3658_implement load balancing
TRANSCRIPT
Plan, Install, Configure and
Manage Client Access: Implement Load Balancing
Implement load balancing
This objective may include but is not limited to:
– Configure namespace load balancing
– Configure Session Initiation Protocol (SIP) load balancing
– Plan for differences between layer seven and layer four load balancing methods
– Configure Windows Network Load Balancing (WNLB)
•The Company:
•From A to Z Eventaganza
•Problem:
•They have HA of their Mailbox servers but not their CAS
•Goal:
•Review options to provide solid load balancing and availability
Scenario: Event Planners
Load balancing with 2010 was a real pain and was costly
Distributing MAPI traffic across an RPC CAS array was painful and the need for Layer 7 load balancers that included all these awesome features like SSL offloading, service level monitoring and so forth, was expensive
And that expense has to be considered in pairs because you need TWO load balancers per implementation if you wish to have redundancy of your balancers too
Client Access arrays and Exchange 2013: Not required
Looking Backwards at 2010
The CAS role has been altered to be stateless and act as a proxy with no rendering done on the CAS
It authenticates a user and proxies the request back to the Mailbox server where the users mailbox resides where all the rendering is done
All client interaction is now done through HTTPS with Outlook Anywhere (even internal clients) so MAPI or RPC client access is not longer used for client interaction
The CAS role is now the entry point for UM. UM connects by sending a SIP request to the UM call router in the CAS which answers the request and sends a SIP redirection to the caller who can connect to the MB server through SIP and RTP directly
Improvements to Exchange 2013 Client Access
Affinity
Load Balancers
Client Access Server Mailbox Server
Outlook or OWA
End-User
Mailbox Server
Mailbox Server
Client Access Server
Client Access DAG
There are some great improvements in the architecture of Exchange 2013 that make for a better load balancing/high availability implementation
For example, the use of only one protocol in HTTPS, a new method of handling HTTP cookies during forms based authentication, etc…
The new authentication method where rendering is handled on the Mailbox side means (if all Client Access servers have the same SSL cert) the session can go through either CAS
These adjustments make it possible for Layer 4 load balancers to be used now
Load Balancing Improvements
For starters, to have higher availability or load balancing you need more than one Client Access server
To achieve both high availability and load balancing you can use:
– DNS round robin (no real load balancing)
– Network Load Balancing
– Hardware/Virtual load balancing
CAS High Availability and Load Balancing
Not the best option nor is it typically recommended over a hardware-based (or virtual) load balancer or even NLB
The failover takes place at the client level as it reaches out for a DNS record for your Client Access servers and is provided one of the options you have configured
Logically you need multiple CAS to make this work and you have to configure multiple A records for IP addresses of your CAS servers
Remember there is no true load balancing or automatic failover with round-robin
DNS Round Robin
NLB is built right into Windows Server OS and it allows you to distribute the load between your Client Access servers
You assign a virtual IP along with the typical IP address for each member of the NLB cluster
Because the client uses the VIP to connect, if a CAS is unavailable the NLB will connect the client to a different CAS
NLB is fine for labs and small environments where the expense of a hardware load balancer is an issue
Windows Network Load Balancing
NLB cannot be used with Exchange if the CAS is located on a Mailbox server part of a DAG (NLB is not compatible with Windows clustering)
NLB doesn’t detect service outages (only outages by IP)
NLB can result in port flooding
Not a good solution for small IP pools because it only does client affinity using the source IP
WNLB Limitations
Also uses a virtual IP (VIP) but is much more sophisticated than NLB
Performance is better with a real load balancing solution
Hardware-based (virtual) Load Balancing
As mentioned a bit earlier the new architectural changes with regard to the Client Access server makes it so that you don’t need all the expensive Layer 7 intelligence and a Layer 4 load balancer is typically all you need
Layer 4 load balancers (in a basic form) can also determine if a server is in a failure state or check for specific services (like OWA) and ensure it is up and running
Layer 4 load balancers cannot do is determine amongst multiple services if a single service is down and reroute just that service (that requires Layer 7)
Layer 4 vs. Layer 7
Namespace Options with Load Balancing
Load Balancers
Client Access Server
Outlook or OWA
End-User
Client Access Server
Client Access
OWA/ECP/OA/EWS
OWA/ECP/OA/EWS
OWA/ECP/OA/EWS
externalurl.domain.com
Layer 4 and Layer 7 with single namespace
Namespace Options with Load Balancing
Load Balancers
Client Access Server
Outlook or OWA
End-User
Client Access Server
Client Access
ECP
OA
owa.domain.com
Layer 4 with multiple namespaces
OWA
EWS
OAB
ecp.domain.com
oa.domain.com
ews.domain.com
oas.domain.com
ECP
OA
OWA
EWS
OAB
The namespace model within Exchange 2013 has been simplified and this benefits us with load balancing with regard to number of namespaces needed to make it happen
Here is what we needed with 2010: – Primary and secondary datacenter Internet protocol namespaces (2)
– Primary and secondary datacenter OWA failback namespaces (2)
– Primary and secondary datacenter RPC Client Access namespaces (2)
– Autodiscover namespace (1)
– Legacy namespace (1)
– Transport namespace (depending on if you were doing ad-hoc or partner-to-partner encryption) (1)
There are still a lot of namespaces needed in a site resilient design but 2 are no longer needed
Namespaces and Site Resiliency
After reviewing all the options it appears they have decided to go with two Kemp load balancers using Layer 7 (for the added functionalities over Layer 4)
They will make sure all CAS servers use the same
SSL certificate
They are also looking at providing site resilience in the future and appreciate that fewer namespaces will need to be considered
Scenario: From A to Z Eventaganza
Additional Research
•Load Balancing (TechNet) • http://technet.microsoft.com/en-us/library/jj898588(v=exchg.150).aspx
•Introducing Load Balancing in Exchange 2013 with Steve Goodman (Part 1)
• http://www.msexchange.org/articles-tutorials/exchange-server-2013/high-availability-recovery/introducing-load-balancing-exchange-server-2013-part1.html
•Introducing Load Balancing in Exchange 2013 with Steve Goodman (Part 2)
• http://www.msexchange.org/articles-tutorials/exchange-server-2013/high-availability-recovery/introducing-load-balancing-exchange-server-2013-part2.html