Implementing Cloud-enabled Management (CEM) behind load balancers is a supported configuration with certain considerations:
For ITMS 7.6 and later, please see 178549 "How to configure F5 BIG-IP Local Traffic Manager to work with the ITMS Cloud-enabled Management traffic?" as an example of what to configure (however, it is up to the vendor and customer in configuring their load balancer).
Note: F5 has been the only load balancer that we have tested. We are aware of customers using x, y and z load balancers after they had followed their vendor configuration documentation.
It is worth mentioning that some customers have reported that they were able to configure this functionality by trial and error. However, as this is not a supported configuration with the current ITMS 7.1 or 7.5 SP1 versions, support is unable to assist with implementation.
With regards to CEM any load balancer would act as a certificate proxy. Meaning that any traffic coming in via SSL to our CEM URL would have to first validate at the appliance using a signed machine certificate. The Gateway strictly uses a self-signed certificate and all functionality is built between the agent at the endpoint and the gateway, this would not work. Traffic needs to past through and the handshake will need to be established at the gateway.
The Internet Gateway serves SMA connections using the following process:
This method encrypts TCP traffic twice.
No, this is not currently supported with ITMS 7.5 and 7.5 SP1 releases.