Senior Consultant at a tech services company with 51-200 employees
Consultant
Top 20
2023-09-21T16:05:22Z
Sep 21, 2023
My company is really happy with Kemp LoadMaster as a product. My company is also happy with the support we receive from Kemp LoadMaster. I want Kemp LoadMaster to provide users with better reporting capabilities in relation to TCP packets. In general, the connections that are present in the system require improvement. Feature-wise, Kemp LoadMaster has everything that our company's customers require. Kemp LoadMaster also has features that have supported our company's past projects.
They were still in the process of development, and for example, we set it up in a cluster. So it was one logistical unit built out of two physical devices. And the expected behavior, which I know from other devices, will be formed into a logic cluster. It's that you configure one unit. Then you bring the second unit into this cluster with the already configured primary unit. So the secondary box pulls all the configured ones from its neighbor, does everything automatically, and then synchronizes with this primary neighbor. And then it works, like, one logical unit. And this didn't work with the Kemp's initially, where they caused a lot of issues when building up a cluster, so there were some specials on how to set this up. When we built or set them up for the first time and the months afterward with no new software releases, there were a couple of problems, but in the end, they worked fine. So, they developed a lot and learned from what they've responded to, what we responded to them, and what needs fixing.
In the next release, they can introduce 360 views in the same dashboard to make it easier for users to view. The graphical information should be displayed on the dashboard.
Owner at a computer software company with 501-1,000 employees
Real User
Top 20
2023-03-10T15:28:11Z
Mar 10, 2023
In my opinion, the layer seven loads balancing that we're mainly using for web servers, doesn't seem to pick up when there are issues at the application level. I am not sure if this is due to poor configuration or not, but I think that the stability could be improved.
The ability to see live traffic is not great and can be improved. When we check live traffic via the external link, we sometimes see up to 80 concurrent connections but find it difficult to drill down into them. So although we can see 80, we can't drill down to get more information about those 80 connections. Additionally, the graphics for the solution can be improved.
The only thing I have struggled with is setting up automatic backups. When the job runs, it doesn't seem to do anything and the backup file never shows up in the destination folder. When I run a manual backup it works fine, but it just dumps the file to my local downloads folder. Otherwise, all of the features that it offers work well for us and it hasn't yet let us down.
@reviewer1444170 The scheduled backup should work, although it is a bit clunky. Lots of people preffer a centralised solution such as the new Kemp LoadMaster 360, which should support backups very soon. Or the Loadbalancer ADC Portal which is free for up to 6 LoadMasters.
Director of IT at a computer software company with 201-500 employees
Real User
2020-06-29T19:07:00Z
Jun 29, 2020
The product is really good as-is out of the box. If there is one thing I would change is to have the license file not be coupled with the MAC address of the device. This is actually not really useful in a virtual environment where if you have a single VM with KEMP LoadMaster and you have not set up static MAC Address, if you, for example, recreate the VM and just load the disk file on a new VM it will get new MAC address and the NLB will not work as it will not see a proper license. You need to call their support, explain what the issue is, and then they will generate a new license that you can apply. If this is a production environment and you just had an outage and quickly required the VM then you are extending the outage by the time it will take to get their support to help with the new license.
Senior Consultant at a tech services company with 11-50 employees
Real User
2020-06-22T05:01:00Z
Jun 22, 2020
I would like to give some advice on security improvement: * First, is the password complexity's restriction. For example, there should be a password restriction policy on the password that only can be made up of a minimum of 12 alphanumeric characters with upper & lower cases. * Second, is the password age restriction. For example, the password should be changed at least every 90 days. * Third, the password history restriction needs improvement. For example, the password policy will restrict the user to always use a unique password combination. The password should not be reused for a minimum of three generations of passwords. * Last but not the least, the default administrator account should be able to rename. This is to prevent a hacker to use brute force attack on the known default administrator ID.
IT Director at a computer software company with 10,001+ employees
Real User
2021-12-13T20:51:00Z
Dec 13, 2021
The UI is very basic and not very attractive, so this could be an area for improvement. In the next release, I would like to see global load balancing and the ability to connect to networks not physically attached to the individual device (VPNs or point-to-point connections, for example).
Systems Administrator II at Lincoln Land Community College
MSP
2021-01-13T17:20:00Z
Jan 13, 2021
If I had to pick an area for improvement, I think it would be direct integration with the template library. At present, you need to download the templates from the Kemp support portal and then upload them onto the LoadMaster. It would be much easier to have the management interface directly integrate with the Kemp Support library, allowing you to choose the desired template from the online catalog to then directly download to the LoadMaster.
I've only used the virtual version of the small LoadManager (VLM-500), but on the "improvement" side my comment would be about the equivalent hardware based LM (LM-X1) to offer redundant power supply like the more beefier KEMP models do. No matter the size, the role played by these solutions tend to be critical for the business.
I definitely think that the WAF can be improved. We have had several issues for which, at times some our services that were being run through the kemp would stop working. It was strange because everything showed green. Their first solution was to enable/disable the WAF and it worked. But then at time it stopped again and it required further investigation with Kemp support in which logs were needed to be turned on and collected to analyze the behavior.
Head Of Technology at a tech services company with 51-200 employees
Real User
2020-11-21T02:33:08Z
Nov 21, 2020
When we go serverless, we may again have to revisit this because the configuration needs to be changed. With this change, we can run into a lot of other configurations that we haven't got into, which involve additional expenses. It would be challenging to convince management to buy at that price point. It would be a balancing act of justifying that expense and the value, that is, how it is going to save a bit of time and make our platform secure. It can have better configuration ability. A lot of iterations happen when we have multiple servers pointing to the same domain. If we do not orchestrate carefully, it gets into a loop, which takes away the precious time of the user who is trying to subscribe to a service. It takes a little longer time to realize services as well as web pages.
Manager of Technology Architecture and Information Security at J.F. Shea Co., Inc.
Real User
2020-11-05T19:12:00Z
Nov 5, 2020
Out of the box, the LoadMaster provides real-time statistics regarding connections to the real servers, as well as to the virtual services. We see the number of connections in the last 5/30/60 minutes, and current active connections as well. However, it would be nice if we were able to drill in further to see the actual IP addresses that made up these connections, whether they were coming from the internet or internal, and possibly the option to disconnect certain active connections. The historical graphs showing CPU metrics and the network is useful, as well. It would be nice if the historical metrics were easily exportable from the interface.
Systems Administrator at a construction company with 11-50 employees
Real User
2020-11-03T18:20:00Z
Nov 3, 2020
The configuration of the basic services is pretty straight forward but for more complex solutions, there needs to be better documentation or knowledge base articles. The knowledge base that is there is well done, but it would be excellent to see it expanded out. For those fringe installations, technical support is more than willing to assist. The one thing that I would love to see implemented is the ability for Kemp to automate certificate creation through Let's Encrypt. That way I can cut back on my cost of certificates and also pushes towards a more centralized location for certificate management.
Network Administrator 2 at PUBLIC SCHOOL AND EDUCATION EMPLOYEE RET
Real User
2020-10-30T20:03:00Z
Oct 30, 2020
It works well, we really can't think of anything to make it easier They have templates that you can import that do most of the work for you anyways. If I had to change something it would maybe be to have a little better reporting graphics that show more details in the reporting. It seems to be a little small in the graphic, and I'm not sure if possible but maybe a GUI page that one can use to monitor if any server goes down. And not sure a full login, so we can login to another page if something happens. Besides better GUI things i'm not sure.
I can think of three things that would be nice; First, it would be helpful if the GEO function was built into every device. The cost of the GEO upgrade is not cost-prohibitive but it's something that would be a nice add-in, out of the box. The second is the throughput. If the device was licensed based on the throughput then we could upgrade hardware to get better transactional throughput. Third, if they had dual power supply options on the lower end models it would be helpful because I may be a smaller shop with only 35 servers, but I still rely on dual power supplies whenever possible.
I would like to see more automation and control of overactive and inactive resources. If I could schedule these around our updates then it would be all automated. I would like to set up an automated script to coincide with the scripts I use to update resources and servers. If I update a server on Wednesday then I would use Kemp to automate the server being taken out of service before and then put back into service after. That could streamline the whole update process and it should do some simple checks and tests to make sure the server or resource is reliable and able to be reached.
Principal Systems Engineer at World Travel Holdings
Real User
2020-10-27T17:31:00Z
Oct 27, 2020
Certificate installations could be simplified and modernized, and allowed to be monitored for expirations/issues. We had a particular issue where we believed the Kemp LoadMaster was to blame for service disruption of a particular VIP (virtual-IP) based service, based on the supporting evidence. In the end, it was actually expired certificates downstream, which was not the Kemp's fault per se but it would have helped greatly and reduced our time with support if the Kemp had an alert for this type of problem, without needing to search logs/packet capture.
Have a better UI can attract more customers. Multiple SSL uploads for a single VIP can be added in the future. Prices on their maintenance plans should be reduced, as it would be better for the users. It doesn't run well in Hyper-V or at least, it didn't when I bought it. I really don't like the way the logs are presented in the software. A lot of the information in the logs is only meaningful to the Kemp Support Team.
Network and System Administrator at Kliniken Maria Hilf GmbH
Real User
2020-10-26T21:04:00Z
Oct 26, 2020
In the web interface, there are a lot of settings in the different menus and it would be helpful if there were an interactive help system or tooltips to help the administrators find and configure the right settings. The configuration of "standard" services is quite easy but when you configure more advanced settings, it's no longer easy and can be challenging. The Kemp Load Balancer is a very good product out of the VMware ISO (Box). Sometimes, you feel years back in the web interface but it's just cosmetic.
The one area that really could be improved upon is the GUI. Over the last several major versions, the GUI has remained virtually unchanged and still seems lacking. Since there is no "save" or "confirm" button, it is very easy to accidentally make a change on a live, production VIP, or endpoint. Adding some sort of saving or confirming mechanism in the GUI would be nice and would make it seem more modern. This is not a show stopper for us, but really just a "nice to have". Overall, there is little that needs to be improved with this product.
It would be very helpful to get all the http/https session logs by default in the log monitor without activating debugging mode like an apache web sever natively does
From my point of view, the only minor thing that needed to be improved is log management. It has all types of logs and they are very detailed, but it's a little bit hard to search for a single event. Log management is critical for investigating an attack or unwanted behavior. Since they have a lot of logs, it takes a lot of time to look for a specific event. Also, for the WAF, it would be great if they can provide a dashboard or insight dashboard for WAF logs. other than that there is nothing need to be improved from kemp
Information Technology Engineer at a government with 1,001-5,000 employees
Real User
2020-10-24T00:48:00Z
Oct 24, 2020
Overall, the Kemp appliance seems to have performed very well for me over the years. If there is anything that needs to be updated, the GUI can get a refresh to make it look more like 2020, although it is just a cosmetic change. It would be a plus if there were a real-time live traffic capture that allows administrators to see the current traffic that is coming into the appliance. Currently, you can only start the TCPdump capture and have the information logged into a file. Maybe a configurable dashboard to show more detail about each VS service would be welcome.
Senior Systems Analyst at a manufacturing company with 5,001-10,000 employees
Real User
2020-10-23T19:38:00Z
Oct 23, 2020
So far, the only hitch we have run into is that would have been nice to have an easier method to add allow/whitelist entries into the Access Control lists for virtual services. Following an upgrade, we inadvertently lost all of our Access Control whitelist entries on one of our virtual services. Thankfully we had a backup of them, but to plug them back in, we had to enter them all manually. This ended up being a bit of a pain. It would be great if there was a way to upload a .CSV file of ACL entries into the access control list, rather than having to add them one at a time.
Manager, Building and IT Infrastructure at Gaz Métro Plus, Inc.
Real User
2020-10-23T19:28:00Z
Oct 23, 2020
The configuration of basic services is pretty straightforward but when you want to configure more advanced settings like the Edge Security Pack feature, it can be somewhat challenging! Even with the documentation, I had to contact the support to get help set this up properly. I think there should be more visual instructions on how to configure advanced features. Support-wise, I've nothing to complain about. The support technicians are knowledgeable and were able to quickly help me set up and get things working. The logging feature is somewhat archaic, as you have to go through text files. I think they should implement something more user-friendly for logging.
Information Technology Manager at Larson Engineering, Inc.
Real User
2020-10-23T18:38:00Z
Oct 23, 2020
The only thing that I miss is that the TMG server was giving me live information about who is connected and what is the request about. Details include the username, etc. I know Kemp gives you some live load info, but not the authentication data unless I am not aware of it.
Obviously, there are a lot of moving parts and fields\settings on Kemp LoadMaster. Not all the settings are easily understandable. It would be helpful if there were a way to incorporate tooltips on the fields so that we don't have to dig through documentation. I don't expect the software to assist in migrations, but it would be a plus if they had more documentation on Exchange migrations with Kemp and specific changes that need to be made. However, support is very knowledgeable and assisted us. I would like to see an increase in the knowledge base on technical issues or common troubles.
Overall, the Kemp LoadMaster has been an all-rounder great product and stable. The free trial and virtual edition make it a breeze for any potential customer to give it a spin before actually deciding to put it on the infrastructure or even talk to the CFO. Kemp could create a more structured lab oriented training program as part of its certification bundled with an online cloud lab that makes it easy for a client to learn and try out the Kemp LoadMaster immediately. The sales team would also benefit from this cloud lab service.
Network Administrator at a transportation company with 10,001+ employees
Real User
2020-02-12T08:38:14Z
Feb 12, 2020
It should be more customizable and perhaps more like NetScaler in that regard. Although Kemp is very user-friendly, it lacks a more custom configuration. I would like to see this solution more customizable in the next release.
Senior Systems Engineer at a real estate/law firm with 501-1,000 employees
Real User
2019-10-27T06:20:00Z
Oct 27, 2019
We would like to see them improve the security by putting a well trusted and very efficient WAF inside the appliance. They currently use an open-source solution for this, but it would be great to include a more secure one because it would be a complete solution in terms of load balancing and security. We are currently researching WAF solutions to implement for our perimeter, so it is on the radar for our model. The GUI is rather technical and complex, so it could be improved by making it simpler and more user-friendly. This is a very powerful solution that gives you an edge, but some of the features are hard to understand. For example, the configuration values are difficult. The templates help in this regard. Each value is explained in the documentation, but it still needs to be simpler. I would like to see Active Directory integration for authentication of the admin role, so the usernames are not on the local appliance.
Infrastructure Specialist at a tech services company with 51-200 employees
Real User
2018-06-13T08:03:00Z
Jun 13, 2018
There are plenty of features that are lacking in my opinion: * The auth website of ESP is really lacking. It’s not responsive (mobile friendly) and the procedure of changing the website is difficult. We tend to avoid using pre-auth for that reason, and it's really a shame. * Several elements of the GUI need work. For example, if you have many content switches, it’s difficult to find the ones you need. And where is the search feature? * If you want logging for SMTP traffic, you have to enable ESP, which requires you to define allowed IP addresses. That’s irritating, to say the least. * Using the GUI to view log files is tedious. A nice log parser would help. * It lacks an officially supported, well-written SCOM Management Pack.
Kemp LoadMaster is a powerful load balancing solution that also serves as a web application firewall. Its primary use case is load balancing and application load balancing, making it an ideal solution for organizations that must distribute traffic across multiple servers. Kemp's integration with an active directory for ESP usage, hosting/deployment of SSL certificates, and pricing are some of its most valuable features.
Using Kemp has helped organizations mitigate cross-scripting...
My company is really happy with Kemp LoadMaster as a product. My company is also happy with the support we receive from Kemp LoadMaster. I want Kemp LoadMaster to provide users with better reporting capabilities in relation to TCP packets. In general, the connections that are present in the system require improvement. Feature-wise, Kemp LoadMaster has everything that our company's customers require. Kemp LoadMaster also has features that have supported our company's past projects.
They were still in the process of development, and for example, we set it up in a cluster. So it was one logistical unit built out of two physical devices. And the expected behavior, which I know from other devices, will be formed into a logic cluster. It's that you configure one unit. Then you bring the second unit into this cluster with the already configured primary unit. So the secondary box pulls all the configured ones from its neighbor, does everything automatically, and then synchronizes with this primary neighbor. And then it works, like, one logical unit. And this didn't work with the Kemp's initially, where they caused a lot of issues when building up a cluster, so there were some specials on how to set this up. When we built or set them up for the first time and the months afterward with no new software releases, there were a couple of problems, but in the end, they worked fine. So, they developed a lot and learned from what they've responded to, what we responded to them, and what needs fixing.
In the next release, they can introduce 360 views in the same dashboard to make it easier for users to view. The graphical information should be displayed on the dashboard.
In my opinion, the layer seven loads balancing that we're mainly using for web servers, doesn't seem to pick up when there are issues at the application level. I am not sure if this is due to poor configuration or not, but I think that the stability could be improved.
The ability to see live traffic is not great and can be improved. When we check live traffic via the external link, we sometimes see up to 80 concurrent connections but find it difficult to drill down into them. So although we can see 80, we can't drill down to get more information about those 80 connections. Additionally, the graphics for the solution can be improved.
The only thing I have struggled with is setting up automatic backups. When the job runs, it doesn't seem to do anything and the backup file never shows up in the destination folder. When I run a manual backup it works fine, but it just dumps the file to my local downloads folder. Otherwise, all of the features that it offers work well for us and it hasn't yet let us down.
@reviewer1444170 The scheduled backup should work, although it is a bit clunky. Lots of people preffer a centralised solution such as the new Kemp LoadMaster 360, which should support backups very soon. Or the Loadbalancer ADC Portal which is free for up to 6 LoadMasters.
The product is really good as-is out of the box. If there is one thing I would change is to have the license file not be coupled with the MAC address of the device. This is actually not really useful in a virtual environment where if you have a single VM with KEMP LoadMaster and you have not set up static MAC Address, if you, for example, recreate the VM and just load the disk file on a new VM it will get new MAC address and the NLB will not work as it will not see a proper license. You need to call their support, explain what the issue is, and then they will generate a new license that you can apply. If this is a production environment and you just had an outage and quickly required the VM then you are extending the outage by the time it will take to get their support to help with the new license.
I would like to give some advice on security improvement: * First, is the password complexity's restriction. For example, there should be a password restriction policy on the password that only can be made up of a minimum of 12 alphanumeric characters with upper & lower cases. * Second, is the password age restriction. For example, the password should be changed at least every 90 days. * Third, the password history restriction needs improvement. For example, the password policy will restrict the user to always use a unique password combination. The password should not be reused for a minimum of three generations of passwords. * Last but not the least, the default administrator account should be able to rename. This is to prevent a hacker to use brute force attack on the known default administrator ID.
The UI is very basic and not very attractive, so this could be an area for improvement. In the next release, I would like to see global load balancing and the ability to connect to networks not physically attached to the individual device (VPNs or point-to-point connections, for example).
If I had to pick an area for improvement, I think it would be direct integration with the template library. At present, you need to download the templates from the Kemp support portal and then upload them onto the LoadMaster. It would be much easier to have the management interface directly integrate with the Kemp Support library, allowing you to choose the desired template from the online catalog to then directly download to the LoadMaster.
I've only used the virtual version of the small LoadManager (VLM-500), but on the "improvement" side my comment would be about the equivalent hardware based LM (LM-X1) to offer redundant power supply like the more beefier KEMP models do. No matter the size, the role played by these solutions tend to be critical for the business.
Perhaps Kemp could offer some training videos.
We have experienced at least one problem with stability, although it was fixed with an upgrade.
I definitely think that the WAF can be improved. We have had several issues for which, at times some our services that were being run through the kemp would stop working. It was strange because everything showed green. Their first solution was to enable/disable the WAF and it worked. But then at time it stopped again and it required further investigation with Kemp support in which logs were needed to be turned on and collected to analyze the behavior.
When we go serverless, we may again have to revisit this because the configuration needs to be changed. With this change, we can run into a lot of other configurations that we haven't got into, which involve additional expenses. It would be challenging to convince management to buy at that price point. It would be a balancing act of justifying that expense and the value, that is, how it is going to save a bit of time and make our platform secure. It can have better configuration ability. A lot of iterations happen when we have multiple servers pointing to the same domain. If we do not orchestrate carefully, it gets into a loop, which takes away the precious time of the user who is trying to subscribe to a service. It takes a little longer time to realize services as well as web pages.
We experienced a brief period of instability.
Out of the box, the LoadMaster provides real-time statistics regarding connections to the real servers, as well as to the virtual services. We see the number of connections in the last 5/30/60 minutes, and current active connections as well. However, it would be nice if we were able to drill in further to see the actual IP addresses that made up these connections, whether they were coming from the internet or internal, and possibly the option to disconnect certain active connections. The historical graphs showing CPU metrics and the network is useful, as well. It would be nice if the historical metrics were easily exportable from the interface.
The configuration of the basic services is pretty straight forward but for more complex solutions, there needs to be better documentation or knowledge base articles. The knowledge base that is there is well done, but it would be excellent to see it expanded out. For those fringe installations, technical support is more than willing to assist. The one thing that I would love to see implemented is the ability for Kemp to automate certificate creation through Let's Encrypt. That way I can cut back on my cost of certificates and also pushes towards a more centralized location for certificate management.
In the next release, Kemp should include the ability for LoadMaster to create different DNS record types.
It works well, we really can't think of anything to make it easier They have templates that you can import that do most of the work for you anyways. If I had to change something it would maybe be to have a little better reporting graphics that show more details in the reporting. It seems to be a little small in the graphic, and I'm not sure if possible but maybe a GUI page that one can use to monitor if any server goes down. And not sure a full login, so we can login to another page if something happens. Besides better GUI things i'm not sure.
I can think of three things that would be nice; First, it would be helpful if the GEO function was built into every device. The cost of the GEO upgrade is not cost-prohibitive but it's something that would be a nice add-in, out of the box. The second is the throughput. If the device was licensed based on the throughput then we could upgrade hardware to get better transactional throughput. Third, if they had dual power supply options on the lower end models it would be helpful because I may be a smaller shop with only 35 servers, but I still rely on dual power supplies whenever possible.
I would like to see more automation and control of overactive and inactive resources. If I could schedule these around our updates then it would be all automated. I would like to set up an automated script to coincide with the scripts I use to update resources and servers. If I update a server on Wednesday then I would use Kemp to automate the server being taken out of service before and then put back into service after. That could streamline the whole update process and it should do some simple checks and tests to make sure the server or resource is reliable and able to be reached.
Certificate installations could be simplified and modernized, and allowed to be monitored for expirations/issues. We had a particular issue where we believed the Kemp LoadMaster was to blame for service disruption of a particular VIP (virtual-IP) based service, based on the supporting evidence. In the end, it was actually expired certificates downstream, which was not the Kemp's fault per se but it would have helped greatly and reduced our time with support if the Kemp had an alert for this type of problem, without needing to search logs/packet capture.
The product could be improved by making the SSL Offloading easier.
Have a better UI can attract more customers. Multiple SSL uploads for a single VIP can be added in the future. Prices on their maintenance plans should be reduced, as it would be better for the users. It doesn't run well in Hyper-V or at least, it didn't when I bought it. I really don't like the way the logs are presented in the software. A lot of the information in the logs is only meaningful to the Kemp Support Team.
In the web interface, there are a lot of settings in the different menus and it would be helpful if there were an interactive help system or tooltips to help the administrators find and configure the right settings. The configuration of "standard" services is quite easy but when you configure more advanced settings, it's no longer easy and can be challenging. The Kemp Load Balancer is a very good product out of the VMware ISO (Box). Sometimes, you feel years back in the web interface but it's just cosmetic.
The one area that really could be improved upon is the GUI. Over the last several major versions, the GUI has remained virtually unchanged and still seems lacking. Since there is no "save" or "confirm" button, it is very easy to accidentally make a change on a live, production VIP, or endpoint. Adding some sort of saving or confirming mechanism in the GUI would be nice and would make it seem more modern. This is not a show stopper for us, but really just a "nice to have". Overall, there is little that needs to be improved with this product.
It would be very helpful to get all the http/https session logs by default in the log monitor without activating debugging mode like an apache web sever natively does
From my point of view, the only minor thing that needed to be improved is log management. It has all types of logs and they are very detailed, but it's a little bit hard to search for a single event. Log management is critical for investigating an attack or unwanted behavior. Since they have a lot of logs, it takes a lot of time to look for a specific event. Also, for the WAF, it would be great if they can provide a dashboard or insight dashboard for WAF logs. other than that there is nothing need to be improved from kemp
Overall, the Kemp appliance seems to have performed very well for me over the years. If there is anything that needs to be updated, the GUI can get a refresh to make it look more like 2020, although it is just a cosmetic change. It would be a plus if there were a real-time live traffic capture that allows administrators to see the current traffic that is coming into the appliance. Currently, you can only start the TCPdump capture and have the information logged into a file. Maybe a configurable dashboard to show more detail about each VS service would be welcome.
So far, the only hitch we have run into is that would have been nice to have an easier method to add allow/whitelist entries into the Access Control lists for virtual services. Following an upgrade, we inadvertently lost all of our Access Control whitelist entries on one of our virtual services. Thankfully we had a backup of them, but to plug them back in, we had to enter them all manually. This ended up being a bit of a pain. It would be great if there was a way to upload a .CSV file of ACL entries into the access control list, rather than having to add them one at a time.
The configuration of basic services is pretty straightforward but when you want to configure more advanced settings like the Edge Security Pack feature, it can be somewhat challenging! Even with the documentation, I had to contact the support to get help set this up properly. I think there should be more visual instructions on how to configure advanced features. Support-wise, I've nothing to complain about. The support technicians are knowledgeable and were able to quickly help me set up and get things working. The logging feature is somewhat archaic, as you have to go through text files. I think they should implement something more user-friendly for logging.
The only thing that I miss is that the TMG server was giving me live information about who is connected and what is the request about. Details include the username, etc. I know Kemp gives you some live load info, but not the authentication data unless I am not aware of it.
Obviously, there are a lot of moving parts and fields\settings on Kemp LoadMaster. Not all the settings are easily understandable. It would be helpful if there were a way to incorporate tooltips on the fields so that we don't have to dig through documentation. I don't expect the software to assist in migrations, but it would be a plus if they had more documentation on Exchange migrations with Kemp and specific changes that need to be made. However, support is very knowledgeable and assisted us. I would like to see an increase in the knowledge base on technical issues or common troubles.
Overall, the Kemp LoadMaster has been an all-rounder great product and stable. The free trial and virtual edition make it a breeze for any potential customer to give it a spin before actually deciding to put it on the infrastructure or even talk to the CFO. Kemp could create a more structured lab oriented training program as part of its certification bundled with an online cloud lab that makes it easy for a client to learn and try out the Kemp LoadMaster immediately. The sales team would also benefit from this cloud lab service.
It should be more customizable and perhaps more like NetScaler in that regard. Although Kemp is very user-friendly, it lacks a more custom configuration. I would like to see this solution more customizable in the next release.
We would like to see them improve the security by putting a well trusted and very efficient WAF inside the appliance. They currently use an open-source solution for this, but it would be great to include a more secure one because it would be a complete solution in terms of load balancing and security. We are currently researching WAF solutions to implement for our perimeter, so it is on the radar for our model. The GUI is rather technical and complex, so it could be improved by making it simpler and more user-friendly. This is a very powerful solution that gives you an edge, but some of the features are hard to understand. For example, the configuration values are difficult. The templates help in this regard. Each value is explained in the documentation, but it still needs to be simpler. I would like to see Active Directory integration for authentication of the admin role, so the usernames are not on the local appliance.
There are plenty of features that are lacking in my opinion: * The auth website of ESP is really lacking. It’s not responsive (mobile friendly) and the procedure of changing the website is difficult. We tend to avoid using pre-auth for that reason, and it's really a shame. * Several elements of the GUI need work. For example, if you have many content switches, it’s difficult to find the ones you need. And where is the search feature? * If you want logging for SMTP traffic, you have to enable ESP, which requires you to define allowed IP addresses. That’s irritating, to say the least. * Using the GUI to view log files is tedious. A nice log parser would help. * It lacks an officially supported, well-written SCOM Management Pack.