Load Balancing Exchange and Lync Server 2013
advertisement
No application layer visibility Servers must be on same subnet as load balancer Advanced application logic can’t be applied Configuration may require deeper understanding of application and load balancer software SNAT or Direct Server Return (DSR) is required Load Balancer can be used as Default Gateway, only for clients from different subnet 10.0.0.11 10.1.0.51 10.0.0.1 10.0.0.51 10.0.0.10 10.0.0.12 10.0.0.13 10.0.0.14 SNAT or Direct Server Return (DSR) is required 10.0.0.11 10.1.0.51 10.0.0.51 10.0.0.1 10.1.0.10 10.0.0.12 10.0.0.10 10.0.0.13 10.0.0.14 Direct Server Return is required if load balancer isn’t default gateway Servers must be on same subnet as load balancer 192.168.0.51 10.0.0.11 192.168.0.10 10.0.0.12 10.0.0.10 10.0.0.13 10.0.0.14 10.1.0.11 10.0.0.12 192.168.0.51 10.0.0.10 10.0.0.13 10.0.0.14 Each server being load balanced must be configured for DSR Servers must be located on same subnet as load balancer New session established to the server without re-encryption of data Servers must be configured to expect unencrypted data Account for this if using vDir filtering at firewall/load balancer http://bit.ly/nlblimitations Namespace planning in Exchange 2013 - http://bit.ly/e15namespace Only one health probe possible (e.g. /owa/healthcheck.htm) Entire server removed from pool when health probe fails Pre-authentication is not possible at Layer 4 LB sees: IP address/Port No SSL Termination CAS Layer 4LB User Client makes request to FQDN: /ews/Exchange.asmx on TCP 443 LB forwards traffic to CAS with no idea of final URL CAS health check OWA ECP mail.contoso.com autodiscover.contoso.com Layer 4LB User EWS EAS OAB RPC MAPI AutoD CAS health check OWA ECP mail.contoso.com autodiscover.contoso.com Layer 4LB User EWS EAS OAB RPC MAPI AutoD SSL certificates require more names, increase in cost One IP per workload, more public IP addresses needed Costly, sometimes restrictive due to public IP availability Pre-authentication is not possible at Layer 4 mail.contoso.com ecp.contoso.com ECP ews.contoso.com eas.contoso.com oab.contoso.com oa.contoso.com mapi.contoso.com autodiscover.contoso.com CAS OWA EWS Layer 4LB User LB sees: IP address/Port No SSL Termination EAS OAB RPC MAPI AutoD Higher resource consumption on load balancer compared to Layer 4 Load Balancer configuration may require deeper understanding of product LB sees: IP address/Port/URL SSL Termination CAS Layer 7 LB User Client makes request to FQDN: /ews/Exchange.asmx on TCP 443 LB forwards traffic to CAS User CAS mail.contoso.com OWA ECP Layer 7 LB EWS EAS OAB RPC MAPI autodiscover.contoso.com AutoD Internet Authentication Audio Web Conference DMZ Internal Network Active Directory Lync 2013 Mobile Client Windows 8 Lync App Web Services Dialin/Meet Lync Front-End Pool Lync Edge Pool Load Balancer Mirrored Back-End Servers Load Balancer Office Web Apps Server Reverse Proxy Office Web App Lync 2013 Desktop client Lync 2013 Mobile Client Lync 2013 Desktop client Preferred method is to use DNS for SIP and load balancer for web services Hardware Load Balancer Ports if Using Only Hardware Load Balancing - http://bit.ly/1185Yvq Internet Authentication Audio Web Conference DMZ Internal Network Active Directory Lync 2013 Mobile Client Windows 8 Lync App Web Services Dialin/Meet Office Web App Lync Front-End Pool Lync Edge Pool Load Balancer Mirrored Back-End Servers Load Balancer Office Web Apps Server Reverse Proxy Lync 2013 Desktop client Lync 2013 Mobile Client Lync 2013 Desktop client
