1 / 55

Using a Load Balancer in Your Microsoft Exchange Server 2010 Environment

EXL307. Using a Load Balancer in Your Microsoft Exchange Server 2010 Environment. Jaap Wesselius Managing Consultant & Exchange MVP Inovativ UC. About the Speaker. Jaap Wesselius Managing partner Inovativ UC Author of “ Exchange 2010 SP1 – A practical approach ”

aderyn
Download Presentation

Using a Load Balancer in Your Microsoft Exchange Server 2010 Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EXL307 Using a Load Balancer in Your Microsoft Exchange Server 2010 Environment JaapWesselius Managing Consultant & Exchange MVP Inovativ UC

  2. About the Speaker JaapWesselius Managing partner Inovativ UC • Author of “Exchange 2010 SP1 – A practical approach” • Parts published on Technet Magazine • Contributor to the blogs: • MSExchange.org • Simple-Talk.com • Jaapwesselius.com

  3. Agenda • Introduction • Load balancing essentials • Exchange 2010 and what is means for load balancing • Hardware load balancers • Load balancing resources • Summary

  4. INTRODUCTION

  5. Why do you want to load balance? • Redundancyandscalability Exchange 2010 multi-rolewith DAG

  6. History of Load Balancing • WLBS appears first in NT4 • Renamed to NLB in Windows 2000 • Still available in Windows 2008 R2 • In the NT4 timeframe there was no Exchange LB • Only (static) web sites • NLB is configured as a service on Client Access Servers • Running in unicast or multicast mode • Works fine, but there are some drawbacks…

  7. Drawback in Windows NLB • Switch/port flooding when used in Unicast mode • Scalability with more than 8 nodes • Not Service Aware • Add/Remove node causes reconnect • Only Source IP for persistence • Cannot be combined with DAG • Multi-role server recommendation http://bit.ly/qKA9nP • TechEd 2010: Microsoft recommends Hardware LB • But is NLB supported? Yes, absolutely!

  8. Hardware Load Balancers • Also referred to as ‘Application Delivery Controller’ • Separate ‘node’ in network, independent of Windows • Smart load distribution • Service aware • Multiple persistence options • Compression options • SSL offloading • Caching of OWA attachments • Packet shaping or packet stream modifications

  9. Take aways • Load balance Exchange forscalabilityand recovery • Microsoft recommends hardware load balancer • Windows NLB is stillsupported, but has some drawbacks

  10. Load Balancer Essentials

  11. Load Balancing Essentials (1/1) • Setup of hardware load balancer • One arm vs two arm setup • Routing with hardware load balancer • Source NAT • Direct Server Return (DSR) • Load Balancer Default Gateway (LBDG)

  12. Load Balancing Essentials (2/2) • Persistence • HTTP header • Cookies • Source IP • SSL session ID • Distribution • Roundrobin • Leastconnections

  13. Load Balancer Virtual Service • ‘Instance’ running on load balancer • Own FQDN and IP addressand port number, alsoreferredto as virtual IP (VIP) • Each service has itsownsettingsfor: • Persistence • Distribution • Time-out • SSL offload • Load balancercan have multiple virtual services • Eachvendorusesitsownnamingconvention!

  14. Load Balancing EssentialsBasic layout Exchange 2010 multi-rolewith DAG

  15. One Arm Load Balancer • OneArmed, i.e. oneNIC • Virtual IP configuredin samesubnet • Cancauserouting issues, Exchange shoulduseLB as default gateway • Routing via Source NAT (SNAT) or via Direct Server Return (DSR)

  16. One Arm SourceNAT Pckt Source IP Dest. IP Description 1 10.10.0.200 10.10.0.11 User tovIPloadbalancer 2 10.10.0.10 10.10.0.2 LB Self IP to EXCH02 3 10.10.0.2 10.10.010 EXCH02 to LB Self IP 4 10.10.0.11 10.10.0.200 LB vIPto User 1 4 2 10.10.0.200 3

  17. One Arm Direct Server Return (DSR) (1/2) Pckt Source IP Dest. IP Description 1 10.10.0.200 10.10.0.11 User tovIPloadbalancer 2 10.10.0.10 10.10.0.2 LB Self IP to EXCH02 3 10.10.0.2 10.10.0.200 EXCH02 to User ? 1 2 3 10.10.0.200

  18. One ArmDirect Server Return (2/2) • Client does NOT expect IP address of CAS server • DSR Requirements: • No NAT but routing • Loopback adapter on CAS with VIP • Layer 7 persistence not supported • More complex: use Source NAT!

  19. Two Arm Load Balancer • Two Armed, i.e two NIC’s • HLB Connected to two networks • vIPin subnet1, servers in subnet2 • Source NAT or load balancer default gateway

  20. Two arm Load BalancerSource NAT 1 4 2 3 Pckt Source IP Dest. IP Description 1 172.16.0.100 172.16.0.1 User tovIPloadbalancer 2 10.10.0.10 10.10.0.2 LB IP internalto EXCH02 3 10.10.0.2 10.10.010 EXCH02 to LB IP internal 4 172.16.0.1 172.16.0.100 LB vIPto User

  21. Persistence • per·sist·ence    [per-sis-tuhns] • Dictionary reference: • the act or fact of persisting. • the quality of being persistent: You have persistence, I'll say that for you. • continued existence or occurrence: the persistence of smallpox. • the continuance of an effect after its cause is removed.

  22. PersistenceOptions • Persistence is also referred to as stickyness or affinity • Statefulconnection • Persistence is NOT load distribution! • SSL Session ID • Cookies • Source IP • Hash persistence (sometimes SuperHTTPS) • Cookie and Hash need SSL offload!

  23. SSL offloading (1/2) • SSL offloading means smart persistence • SSL is terminated at Load Balancer • Offloads intensive processor utilization from Client Access Server • Load Balancer to Exchange can be SSL • No offloading means only Source IP persistence or SSL Session ID persistence

  24. SSL offloading (2/2) • WIKI: How toconfigure SSL offloadingin Exchange 2010 • OWA registrykey • HKLM\System\CurrentControlSet\Services\MSExchangeOWA • REG_DWORD SSLOffloaded, value“1” • IIS manager SSL settings • Outlook Anywhere: uncheckin Management Console • Exchange 2010 RTM usesweb.configforconfiguration

  25. Powershell commands for SSL offloading • Set-OutlookAnywhere –Identity "$($env:COMPUTERNAME)\RPC (Default Web Site)" -SSLOffloading $true • New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\MSExchange OWA' -Name SSLOffloaded -Value 1 -PropertyType DWORD • Import-Module webadministration • Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS:\ -Location "Default Web Site/OWA" • Set-WebConfigurationProperty -Filter //security/access -name sslflags -Value "None" -PSPath IIS:\ -Location "Default Web Site/ECP" • iisreset/noforce

  26. Traffic patternsand Load Balancing Solution? Use Cookie based persistence 62.4.8.11 Broadband or mobile provider CAS01 SNAT 10.15.8.1 12.6.18.5 Load Balancer CAS02 Uh oh… CAS03 10.2.8.5 10.18.7.3

  27. Take aways • Transparency is key! • One arm or two arm configuration • Routing your Exchange traffic • Persistence

  28. Exchange 2010 andwhatit means for load balancing

  29. Hardware Load Balancer in Exchange 2010Trafficpatterns

  30. Client Protocols in Exchange 2010 • HTTPS • MAPI • POP3 • IMAP4 • SMTP • Public Folder is nothandled by CAS!

  31. Persistencerequirements

  32. Client Access Server Array (CAS Array) • CAS Array is MAPI endpoint (FQDN) • RPCClientAccessServer property on mailbox database • Create Virtual Service withthis FQDN and VIP on load balancer

  33. RPC Client Access • MAPI uses port 135 (static) plus dynamic ports (high range) for RPC and Address Book • Use static ports • Registry entries to control behavior • MAPI is statefulsession • Source IP is only persistence option! • Round Robin distribution • Least connection can ‘overboost’ CAS after reboot

  34. RPC Static Ports • WIKI page “ConfigureStatic RPC Ports on an Exchange 2010 Client Access Server” – http://bit.ly/LnTQ7n • MSExchangeRPC: • HKLM\System\CurrentControlSet\Services\MSExchangeRPC • REG_DWORD TCP/IP with port number • AddressBook Service: • HKLM\System\CurrentControlSet\Services\MSExchangeAB\Parameters • REG_SZkeyRpcTcpPortwith port number • Don’tforget Public Folders!

  35. Powershell commands for static ports • New-Item HKLM:\SYSTEM\CurrentControlSet\services\MSExchangeRPC\ParametersSystem • Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\services\MSExchangeRPC\ParametersSystem "TCP/IP Port" 59532 -type dword • New-Item HKLM:\SYSTEM\CurrentControlSet\services\MSExchangeAB\Parameters • Set-ItemPropertyHKLM:\SYSTEM\CurrentControlSet\services\MSExchangeAB\Parameters RpcTcpPort59533 -type string

  36. Outlook Anywhere • Persistence recommended • Source IP • Outlook 2010: OutlookSession Cookie • OA ends on CAS (IIS) and continues in RPCPROXY.DLL on CAS • Does not use MAPI VIP • If persistence is not used RPC_IN_DATA and RPC_OUT_DATA are used for alignment • Performance penalty

  37. HTTPS – OWA and ECP • OWA and ECP are statefulsessions • Source IP can be used (with large IP range) • SSL offload can be disabled for OWA/ECP • HTTPS persistence options can be used • Cookies, Hash or SuperHTTP • SSL offload must be used for OWA/ECP

  38. Exchange Web Services • EWS is statefulsession • Cookie persistence is recommended • Some mobile clients have issues with cookies • SSL Session IS (if clients do NOT re-initiate!)

  39. ActiveSync • Persistence is recommended but not required • No persistence = performance penalty • Basic Authentication, use Authorization header:Basic ZmFrZXVzZXI6eCRwSUFLOUBwOSE= • Possible issues: • Mobile operator can use limited set of IP’s (Source NAT issues) • SSL Session ID: re-negotiation of Session ID

  40. Client Access Server Vdirsettings • AutoDiscoverServiceInternalUri = NLB • Web Services InternalNLBBypassURL is set to the Server FQDN

  41. Take aways • Thinkaboutworkloadsandtheirrequirements • Usestaticportsfor MAPI • Depending on vendoruse multiple Virtual Services(check withvendor!)

  42. Load balancing resources andvendors

  43. Exchange 2010 load balancing resources • Wiki: Exchange 2010 Client Access Array and Load Balancing Resources on http://bit.ly/JOPxNi • Technet videos, articles, vendor documentation, load balancer sizing tools • Load Balancer qualification program http://technet.microsoft.com/en-us/exchange/gg176682.aspx

  44. Hardware Load Balancervendors

  45. Software Load Balancervendors

  46. Summary

  47. Summary • Hardware load balancer is recommended, but NLB canstillbeused • Thinkabout the Exchange workload • Important aspects are • Transparency • Routing • Persistence • Check withyourvendor!

  48. Additional Resources • Exchange 2010 LB Deployment http://bit.ly/g7QwPy • WIKI CAS Load Balancing – http://bit.ly/JOPxNi • TechnetVideos, Community Articles, Vendor documentation, Load Balancer sizing tools

  49. Track Resources • Exchange Team Blog: http://blogs.technet.com/b/exchange/ • Exchange TechNet Tech Center: http://technet.microsoft.com/exchange • Geek Out with Perry Blog: http://blogs.technet.com/b/perryclarke/ • MEC Website and Registration: http://www.mecisback.com/

More Related