Kemp LoadMaster Room for Improvement
The product is really good as-is out of the box. If there is one thing I would change is to have the license file not be coupled with the MAC address of the device. This is actually not really useful in a virtual environment where if you have a single VM with KEMP LoadMaster and you have not set up static MAC Address, if you, for example, recreate the VM and just load the disk file on a new VM it will get new MAC address and the NLB will not work as it will not see a proper license. You need to call their support, explain what the issue is, and then they will generate a new license that you can apply. If this is a production environment and you just had an outage and quickly required the VM then you are extending the outage by the time it will take to get their support to help with the new license.
The only thing that I miss is that the TMG server was giving me live information about who is connected and what is the request about. Details include the username, etc. I know Kemp gives you some live load info, but not the authentication data unless I am not aware of it.
The only thing I have struggled with is setting up automatic backups. When the job runs, it doesn't seem to do anything and the backup file never shows up in the destination folder. When I run a manual backup it works fine, but it just dumps the file to my local downloads folder. Otherwise, all of the features that it offers work well for us and it hasn't yet let us down.
We would like to see them improve the security by putting a well trusted and very efficient WAF inside the appliance. They currently use an open-source solution for this, but it would be great to include a more secure one because it would be a complete solution in terms of load balancing and security. We are currently researching WAF solutions to implement for our perimeter, so it is on the radar for our model.
The GUI is rather technical and complex, so it could be improved by making it simpler and more user-friendly. This is a very powerful solution that gives you an edge, but some of the features are hard to understand. For example, the configuration values are difficult. The templates help in this regard. Each value is explained in the documentation, but it still needs to be simpler.
I would like to see Active Directory integration for authentication of the admin role, so the usernames are not on the local appliance.View full review »
It works well, we really can't think of anything to make it easier They have templates that you can import that do most of the work for you anyways.
If I had to change something it would maybe be to have a little better reporting graphics that show more details in the reporting. It seems to be a little small in the graphic, and I'm not sure if possible but maybe a GUI page that one can use to monitor if any server goes down. And not sure a full login, so we can login to another page if something happens. Besides better GUI things i'm not sure.
I would like to see more automation and control of overactive and inactive resources. If I could schedule these around our updates then it would be all automated. I would like to set up an automated script to coincide with the scripts I use to update resources and servers. If I update a server on Wednesday then I would use Kemp to automate the server being taken out of service before and then put back into service after. That could streamline the whole update process and it should do some simple checks and tests to make sure the server or resource is reliable and able to be reached.
Manager of Technology Architecture and Information Security at J.F. Shea Co., Inc.
Out of the box, the LoadMaster provides real-time statistics regarding connections to the real servers, as well as to the virtual services. We see the number of connections in the last 5/30/60 minutes, and current active connections as well. However, it would be nice if we were able to drill in further to see the actual IP addresses that made up these connections, whether they were coming from the internet or internal, and possibly the option to disconnect certain active connections.
The historical graphs showing CPU metrics and the network is useful, as well. It would be nice if the historical metrics were easily exportable from the interface.View full review »
So far, the only hitch we have run into is that would have been nice to have an easier method to add allow/whitelist entries into the Access Control lists for virtual services.
Following an upgrade, we inadvertently lost all of our Access Control whitelist entries on one of our virtual services. Thankfully we had a backup of them, but to plug them back in, we had to enter them all manually. This ended up being a bit of a pain.
It would be great if there was a way to upload a .CSV file of ACL entries into the access control list, rather than having to add them one at a time.View full review »
If I had to pick an area for improvement, I think it would be direct integration with the template library. At present, you need to download the templates from the Kemp support portal and then upload them onto the LoadMaster. It would be much easier to have the management interface directly integrate with the Kemp Support library, allowing you to choose the desired template from the online catalog to then directly download to the LoadMaster.View full review »
Certificate installations could be simplified and modernized, and allowed to be monitored for expirations/issues.
We had a particular issue where we believed the Kemp LoadMaster was to blame for service disruption of a particular VIP (virtual-IP) based service, based on the supporting evidence. In the end, it was actually expired certificates downstream, which was not the Kemp's fault per se but it would have helped greatly and reduced our time with support if the Kemp had an alert for this type of problem, without needing to search logs/packet capture.View full review »
The configuration of the basic services is pretty straight forward but for more complex solutions, there needs to be better documentation or knowledge base articles. The knowledge base that is there is well done, but it would be excellent to see it expanded out. For those fringe installations, technical support is more than willing to assist.
The one thing that I would love to see implemented is the ability for Kemp to automate certificate creation through Let's Encrypt. That way I can cut back on my cost of certificates and also pushes towards a more centralized location for certificate management.View full review »
I can think of three things that would be nice; First, it would be helpful if the GEO function was built into every device. The cost of the GEO upgrade is not cost-prohibitive but it's something that would be a nice add-in, out of the box.
The second is the throughput. If the device was licensed based on the throughput then we could upgrade hardware to get better transactional throughput.
Third, if they had dual power supply options on the lower end models it would be helpful because I may be a smaller shop with only 35 servers, but I still rely on dual power supplies whenever possible.View full review »
Head Of Technology at a tech services company with 51-200 employees
When we go serverless, we may again have to revisit this because the configuration needs to be changed. With this change, we can run into a lot of other configurations that we haven't got into, which involve additional expenses. It would be challenging to convince management to buy at that price point. It would be a balancing act of justifying that expense and the value, that is, how it is going to save a bit of time and make our platform secure.
It can have better configuration ability. A lot of iterations happen when we have multiple servers pointing to the same domain. If we do not orchestrate carefully, it gets into a loop, which takes away the precious time of the user who is trying to subscribe to a service. It takes a little longer time to realize services as well as web pages.View full review »
IT Engineer at AIS
Obviously, there are a lot of moving parts and fields\settings on Kemp LoadMaster. Not all the settings are easily understandable. It would be helpful if there were a way to incorporate tooltips on the fields so that we don't have to dig through documentation.
I don't expect the software to assist in migrations, but it would be a plus if they had more documentation on Exchange migrations with Kemp and specific changes that need to be made. However, support is very knowledgeable and assisted us.
I would like to see an increase in the knowledge base on technical issues or common troubles.View full review »
In the web interface, there are a lot of settings in the different menus and it would be helpful if there were an interactive help system or tooltips to help the administrators find and configure the right settings.
The configuration of "standard" services is quite easy but when you configure more advanced settings, it's no longer easy and can be challenging. The Kemp Load Balancer is a very good product out of the VMware ISO (Box).
Sometimes, you feel years back in the web interface but it's just cosmetic.View full review »
Perhaps Kemp could offer some training videos.
Network and System Administrator at Guardian Capital Group Ltd
We experienced a brief period of instability.
Overall, the Kemp appliance seems to have performed very well for me over the years.
If there is anything that needs to be updated, the GUI can get a refresh to make it look more like 2020, although it is just a cosmetic change.
It would be a plus if there were a real-time live traffic capture that allows administrators to see the current traffic that is coming into the appliance. Currently, you can only start the TCPdump capture and have the information logged into a file.
Maybe a configurable dashboard to show more detail about each VS service would be welcome.View full review »
From my point of view, the only minor thing that needed to be improved is log management. It has all types of logs and they are very detailed, but it's a little bit hard to search for a single event.
Log management is critical for investigating an attack or unwanted behavior. Since they have a lot of logs, it takes a lot of time to look for a specific event. Also, for the WAF, it would be great if they can provide a dashboard or insight dashboard for WAF logs.
other than that there is nothing need to be improved from kempView full review »
The configuration of basic services is pretty straightforward but when you want to configure more advanced settings like the Edge Security Pack feature, it can be somewhat challenging! Even with the documentation, I had to contact the support to get help set this up properly. I think there should be more visual instructions on how to configure advanced features.
Support-wise, I've nothing to complain about. The support technicians are knowledgeable and were able to quickly help me set up and get things working.
The logging feature is somewhat archaic, as you have to go through text files. I think they should implement something more user-friendly for logging.View full review »
Overall, the Kemp LoadMaster has been an all-rounder great product and stable. The free trial and virtual edition make it a breeze for any potential customer to give it a spin before actually deciding to put it on the infrastructure or even talk to the CFO. Kemp could create a more structured lab oriented training program as part of its certification bundled with an online cloud lab that makes it easy for a client to learn and try out the Kemp LoadMaster immediately. The sales team would also benefit from this cloud lab service.View full review »
I would like to give some advice on security improvement:
- First, is the password complexity's restriction. For example, there should be a password restriction policy on the password that only can be made up of a minimum of 12 alphanumeric characters with upper & lower cases.
- Second, is the password age restriction. For example, the password should be changed at least every 90 days.
- Third, the password history restriction needs improvement. For example, the password policy will restrict the user to always use a unique password combination. The password should not be reused for a minimum of three generations of passwords.
- Last but not the least, the default administrator account should be able to rename. This is to prevent a hacker to use brute force attack on the known default administrator ID.
The one area that really could be improved upon is the GUI. Over the last several major versions, the GUI has remained virtually unchanged and still seems lacking. Since there is no "save" or "confirm" button, it is very easy to accidentally make a change on a live, production VIP, or endpoint.
Adding some sort of saving or confirming mechanism in the GUI would be nice and would make it seem more modern. This is not a show stopper for us, but really just a "nice to have".
Overall, there is little that needs to be improved with this product.View full review »
We have experienced at least one problem with stability, although it was fixed with an upgrade.View full review »
Have a better UI can attract more customers.
Multiple SSL uploads for a single VIP can be added in the future.
Prices on their maintenance plans should be reduced, as it would be better for the users.
It doesn't run well in Hyper-V or at least, it didn't when I bought it. I really don't like the way the logs are presented in the software. A lot of the information in the logs is only meaningful to the Kemp Support Team.
Network Administrator at a transportation company with 10,001+ employees
It should be more customizable and perhaps more like NetScaler in that regard. Although Kemp is very user-friendly, it lacks a more custom configuration.
I would like to see this solution more customizable in the next release.View full review »
I definitely think that the WAF can be improved. We have had several issues for which, at times some our services that were being run through the kemp would stop working. It was strange because everything showed green. Their first solution was to enable/disable the WAF and it worked. But then at time it stopped again and it required further investigation with Kemp support in which logs were needed to be turned on and collected to analyze the behavior.View full review »
In the next release, Kemp should include the ability for LoadMaster to create different DNS record types.View full review »
I've only used the virtual version of the small LoadManager (VLM-500), but on the "improvement" side my comment would be about the equivalent hardware based LM (LM-X1) to offer redundant power supply like the more beefier KEMP models do. No matter the size, the role played by these solutions tend to be critical for the business.
The product could be improved by making the SSL Offloading easier.
It would be very helpful to get all the http/https session logs by default in the log monitor without activating debugging mode like an apache web sever natively does
View full review »