The document discusses load balancing options for Exchange 2013 Client Access servers. It describes how the CAS role was changed in Exchange 2013 to be stateless and use HTTPS for all client interactions. This allows the use of layer 4 load balancers instead of more expensive layer 7 balancers. The document compares options like DNS round robin, Network Load Balancing (NLB), and hardware/virtual load balancers. It notes the improvements in Exchange 2013 that make load balancing easier to implement, like a single protocol and new authentication methods. The scenario at the end discusses a company implementing two Kemp load balancers using layer 7 for added functionality over layer 4.
The document discusses load balancing options for Exchange 2013 Client Access servers. It describes how the CAS role was changed in Exchange 2013 to be stateless and use HTTPS for all client interactions. This allows the use of layer 4 load balancers instead of more expensive layer 7 balancers. The document compares options like DNS round robin, Network Load Balancing (NLB), and hardware/virtual load balancers. It notes the improvements in Exchange 2013 that make load balancing easier to implement, like a single protocol and new authentication methods. The scenario at the end discusses a company implementing two Kemp load balancers using layer 7 for added functionality over layer 4.
The document discusses load balancing options for Exchange 2013 Client Access servers. It describes how the CAS role was changed in Exchange 2013 to be stateless and use HTTPS for all client interactions. This allows the use of layer 4 load balancers instead of more expensive layer 7 balancers. The document compares options like DNS round robin, Network Load Balancing (NLB), and hardware/virtual load balancers. It notes the improvements in Exchange 2013 that make load balancing easier to implement, like a single protocol and new authentication methods. The scenario at the end discusses a company implementing two Kemp load balancers using layer 7 for added functionality over layer 4.
Implement load balancing This objective may include but is not limited to: Configure namespace load balancing Configure Session Initiation Protocol (SIP) load balancing Plan for differences between layer seven and layer four load balancing methods Configure Windows Network Load Balancing (WNLB) The Company: From A to Z Eventaganza
Problem: They have HA of their Mailbox servers but not their CAS
Goal: Review options to provide solid load balancing and availability Scenario: Event Planners
Load balancing with 2010 was a real pain and was costly
Distributing MAPI traffic across an RPC CAS array was painful and the need for Layer 7 load balancers that included all these awesome features like SSL offloading, service level monitoring and so forth, was expensive
And that expense has to be considered in pairs because you need TWO load balancers per implementation if you wish to have redundancy of your balancers too
Client Access arrays and Exchange 2013: Not required Looking Backwards at 2010 The CAS role has been altered to be stateless and act as a proxy with no rendering done on the CAS
It authenticates a user and proxies the request back to the Mailbox server where the users mailbox resides where all the rendering is done
All client interaction is now done through HTTPS with Outlook Anywhere (even internal clients) so MAPI or RPC client access is not longer used for client interaction
The CAS role is now the entry point for UM. UM connects by sending a SIP request to the UM call router in the CAS which answers the request and sends a SIP redirection to the caller who can connect to the MB server through SIP and RTP directly Improvements to Exchange 2013 Client Access Affinity Load Balancers Client Access Server Mailbox Server Outlook or OWA End-User Mailbox Server Mailbox Server Client Access Server Client Access DAG There are some great improvements in the architecture of Exchange 2013 that make for a better load balancing/high availability implementation
For example, the use of only one protocol in HTTPS, a new method of handling HTTP cookies during forms based authentication, etc
The new authentication method where rendering is handled on the Mailbox side means (if all Client Access servers have the same SSL cert) the session can go through either CAS
These adjustments make it possible for Layer 4 load balancers to be used now Load Balancing Improvements For starters, to have higher availability or load balancing you need more than one Client Access server
To achieve both high availability and load balancing you can use: DNS round robin (no real load balancing) Network Load Balancing Hardware/Virtual load balancing CAS High Availability and Load Balancing Not the best option nor is it typically recommended over a hardware-based (or virtual) load balancer or even NLB
The failover takes place at the client level as it reaches out for a DNS record for your Client Access servers and is provided one of the options you have configured
Logically you need multiple CAS to make this work and you have to configure multiple A records for IP addresses of your CAS servers
Remember there is no true load balancing or automatic failover with round-robin DNS Round Robin NLB is built right into Windows Server OS and it allows you to distribute the load between your Client Access servers
You assign a virtual IP along with the typical IP address for each member of the NLB cluster
Because the client uses the VIP to connect, if a CAS is unavailable the NLB will connect the client to a different CAS
NLB is fine for labs and small environments where the expense of a hardware load balancer is an issue Windows Network Load Balancing NLB cannot be used with Exchange if the CAS is located on a Mailbox server part of a DAG (NLB is not compatible with Windows clustering)
NLB doesnt detect service outages (only outages by IP)
NLB can result in port flooding
Not a good solution for small IP pools because it only does client affinity using the source IP WNLB Limitations Also uses a virtual IP (VIP) but is much more sophisticated than NLB
Performance is better with a real load balancing solution Hardware-based (virtual) Load Balancing As mentioned a bit earlier the new architectural changes with regard to the Client Access server makes it so that you dont need all the expensive Layer 7 intelligence and a Layer 4 load balancer is typically all you need
Layer 4 load balancers (in a basic form) can also determine if a server is in a failure state or check for specific services (like OWA) and ensure it is up and running
Layer 4 load balancers cannot do is determine amongst multiple services if a single service is down and reroute just that service (that requires Layer 7) Layer 4 vs. Layer 7 Namespace Options with Load Balancing Load Balancers Client Access Server Outlook or OWA End-User Client Access Server Client Access OWA/ECP/OA/EWS OWA/ECP/OA/EWS OWA/ECP/OA/EWS externalurl.domain.com Layer 4 and Layer 7 with single namespace Namespace Options with Load Balancing Load Balancers Client Access Server Outlook or OWA End-User Client Access Server Client Access ECP OA owa.domain.com Layer 4 with multiple namespaces OWA EWS OAB ecp.domain.com oa.domain.com ews.domain.com oas.domain.com ECP OA OWA EWS OAB The namespace model within Exchange 2013 has been simplified and this benefits us with load balancing with regard to number of namespaces needed to make it happen
Here is what we needed with 2010: Primary and secondary datacenter Internet protocol namespaces (2) Primary and secondary datacenter OWA failback namespaces (2) Primary and secondary datacenter RPC Client Access namespaces (2) Autodiscover namespace (1) Legacy namespace (1) Transport namespace (depending on if you were doing ad-hoc or partner-to-partner encryption) (1)
There are still a lot of namespaces needed in a site resilient design but 2 are no longer needed Namespaces and Site Resiliency After reviewing all the options it appears they have decided to go with two Kemp load balancers using Layer 7 (for the added functionalities over Layer 4)
They will make sure all CAS servers use the same SSL certificate
They are also looking at providing site resilience in the future and appreciate that fewer namespaces will need to be considered Scenario: From A to Z Eventaganza Additional Research Load Balancing (TechNet) http://technet.microsoft.com/en-us/library/jj898588(v=exchg.150).aspx
Introducing Load Balancing in Exchange 2013 with Steve Goodman (Part 1) http://www.msexchange.org/articles-tutorials/exchange-server-2013/high- availability-recovery/introducing-load-balancing-exchange-server-2013- part1.html
Introducing Load Balancing in Exchange 2013 with Steve Goodman (Part 2) http://www.msexchange.org/articles-tutorials/exchange-server-2013/high- availability-recovery/introducing-load-balancing-exchange-server-2013- part2.html