Came across Hercules
, a VM appliance
, while looking for a TCP-level load-balancer for a WebLogic Cluster
setup. WebLogic Server does includes a HTTP-level load-balancing servlet known as HttpClusterServlet
, which works okay for HTTP and simple HTTPS traffic, but not for 2-way SSL (or SSL with mutual authentication). The problem is that the connection originated from the client terminates at HttpClusterServlet and a new connection is established to one of the servers within the cluster, losing the user identification embedded within the client certificate. What you need for such configurations is a load-balancer that can transparently forward the TCP connection to a cluster machine and let the machine do the SSL handshake and map the certificate DN to a user identity. Hercules fit the bill.
Once I started playing with Hercules, I realized that it did more than just fitting the bill -- at download size of just 2.5MB, it was the tiniest VM image I have ever come across. Built with BusyBox
, it does a remarkable job of providing all the needed basic functionality of load-balancing a wide variety of TCP-based protocols such as HTTP/S, SMTP, FTP, POP3 and LDAP with minimal of disk and memory footprint. Not only that, the documentation included was very concise, clear and very complete, a rarity among less well-known opensource software.
Getting it to work with VMware Server was a snap. Even making configuration changes from default of supporting only HTTP to support both HTTP and HTTPS was fairly straight-forward. And it did its job of load-balancing client connections and failing over flawlessly.
Although I have only good things to say about Hercules, my experience with VMware hosted Virtual Appliance Marketplace
was less than stellar. It does a great job of maintaining a directory of third-party appliances and providing basic information, including download statistics that can help one determine the popularity of a particular appliance. Where it fell short, in my opinion, is how users download the VM images, some of which could be very big, running into Giga bytes. VMware doesn't really host images, it simply points to the location specified by the creator. Appliance creators often provide downloads through BitTorrent, which, unfortunately, are blocked within most corporate firewalls and are not very helpful anyway as few appliances are so popular to attract large no. of simultaneous downloads. I could get Hercules image bits only because its creator prabhakar
posted a message
with http download URL