will be posted to in early February will include the Add On Pack by default.

  1. A virtual address is the IP of the service often referred to as a VIP. Basically this will be the address your clients will connect to.
  2. The real servers in this case will be your Log Insight nodes. Once the client connects to the virtual IP, the VLM will forward them to one of the real servers (Log Insight nodes) based on configured scheduling methods and health checks.

The image below that I borrowed from KEMP does a pretty good job in giving you an over of what the VLM does.


I don’t generally deal with load balancers in general so I felt it was important for me to clarify some of the above information. The good news is that I was able to deploy and make this work within minuets and if I can, anyone can. I deployed 2 Log Insight nodes and configured my virtual services in VLM as well as added the two nodes as the real servers.. After pointing my ESXi servers to the virtual IP addresses, VLM was put to work. 


Now here is the question. While it works smoothlyis a solution like KEMP which is an external load balancer even needed for those who have upgraded to log insight 2.5? I will go with the most obvious answer. It depends!

The Internal Load Balancer (ILB) in log insight 2.5 is a new feature. I am not going to comment on its realibilty, however, some customers prefer not be the ones to introduce brand new funcionality in their enviroment. My recommendation is, test it. Also, the following is straight from VMware that should be taken into consideration:

ILB requires that all Log Insight nodes be on the same Layer 2 network, such as behind the same switch or otherwise able to receive ARP requests from and send ARP requests to each other. The ILB IP address should be set up so that any Log Insight node can own it and receive traffic for it. Typically, this means that the ILB IP address will be in the same subnet as the physical address of the Log Insight nodes. After you configure the ILB IP address, try to ping it from a different network to ensure that it is reachable.

So who should be looking at KEMP or any other external load balancers for that matter?. In my opinion, external load balancers will work best for those who already have them deployed and can’t get similar results without it. Another aspect is division of responsibilities. As an example, if you have a network team that deals with LB, their preference will likely be to have an external LB in place versus the ILB provided by Log Insight 2.5. This by itself can be a pretty good reason, especially for larger organizations. BTW… While comparison of KEMP to other solutions is out of scope for this post KEMP does provide a handy sheet with a comparative matrix.

A couple of thing to consider regarding KEMP in particular is they have been doing this for some time and have a very mature product that is absolutely production ready. As your Log Insight nodes become unavailable KEMP stops directing traffic to them, and the easy of adding and removing nodes takes seconds.

“LoadMaster uses its L7 visibility to parse the flows on a per message basis and ensure even distribution across the cluster of available nodes, even when members are removed or added. LoadMaster executes health checks against the nodes to ensure that only healthy nodes are used as targets for messages. If a node becomes unhealthy and starts to fail health checks, it is automatically removed and re-added only when it returns to a healthy state.”

According to KEMP “LoadMaster is the only ADC available that comprehensively supports highly available traffic distribution for all supported Log Insight message ingestion methods.” A unique feature is that they are able to handle UDP traffic at L7 allowing per-syslog message load balancing. I highly recommend you to check out VLM if you employ Log Insight in your environment. Though the latest version of Log Insight Manager comes with ILB, KEMP can certainly enhance your infrastructure and provide a variety of features that may be of use including content switching, intrusion prevention, web application firewalling, global site load balancing, etc. You can get a 30 day trial and have it working in under 20 mins unless you have terrible download speeds. BTW… Since the LoadMaster is supported on vSphere as well as Hyper-V, KVM, Xen and Oracle VirtualBox along with a variety of public cloud platforms this could potentially be your one stop for all LB needs versus having a series of all kinds of LB for every environment creating support challenges. Take a look.

Leave a Reply