Jaap Wesselius Managing Consultant amp Exchange MVP Inovativ UC EXL307 About the Speaker Jaap Wesselius Managing partner Inovativ UC Author of Exchange 2010 SP1 A practical approach ID: 463953
Download Presentation The PPT/PDF document "Using a Load Balancer in Your Microsoft ..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Using a Load Balancer in Your Microsoft Exchange Server 2010 Environment
Jaap WesseliusManaging Consultant & Exchange MVPInovativ UC
EXL307Slide2
About the Speaker
Jaap WesseliusManaging partner
Inovativ UCAuthor of “Exchange 2010 SP1 – A practical approach”Parts published on
Technet
Magazine
Contributor to the blogs:MSExchange.orgSimple-Talk.comJaapwesselius.comSlide3
Agenda
IntroductionLoad balancing essentialsExchange 2010 and what is means for load balancingHardware load balancersLoad balancing resourcesSummarySlide4
INTRODUCTIONSlide5
Why do you want
to load balance?Redundancy
and scalabilityExchange 2010 multi-role with DAGSlide6
History of Load Balancing
WLBS appears first in NT4Renamed to NLB in Windows 2000Still available in Windows 2008 R2In the NT4 timeframe there was no Exchange LBOnly (static) web sitesNLB is configured as a service on Client Access Servers
Running in unicast or multicast modeWorks fine, but there are some drawbacks…Slide7
Drawback in Windows NLB
Switch/port flooding when used in Unicast modeScalability with more than 8 nodesNot Service AwareAdd/Remove node causes reconnectOnly Source IP for persistenceCannot be combined with
DAGMulti-role server recommendation http://bit.ly/qKA9nP TechEd 2010: Microsoft recommends Hardware LBBut is NLB supported? Yes, absolutely!Slide8
Hardware Load Balancers
Also referred to as ‘Application Delivery Controller’Separate ‘node’ in network, independent of WindowsSmart load distributionService awareMultiple persistence options
Compression optionsSSL offloadingCaching of OWA attachmentsPacket shaping or packet stream modificationsSlide9
Take aways
Load balance Exchange for scalability and recovery
Microsoft recommends hardware load balancerWindows NLB is still supported, but has some drawbacksSlide10
Load
Balancer EssentialsSlide11
Load Balancing Essentials (1/1)
Setup of hardware load balancerOne arm vs two arm setupRouting with hardware load balancerSource NAT
Direct Server Return (DSR)Load Balancer Default Gateway (LBDG)Slide12
Load Balancing Essentials (2/2)
PersistenceHTTP headerCookiesSource IPSSL session IDDistributionRound robin
Least connectionsSlide13
Load Balancer Virtual Service
‘Instance’ running on load balancerOwn FQDN and
IP address and port number, also referred to as virtual IP (VIP)Each service has its
own
settings for:PersistenceDistribution
Time-outSSL offloadLoad balancer can have multiple virtual servicesEach
vendor uses its own naming convention!Slide14
Load Balancing Essentials
Basic layoutExchange 2010 multi-role with
DAGSlide15
One Arm Load Balancer
One Armed, i.e. one NICVirtual IP
configured in same subnetCan cause routing issues, Exchange should use LB as default gateway
Routing via Source NAT (SNAT) or via Direct Server Return (DSR)Slide16
One
Arm
Source NAT
Pckt
Source IP
Dest
. IP
Description
1
10.10.0.200 10.10.0.11 User
to
vIP
loadbalancer
2
10.10.0.10 10.10.0.2 LB
Self
IP
to
EXCH02
3
10.10.0.2 10.10.010 EXCH02
to
LB
Self
IP
4
10.10.0.11 10.10.0.200 LB
vIP
to
User
10.10.0.200
1
2
3
4Slide17
One Arm
Direct Server Return (DSR) (1/2)
Pckt
Source IP
Dest
. IP
Description
1
10.10.0.200 10.10.0.11 User
to
vIP
loadbalancer
2
10.10.0.10 10.10.0.2 LB
Self
IP
to
EXCH02
3
10.10.0.2 10.10.0.200 EXCH02
to
User
10.10.0.200
1
2
3
?Slide18
One Arm
Direct Server Return (2/2)Client does NOT expect IP address of CAS serverDSR Requirements:
No NAT but routingLoopback adapter on CAS with VIPLayer 7 persistence not supportedMore complex: use Source NAT!Slide19
Two
Arm Load
BalancerTwo Armed, i.e two NIC’sHLB Connected to two networks
v
IP
in subnet1, servers in subnet2Source NAT or load balancer default gatewaySlide20
Two
arm Load
BalancerSource NAT
Pckt
Source IP
Dest
. IP
Description
1 172.16.0.100 172.16.0.1 User to
vIP loadbalancer
2 10.10.0.10 10.10.0.2 LB IP internal to EXCH02
3
10.10.0.2 10.10.010 EXCH02
to
LB IP
internal
4 172.16.0.1
172.16.0.100 LB
vIP
to
User
1
2
3
4Slide21
Persistence
per·sist·ence [per-sis-tuhns]Dictionary reference:the act or fact of persisting. the quality of being persistent: You have persistence, I'll say that for you.
continued existence or occurrence: the persistence of smallpox. the continuance of an effect after its cause is removed. Slide22
Persistence
OptionsPersistence is also referred to as stickyness or affinityStateful
connectionPersistence is NOT load distribution!SSL Session IDCookiesSource IPHash persistence (sometimes SuperHTTPS)Cookie and Hash need SSL offload!Slide23
SSL offloading (1/2)
SSL offloading means smart persistenceSSL is terminated at Load BalancerOffloads intensive processor utilization from Client Access ServerLoad Balancer to Exchange can be SSL
No offloading means only Source IP persistence or SSL Session ID persistenceSlide24
SSL offloading (2/2)
WIKI: How to configure SSL offloading in Exchange 2010OWA
registry keyHKLM\System\CurrentControlSet\Services\MSExchange OWA
REG_DWORD
SSLOffloaded
, value “1”
IIS manager SSL settingsOutlook Anywhere: uncheck in Management ConsoleExchange 2010 RTM
uses web.config for configurationSlide25
Powershell commands for SSL offloading
Set-OutlookAnywhere –Identity "$($env:COMPUTERNAME)\RPC (Default Web Site)" -SSLOffloading $true
New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -Name SSLOffloaded -Value 1 -PropertyType DWORD Import-Module webadministration
Set-
WebConfigurationProperty
-Filter //security/access -name sslflags -Value "None" -PSPath IIS:\ -Location "Default Web Site/OWA"
Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS:\ -Location "Default Web Site/ECP"iisreset
/noforceSlide26
Traffic patterns and
Load Balancing
CAS01
CAS02
CAS03
Load Balancer
SNAT
10.15.8.1
10.2.8.5
10.18.7.3
62.4.8.11
12.6.18.5
Uh oh…
Solution? Use Cookie based persistence
Broadband or mobile providerSlide27
Take aways
Transparency is key!One arm or two arm configuration
Routing your Exchange trafficPersistenceSlide28
Exchange 2010
and what it means for load
balancingSlide29
Hardware Load Balancer
in Exchange 2010Traffic patternsSlide30
Client Protocols in Exchange 2010
HTTPSMAPIPOP3IMAP4SMTPPublic Folder is not
handled by CAS!Slide31
Persistence requirements
Persistence: Required
Persistence: RecommendedPersistence: Not Required
RPC Client Access Service
Outlook Anywhere
Offline Address
Book
Outlook Web AppExchange Active Sync
AutoDiscoverExchange Control PanelAddress Book Service
POP3Exchange Web ServicesRemote PowerShellIMAP4Slide32
Client Access Server Array (CAS Array)
CAS Array is MAPI endpoint (FQDN)RPCClientAccessServer property on mailbox database Create Virtual Service with
this FQDN and VIP on load balancerSlide33
RPC Client Access
MAPI uses port 135 (static) plus dynamic ports (high range) for RPC and Address BookUse static portsRegistry entries to control behaviorMAPI is stateful sessionSource IP is only persistence option!
Round Robin distributionLeast connection can ‘overboost’ CAS after rebootSlide34
RPC Static Ports
WIKI page “Configure Static RPC Ports on an Exchange 2010 Client Access Server” –
http://bit.ly/LnTQ7n MSExchangeRPC:HKLM\System\CurrentControlSet\Services\MSExchangeRPCREG_
DWORD
TCP/IP
with port numberAddress
Book Service:HKLM\System\CurrentControlSet\Services\MSExchangeAB\Parameters
REG_SZ key RpcTcpPort
with port numberDon’t forget Public Folders!Slide35
Powershell commands for static ports
New-Item HKLM:\SYSTEM\CurrentControlSet\services\MSExchangeRPC\ParametersSystem
Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\services\MSExchangeRPC\ParametersSystem "TCP/IP Port" 59532 -type dwordNew-Item HKLM:\SYSTEM\CurrentControlSet\services\
MSExchangeAB
\Parameters
Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\services\MSExchangeAB
\Parameters RpcTcpPort 59533 -type stringSlide36
Outlook Anywhere
Persistence recommendedSource IPOutlook 2010: OutlookSession CookieOA ends on CAS (IIS) and continues in RPCPROXY.DLL on CASDoes not use MAPI VIPIf persistence is not used
RPC_IN_DATA and RPC_OUT_DATA are used for alignmentPerformance penaltySlide37
HTTPS – OWA and ECP
OWA and ECP are stateful sessionsSource IP can be used (with large IP range)SSL offload can be disabled for OWA/ECPHTTPS persistence
options can be usedCookies, Hash or SuperHTTPSSL offload must be used for OWA/ECPSlide38
Exchange Web Services
EWS is stateful sessionCookie persistence is recommendedSome mobile clients have issues with cookiesSSL Session IS (if clients do NOT re-initiate!)Slide39
ActiveSync
Persistence is recommended but not requiredNo persistence = performance penaltyBasic Authentication, use Authorization header:Basic ZmFrZXVzZXI6eCRwSUFLOUBwOSE= Possible issues:Mobile operator
can use limited set of IP’s (Source NAT issues)SSL Session ID: re-negotiation of Session IDSlide40
Client Access Server Vdir settings
AutoDiscoverServiceInternalUri = NLB Web Services InternalNLBBypassURL is set to the Server FQDN
Virtual DirectoryInternalURL
ExternalURL
(
Internet Facing AD Site)ExternalURL (Non-Internet Facing AD Site)
/OWAServer FQDNNLB FQDN$null
/ECPNLB FQDNNLB FQDN
$null/Microsoft-Server-ActiveSyncNLB FQDNNLB FQDN
$null/OABNLB FQDN
NLB FQDN$null/EWSNLB FQDN
NLB FQDN
$nullSlide41
Take aways
Think about workloads and their
requirementsUse static ports for MAPIDepending on vendor use
multiple Virtual Services
(check
with vendor!)Slide42
Load
balancing resources and vendorsSlide43
Exchange 2010 load balancing resources
Wiki: Exchange 2010 Client Access Array and Load Balancing Resources on http://bit.ly/JOPxNiTechnet videos, articles, vendor documentation, load balancer sizing toolsLoad Balancer
qualification programhttp://technet.microsoft.com/en-us/exchange/gg176682.aspxSlide44
Hardware Load Balancer vendorsSlide45
Software Load Balancer vendorsSlide46
SummarySlide47
Summary
Hardware load balancer is recommended, but NLB can still be
usedThink about the Exchange workloadImportant aspects are TransparencyRouting
Persistence
Check
with your vendor!Slide48
Additional Resources
Exchange 2010 LB Deployment http://bit.ly/g7QwPyWIKI CAS Load Balancing – http://bit.ly/JOPxNiTechnet
Videos, Community Articles, Vendor documentation, Load Balancer sizing toolsSlide49
Geek Out with Perry Blog:
http://blogs.technet.com/b/perryclarke
/
Track Resources
Exchange
Team Blog:
http://blogs.technet.com/b/exchange
/
Exchange
TechNet Tech Center:
http://technet.microsoft.com/exchange
MEC Website
and Registration:
http://www.mecisback.com
/Slide50Slide51
Resources
Connect. Share. Discuss.
http
://europe.msteched.com
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Resources for Developers
http://microsoft.com/msdn Slide52
Evaluations
http://europe.msteched.com/sessionsSubmit your evals online Slide53
©
2012 Microsoft
Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the
part
of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT
MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.Slide54