/
Using a Load Balancer in Your Microsoft Exchange Server 201 Using a Load Balancer in Your Microsoft Exchange Server 201

Using a Load Balancer in Your Microsoft Exchange Server 201 - PowerPoint Presentation

liane-varnes
liane-varnes . @liane-varnes
Follow
541 views
Uploaded On 2015-12-10

Using a Load Balancer in Your Microsoft Exchange Server 201 - PPT Presentation

Jaap Wesselius Managing Consultant amp Exchange MVP Inovativ UC EXL307 About the Speaker Jaap Wesselius Managing partner Inovativ UC Author of Exchange 2010 SP1 A practical approach ID: 220556

exchange load balancer persistence load exchange persistence balancer ssl microsoft source nlb 2010 fqdn server http services balancing resources

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Using a Load Balancer in Your Microsoft ..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

Using a Load Balancer in Your Microsoft Exchange Server 2010 Environment

Jaap WesseliusManaging Consultant & Exchange MVPInovativ UC

EXL307Slide2

About the Speaker

Jaap WesseliusManaging partner

Inovativ UCAuthor of “Exchange 2010 SP1 – A practical approach”Parts published on

Technet

Magazine

Contributor to the blogs:MSExchange.orgSimple-Talk.comJaapwesselius.comSlide3

Agenda

IntroductionLoad balancing essentialsExchange 2010 and what is means for load balancingHardware load balancersLoad balancing resourcesSummarySlide4

INTRODUCTIONSlide5

Why do you want

to load balance?Redundancy

and scalabilityExchange 2010 multi-role with DAGSlide6

History of Load Balancing

WLBS appears first in NT4Renamed to NLB in Windows 2000Still available in Windows 2008 R2In the NT4 timeframe there was no Exchange LBOnly (static) web sitesNLB is configured as a service on Client Access Servers

Running in unicast or multicast modeWorks fine, but there are some drawbacks…Slide7

Drawback in Windows NLB

Switch/port flooding when used in Unicast modeScalability with more than 8 nodesNot Service AwareAdd/Remove node causes reconnectOnly Source IP for persistenceCannot be combined with

DAGMulti-role server recommendation http://bit.ly/qKA9nP TechEd 2010: Microsoft recommends Hardware LBBut is NLB supported? Yes, absolutely!Slide8

Hardware Load Balancers

Also referred to as ‘Application Delivery Controller’Separate ‘node’ in network, independent of WindowsSmart load distributionService awareMultiple persistence options

Compression optionsSSL offloadingCaching of OWA attachmentsPacket shaping or packet stream modificationsSlide9

Take aways

Load balance Exchange for scalability and recovery

Microsoft recommends hardware load balancerWindows NLB is still supported, but has some drawbacksSlide10

Load

Balancer EssentialsSlide11

Load Balancing Essentials (1/1)

Setup of hardware load balancerOne arm vs two arm setupRouting with hardware load balancerSource NAT

Direct Server Return (DSR)Load Balancer Default Gateway (LBDG)Slide12

Load Balancing Essentials (2/2)

PersistenceHTTP headerCookiesSource IPSSL session IDDistributionRound robin

Least connectionsSlide13

Load Balancer Virtual Service

‘Instance’ running on load balancerOwn FQDN and

IP address and port number, also referred to as virtual IP (VIP)Each service has its

own

settings for:PersistenceDistribution

Time-outSSL offloadLoad balancer can have multiple virtual servicesEach

vendor uses its own naming convention!Slide14

Load Balancing Essentials

Basic layoutExchange 2010 multi-role with

DAGSlide15

One Arm Load Balancer

One Armed, i.e. one NICVirtual IP

configured in same subnetCan cause routing issues, Exchange should use LB as default gateway

Routing via Source NAT (SNAT) or via Direct Server Return (DSR)Slide16

One

Arm

Source NAT

Pckt

Source IP

Dest

. IP

Description

1

10.10.0.200 10.10.0.11 User

to

vIP

loadbalancer

2

10.10.0.10 10.10.0.2 LB

Self

IP

to

EXCH02

3

10.10.0.2 10.10.010 EXCH02

to

LB

Self

IP

4

10.10.0.11 10.10.0.200 LB

vIP

to

User

10.10.0.200

1

2

3

4Slide17

One Arm

Direct Server Return (DSR) (1/2)

Pckt

Source IP

Dest

. IP

Description

1

10.10.0.200 10.10.0.11 User

to

vIP

loadbalancer

2

10.10.0.10 10.10.0.2 LB

Self

IP

to

EXCH02

3

10.10.0.2 10.10.0.200 EXCH02

to

User

10.10.0.200

1

2

3

?Slide18

One Arm

Direct Server Return (2/2)Client does NOT expect IP address of CAS serverDSR Requirements:

No NAT but routingLoopback adapter on CAS with VIPLayer 7 persistence not supportedMore complex: use Source NAT!Slide19

Two

Arm Load

BalancerTwo Armed, i.e two NIC’sHLB Connected to two networks

v

IP

in subnet1, servers in subnet2Source NAT or load balancer default gatewaySlide20

Two

arm Load

BalancerSource NAT

Pckt

Source IP

Dest

. IP

Description

1 172.16.0.100 172.16.0.1 User to

vIP loadbalancer

2 10.10.0.10 10.10.0.2 LB IP internal to EXCH02

3

10.10.0.2 10.10.010 EXCH02

to

LB IP

internal

4 172.16.0.1

172.16.0.100 LB

vIP

to

User

1

2

3

4Slide21

Persistence

per·sist·ence    [per-sis-tuhns]Dictionary reference:the act or fact of persisting. the quality of being persistent: You have persistence, I'll say that for you.

continued existence or occurrence: the persistence of smallpox. the continuance of an effect after its cause is removed. Slide22

Persistence

OptionsPersistence is also referred to as stickyness or affinityStateful

connectionPersistence is NOT load distribution!SSL Session IDCookiesSource IPHash persistence (sometimes SuperHTTPS)Cookie and Hash need SSL offload!Slide23

SSL offloading (1/2)

SSL offloading means smart persistenceSSL is terminated at Load BalancerOffloads intensive processor utilization from Client Access ServerLoad Balancer to Exchange can be SSL

No offloading means only Source IP persistence or SSL Session ID persistenceSlide24

SSL offloading (2/2)

WIKI: How to configure SSL offloading in Exchange 2010OWA

registry keyHKLM\System\CurrentControlSet\Services\MSExchange OWA

REG_DWORD

SSLOffloaded

, value “1”

IIS manager SSL settingsOutlook Anywhere: uncheck in Management ConsoleExchange 2010 RTM

uses web.config for configurationSlide25

Powershell commands for SSL offloading

Set-OutlookAnywhere –Identity "$($env:COMPUTERNAME)\RPC (Default Web Site)" -SSLOffloading $true

New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -Name SSLOffloaded -Value 1 -PropertyType DWORD Import-Module webadministration

Set-

WebConfigurationProperty

-Filter //security/access -name sslflags -Value "None" -PSPath IIS:\ -Location "Default Web Site/OWA"

Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS:\ -Location "Default Web Site/ECP"iisreset

/noforceSlide26

Traffic patterns and

Load Balancing

CAS01

CAS02

CAS03

Load Balancer

SNAT

10.15.8.1

10.2.8.5

10.18.7.3

62.4.8.11

12.6.18.5

Uh oh…

Solution? Use Cookie based persistence

Broadband or mobile providerSlide27

Take aways

Transparency is key!One arm or two arm configuration

Routing your Exchange trafficPersistenceSlide28

Exchange 2010

and what it means for load

balancingSlide29

Hardware Load Balancer

in Exchange 2010Traffic patternsSlide30

Client Protocols in Exchange 2010

HTTPSMAPIPOP3IMAP4SMTPPublic Folder is not

handled by CAS!Slide31

Persistence requirements

Persistence: Required

Persistence: RecommendedPersistence: Not Required

RPC Client Access Service

Outlook Anywhere

Offline Address

Book

Outlook Web AppExchange Active Sync

AutoDiscoverExchange Control PanelAddress Book Service

POP3Exchange Web ServicesRemote PowerShellIMAP4Slide32

Client Access Server Array (CAS Array)

CAS Array is MAPI endpoint (FQDN)RPCClientAccessServer property on mailbox database Create Virtual Service with

this FQDN and VIP on load balancerSlide33

RPC Client Access

MAPI uses port 135 (static) plus dynamic ports (high range) for RPC and Address BookUse static portsRegistry entries to control behaviorMAPI is stateful sessionSource IP is only persistence option!

Round Robin distributionLeast connection can ‘overboost’ CAS after rebootSlide34

RPC Static Ports

WIKI page “Configure Static RPC Ports on an Exchange 2010 Client Access Server” –

http://bit.ly/LnTQ7n MSExchangeRPC:HKLM\System\CurrentControlSet\Services\MSExchangeRPCREG_

DWORD

TCP/IP

with port numberAddress

Book Service:HKLM\System\CurrentControlSet\Services\MSExchangeAB\Parameters

REG_SZ key RpcTcpPort

with port numberDon’t forget Public Folders!Slide35

Powershell commands for static ports

New-Item HKLM:\SYSTEM\CurrentControlSet\services\MSExchangeRPC\ParametersSystem

Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\services\MSExchangeRPC\ParametersSystem "TCP/IP Port" 59532 -type dwordNew-Item HKLM:\SYSTEM\CurrentControlSet\services\

MSExchangeAB

\Parameters

Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\services\MSExchangeAB

\Parameters RpcTcpPort 59533 -type stringSlide36

Outlook Anywhere

Persistence recommendedSource IPOutlook 2010: OutlookSession CookieOA ends on CAS (IIS) and continues in RPCPROXY.DLL on CASDoes not use MAPI VIPIf persistence is not used

RPC_IN_DATA and RPC_OUT_DATA are used for alignmentPerformance penaltySlide37

HTTPS – OWA and ECP

OWA and ECP are stateful sessionsSource IP can be used (with large IP range)SSL offload can be disabled for OWA/ECPHTTPS persistence

options can be usedCookies, Hash or SuperHTTPSSL offload must be used for OWA/ECPSlide38

Exchange Web Services

EWS is stateful sessionCookie persistence is recommendedSome mobile clients have issues with cookiesSSL Session IS (if clients do NOT re-initiate!)Slide39

ActiveSync

Persistence is recommended but not requiredNo persistence = performance penaltyBasic Authentication, use Authorization header:Basic ZmFrZXVzZXI6eCRwSUFLOUBwOSE= Possible issues:Mobile operator

can use limited set of IP’s (Source NAT issues)SSL Session ID: re-negotiation of Session IDSlide40

Client Access Server Vdir settings

AutoDiscoverServiceInternalUri = NLB Web Services InternalNLBBypassURL is set to the Server FQDN

Virtual DirectoryInternalURL

ExternalURL

(

Internet Facing AD Site)ExternalURL (Non-Internet Facing AD Site)

/OWAServer FQDNNLB FQDN$null

/ECPNLB FQDNNLB FQDN

$null/Microsoft-Server-ActiveSyncNLB FQDNNLB FQDN

$null/OABNLB FQDN

NLB FQDN$null/EWSNLB FQDN

NLB FQDN

$nullSlide41

Take aways

Think about workloads and their

requirementsUse static ports for MAPIDepending on vendor use

multiple Virtual Services

(check

with vendor!)Slide42

Load

balancing resources and vendorsSlide43

Exchange 2010 load balancing resources

Wiki: Exchange 2010 Client Access Array and Load Balancing Resources on http://bit.ly/JOPxNiTechnet videos, articles, vendor documentation, load balancer sizing toolsLoad Balancer

qualification programhttp://technet.microsoft.com/en-us/exchange/gg176682.aspxSlide44

Hardware Load Balancer vendorsSlide45

Software Load Balancer vendorsSlide46

SummarySlide47

Summary

Hardware load balancer is recommended, but NLB can still be

usedThink about the Exchange workloadImportant aspects are TransparencyRouting

Persistence

Check

with your vendor!Slide48

Additional Resources

Exchange 2010 LB Deployment http://bit.ly/g7QwPyWIKI CAS Load Balancing – http://bit.ly/JOPxNiTechnet

Videos, Community Articles, Vendor documentation, Load Balancer sizing toolsSlide49

Geek Out with Perry Blog:

http://blogs.technet.com/b/perryclarke

/

Track Resources

Exchange

Team Blog:

http://blogs.technet.com/b/exchange

/

Exchange

TechNet Tech Center:

http://technet.microsoft.com/exchange

MEC Website

and Registration:

http://www.mecisback.com

/Slide50
Slide51

Resources

Connect. Share. Discuss.

http://northamerica.msteched.com

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Resources for Developers

http://microsoft.com/msdn Slide52

Required Slide

Complete an evaluation on CommNet and enter to win!Slide53

MS Tag

Scan the Tag

to evaluate this

session now on

myTechEd

MobileSlide54

©

2012 Microsoft

Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the

part

of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.

MICROSOFT

MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.Slide55