html5-img
1 / 51

MMCUG 1/31/2014 Bryan F. Boretsky

MMCUG 1/31/2014 Bryan F. Boretsky. This presentation is intended solely for KEMP partners and customers, please do not distribute!. Agenda. Introductions Microsoft workload overview KEMP Overview Q&A. Exchange Load Balancing. Reference Architecture. Exchange 2013 Ready and Tested.

nira
Télécharger la présentation

MMCUG 1/31/2014 Bryan F. Boretsky

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MMCUG 1/31/2014 Bryan F. Boretsky This presentation is intended solely for KEMP partners and customers, please do not distribute!

  2. Agenda • Introductions • Microsoft workload overview • KEMP Overview • Q&A

  3. Exchange Load Balancing

  4. Reference Architecture Exchange 2013 Ready and Tested

  5. How did we get here? Exchange 2010 story… • A newborn is named Client Access Array • Load Balancing requirements accompany the newborn • The world of Exchange administrators becomes complex…

  6. Story of Protocols • Like our DNA, each one is unique • Outlook Web App – Persistence required – server cookie • Exchange Control Panel – Persistence required – server cookie • Web Services – Persistence required – cookie or no cookie is the ? • RPC Client Access – Persistence required – Client IP is the only option • Outlook Anywhere – Persistence recommended – Client IP/Cookie • ActiveSync – Persistence recommended – Client IP/SSL Session ID • Address Book Service – Persistence recommended – Client IP/SSL Session ID • PowerShell – Persistence recommended – LB generated cookie/Client IP

  7. Story of Namespaces • Exchange 2010 required One, err… many namespaces • Primary namespace • Secondary/DR namespace • OWA failback namespace • Another OWA failback namespace • Autodiscover namespace • RPC Client Access namespace • Legacy namespace

  8. Exchange 2010 Roles

  9. In Summary… • Exchange 2010 Load balancing • Is complex • Dizzying array of affinity requirements • Needs more planning • Requires Layer 7 Load Balancer Costs $$$

  10. New kid’s on the block… • Exchange 2013 • RIP RPC/TCP • Long live RPC/HTTP • RIP CAS Array • Long live CAS Proxy • Managed Availability • New Healthcheck Page • Easier Maintenance

  11. Exchange 2013 Roles

  12. Client Access Role… • Is strictly a proxy • No data rendering • Proxy to mailbox server OR • Redirect to another CAS server • No longer an RPC endpoint • guid@smtpdomain is new endpoint • Outlook profile doesn’t change

  13. In Summary… • Exchange 2013 Load balancing • Is simpler, no affinity needed • Still needs proper planning but less complex means less daunting • Layer 4 Load Balancer works Costs LE$$

  14. The great debate of DNS RR • Can you do away with Load Balancer? • Most client protocols are HTTP • HTTP client can try next record if one fails • BUT… • It is not service aware • It can’t account for grey errors

  15. Exchange 2013 • Even though L4 is now avail, most customers still setting up at L7 • Only one VS on port 443 at a minimum is needed with simple health checking. ex: set up health checking on the HTTPS protocol and point to /OWA or /microsoft-server-activesync • adding an HTTP-HTTPS Redirect VS is also common • We can also support Sub-VSs which would allow you to perform more specific Health Checking on each individual Service • Templates are available for Ex2013

  16. Lync Load Balancing

  17. Reference Architecture

  18. Load Balancing Lync 2013 • Visual Reference

  19. Load Balancing Lync 2013 • Load Balancing Front End/Director Pools

  20. Load Balancing Lync 2013 • Load Balancing Front End/Director Pools • Microsoft recommended method • Use DNS Load Balancing for SIP traffic • Configure Web services override FQDN for internal web services • Load balance TCP port 80, 8080, 443 and 4443 • Also Load balance TCP port 444 if Director is deployed

  21. Load Balancing Lync 2013 • Load Balancing Front End/Director Pools • Source IP Persistence can be used, but should you? • Clients from behind NAT device shows up as single IP • Can result in uneven connection distribution • Health check on TCP port 5061, or use hardware load balancer monitoring port from topology if defined • Alternatively check /meet/blank.html instead of 5061 to ensure IIS is working

  22. Load Balancing Lync 2013 • Load Balancing Front End/Director Pools • Load balancer only configuration, DNS RR not used for SIP • Load balance the following ports (all TCP) • 5061, 444, 135, 80, 8080, 443, 4443, 448, 5070-5073, 5075-5076, 5080 • Hardware Load Balancer Ports if Using Only Hardware Load Balancing - http://bit.ly/1185Yvq

  23. Load Balancing Lync 2013 • Load Balancing Mediation Pools • DNS only load balancing is sufficient • If using load balancer instead of DNS, load balance only TCP 5070

  24. Load Balancing Lync 2013 • Load Balancing Edge Pools

  25. Load Balancing Lync 2013 • Load Balancing Edge Pools using DNS • Loss of failover in following scenarios • Federation with organizations running OCS versions older than Lync 2010 • PIM connectivity with Skype, Windows Live, AOL, Yahoo! and XMPP partners • UM Play on Phone functionality • Transferring calls from UM Auto Attendant

  26. Load Balancing Lync 2013 • Load Balancing Edge Pools using Load Balancer • External Interfaces • Access Edge Interface • Source NAT can be used • SIP (External Client) – TCP 443 • SIP (Federation/PIM) – TCP 5061 • XMPP –TCP 5269 • Web Conferencing Interface • Source NAT can be used • PSOM – 443 • AV Edge Interface • NAT can’t be used here • STUN/MSTURN – TCP 443 • STUN/MSTURN – UDP 3478

  27. Load Balancing Lync 2013 • Load Balancing Edge Pools using Load Balancer • External Interfaces • Use Access VIP as default gateway on all Edge interfaces • AV Edge Interface considerations • Turn off TCP nagling for both internal and external TCP 443 VIP • Turn off TCP nagling for external port range 50000 - 59,999 • Must use publicly routable IP with no NAT or port translation

  28. Load Balancing Lync 2013 • Load Balancing Edge Pools using Load Balancer • Internal Interfaces • Access SIP – TCP 5061 • Used by Directors, FE Pools • AV Authentication SIP – TCP 5062 • Any FE Pool and SBA • AV Media Transfer – UDP 3478 • Preferred path for A/V media transfer • AV Media Transfer – TCP 443 • Fallback path for A/V media transfer • File Transfer • Desktop Sharing

  29. Load Balancing Lync 2013 • Reverse Proxy

  30. Reverse Proxy – What is It • Device deployed between clients and servers, usually in the DMZ and interacts with servers and services on behalf of the client • Commonly used to provide load balancing for availability and scalability • Terminates TCP traffic • Protects internal HTTP servers by providing a single point of access to the internal network • Full reverse proxies provide advanced Layer 7 features such as SSL acceleration, traffic management, intrusion prevention, content acceleration, etc. • More than NAT = Load Balancer Reverse Proxy

  31. Load Balancing Lync 2013 • Reverse Proxy – a separate VIP on Load Balancer • Load balance port 80 and 443 • Translate to server ports 8080 and 4443 • Can not use pre-authentication • No persistence is required • Use 20 minute TCP session timeout • Use 1800 seconds TCP idle timeout • Health check on port 5061, or use hardware load balancer monitoring port from topology if defined • Alternatively check /meet/blank.html instead of 5061 to ensure IIS is working

  32. Load Balancing Lync 2013 • Load Balancing Office Web Apps Servers • Load balance port TCP/443 • Enable and Reencrypt SSL • Use Source IP for persistence with 30 minute timeout, use other methods if NAT or concentrators are involved • Use 1800 seconds Idle timeout • Perform healthcheck on /hosting/discovery, using HTTP GET

  33. Reference Architecture INTERNET PERIMETER LAN KEMP LoadMasters KEMP LoadMasters Internet Authentication Providers SharePoint 2013 Farm • Perimeter LoadMaster can provide: • Reverse Proxy for SharePoint Farm • ESP with Preauthentication service

  34. Reference Architecture Internet Internal Remote Desktop Users Thin Clients intranet • RDP Health Checking • Session Broker Support • L7 Persistence • Resource-Based LB Agent RDS Server Farm Session Broker

  35. Site Failover (Active, Standby) Best-performing/Fastest Closest Geography-based Round-Robin Reference Architecture for DR or Localization

  36. KEMP OVERVIEW

  37. Application Centric ADCs “ It’s NOT about the Load Balancer, it’s about the application.” • All KEMP Hardware and Virtual Appliances are optimized for: • Exchange • Lync • SharePoint • Remote Desktop Services • TMG / Forefront • ADFS (federation servers)

  38. What we do KEMP Technologies – Overview Who we are KEMP Technologies builds Application Delivery Controllers • Established in 2000 • US-HQ: New York | EMEA-HQ: Limerick | • APAC-HQ: Singapore • Over 17,000 customer deployments • ~700% Growth in past 5 years (510% in last 3) • 3rd ADC Vendor by Units Shipped • Ownership and Investments • Enabling our customers to achieve: • High Availability • Scalability • Performance Optimization • Application Acceleration

  39. ALL LoadMaster Hardware and Virtual Appliances support: • L4/L7 Server Load Balancing • SSL Acceleration/Termination & Re-encryption • Cookie (L7) Persistence • Server Health Monitoring • Service “Aware” • L7 Transparency • Caching, Compression • Active/Hot-Standby High Availability • Application-specific Templates • Global load balancing

  40. Introducing the KEMP Family of ADC Unified Management Common, “Tiered” UI Feature-parity, platform ubiquity “Bare-metal” LMOS (ISO) Purpose-built Appliances Public Cloud Platforms All Major Hypervisors

  41. Latest in Virtual Load Masters

  42. Latest in hardware Load Balancers The 140 series of Federal Information Processing Standards (FIPS) are US government computer security standards that specify requirements for cryptography modules which include both hardware and software components used by the Feds.

  43. Where’s KEMP Today? KEMP is rapidly growing, currently #3 ADC Vendor in North America and EMEA by units shipped 0.4 1.8 0.5 3.5 *The complete Dell’OroGroup Data Center Appliance Quarterly Report can be found here: http://www.delloro.com/products-and-services/data-center-appliance

  44. KEMP Recently Debuted on Gartner’s MQ for ADCs

  45. Strategic Technology Partnerships KEMP has a strong partnership with, Microsoft, VMware, Dell, HP, Cisco, Oracle and other enterprise application vendors. It is the “application” that drives the requirement for KEMP LoadMaster solutions. Most Enterprise Workloads (e.g. MS Exchange, SharePoint; Oracle ERP, Web Apps) require an ADC or a Load Balancer to distribute application user requests to more than one server – hardware or virtual.

  46. The KEMP ESP – Edge Security Pack • Endpoint Authentication for Pre-Auth • Persistent Logging and Reporting for User Logging • Single Sign On Across Virtual Services • LDAP Authentication • NTLM and Basic Authentication

  47. Geo Pack add-on for Global Site Load Balancing Optimized for Exchange Site Resiliency 5 Distributions • Closest • Geo-targeted • Fastest • Round Robin • Active/Standby

  48. LoadMaster for Azure

  49. Some Useful Links • Trial VLM Download • http://kemptechnologies.com/server-load-balancing-appliances/virtual-loadbalancer/vlm-download • Templates, including new Lync and Exchange 2013, VMWare Horizons View and more • http://kemptechnologies.com/loadmaster-documentation#c7842 • Documentation • http://kemptechnologies.com/loadmaster-documentation • Support • http://kemptechnologies.com/load-balancing-support/kemp-support • Training is available • Live, interactive Basic and Advanced Partner training scheduled for Wednesday and Friday next week respectively. • Lunch-and-learn sessions on demand • Training Videos

More Related