Edgenexus ALB-X Exchange 2010 Deployment Guide
Synopsis
Pre-Requisites
Overview
Why Edgenexus?
What is a jetPACK?
Exchange 2010 Description
Standard Exchange Diagram
Modifying Exchange 2010
Edgenexus ALB-X Configuration
Adding a virtual service
Add another virtual service to an existing service
Adding a Real Server
Configuring RPC (End Point Mapper)
Configuring Static RPC/CA/PF (Client Access/Public Folders)
Configuring Static RPC/ADS (Address Book Service)
Configuring HTTPS OWA – Layer 7
Configuring HTTPS OWA – Layer 4
Real Server Monitor
SSL Certificates
TCP Timeout Changes
jetPACK Quick Installation
Troubleshooting
Contact Us
Synopsis
This document explains briefly the concept
of Exchange 2010 and how to use an ALB-X to load balance Exchange 2010
Traffic.
Pre-requisites
The following are general prerequisites and configuration notes for this guide:
-
- It is assumed that the reader is a
network administrator or person familiar with networking and general
computer terminology
- It is assumed that the reader is a
-
- You have set-up your Microsoft
Exchange 2010 environment and have installed your Edgenexus
ALB-X application delivery controller
- You have set-up your Microsoft
- When Microsoft refer to a hardware
load balancer (HLB) it is equivalent to the industry term “Application
Delivery Controller” - You are running Software Version 4.0.1 (Build 1576) or later on your Edgenexus ALB-X
Overview
The ALB-X is an Application Delivery Controller (ADC)
sometimes referred to as a next generation load balancer.
This document assumes that you are already
familiar
with using the ALB-X interface.
This document assumes that you are already
familiar with the process of installing Exchange, creating a DAG, and
creating a CAS Array.
Why Edgenexus?
| Server Health Monitoring | Application layer server health checks, detect and route around problems to eliminate downtime |
|
| Layer 4 & Layer 7 Load Balancing |
Speedy layer 4 load balancing with layer 7 health checks ensure the most efficient load balancing is achieved |
|
| Reverse Proxy | Traffic from external clients is securely proxied by edgeNEXUS ensuring no external client can directly access internal resource |
|
| Session persistence | The CAS array in Exchange 2010 requires session persistence. Edgenexus ALB-X provides IP and Cookie based session persistence |
|
| Compression | Compression is automatically used to accelerate external web and mobile clients |
|
| SSL Re-Encryption | Enables end to end secure encrypted traffic between client and internal resources whilst still being able to provide acceleration and traffic manipulation with flightPATH |
|
| fliightPATH | Our intelligent application layer traffic manipulation engine can be easily configured to redirect OWA clients to the correct service |
What is a jetPACK?
A
jetPACK is a simple text file that you can upload to your appliance
that contains all of the configuration needed to deploy an application
such as Exchange 2013.
For more information on jetPACK – Click Here
Exchange 2010 description
Brief overview of Exchange 2010 load
balancing configuration is provided below:
Outlook Clients
The Outlook clients we have used
during testing are made up of Outlook 2003, Outlook 2007 & Outlook
2010 which send their requests to the CAS.
Client Access Server (CAS) Role
The Client Access Server (CAS) role
accepts connections from a variety of clients to allow them access to
the Exchange Server infrastructure.
Database Availability Group (DAG)
The Database Availability Group (DAG)
is made up of Exchange Server 2010 Mailbox servers that provide
automatic database-level recovery from a database, server, or network
failure.
Standard Exchange 2010 Diagram
Modifying Exchange 2010 Client Access Servers
To enable load balancing on Exchange 2010 we will need to make some
changes to each of the servers within CAS Array. We need to set static
ports for RPC Client Access service, Address Book service and Public
folders.
By default they use a dynamic RPC port range (6005-59530) for outgoing
connections.
Microsoft recommends you set the RPC Client Access Service and Public Folders to a unique value
between 59531 and 60554. We have used 59534 in our example.
Microsoft recommends you set the RPC Address Book Service to a unique
value between 59531 and 60554. We have used 59535 in our example.
Please click on the following link for instructions:
How to configure Static RPC Ports on
an Exchange 2010
Client Access Server
Edgenexus ALB-X Configuration
Example of Completed Rule
Below you will see the completed set of services.
| Virtual IP address | 192.168.1.247 | The address that Outlook clients should resolve the FQDN to |
| Virtual Service for MAPI clients | 135, 59534, 59535 | Static RPC ports needs for Outlook clients |
| Virtual Service for Outlook Web App |
443 | Secure Outlook Web App port |
| Virtual Service for Redirect | 80 | Used to redirect clients to from http to https and add in the correct /owa path |
| Client Access Server 1 | 192.168.1.215 | Real server address of CAS 1 |
| Client Access Server 2 | 192.168.1.216 | Real server address of CAS 2 |
Adding a Virtual Service
The IP Service configuration
screen is the main configuration screen
for load balancing functionality and it can be found in (Setup – IP Services).
- Click Add IP. This will add a new blank row with the cursor focus in the IP address Column
- Enter the Virtual Service IP Address and tab to each column in turn
- Click Update once all available columns have been completed
- The cursor focus will then move to the IP address column for the Real Server configuration
Adding a Real Server
The Client Access Server details are configured in the bottom section of the
page called “Real Servers”
-
- In the IP Address column enter the IP Address of your first Client Access Server.
- Tab to the Port column and enter in the port number for your service
- Tab to the Notes section and add in the name of the Client Access Server.
- Click Update, to save the configuration
Click Add Server, to configure additional Real Server details
Adding another Service to the Same Virtual IP
To set up another service on the same IP Address click “Add Port”
This time you do not need to specify the Virtual IP address or Subnet Mask as it has
already been populated.
This now allows you to set up the new ports to each of the content CAS servers.
Configuring RPC
Configure the new virtual service with the IP details for your new service.
In this example we will configure the following IP details, based on a
One-Armed Configuration.
Virtual Service Details:
| Primary: | n/a |
| IP Address: | 192.168.1.247 |
| Subnet Mask: | 255.255.255.0 |
| Port: | 135 |
| Service Name: | Exchange 2010 RPC |
| Service Type: | Layer4 |
| Max Connection: | n/a |
Destination:
| Real Server Details: |
Exchange 2010 Client Access Server 1 |
| Real Server IP: | 192.168.1.215 |
| Real Server Port: | 135 |
Actions:
| Server Monitoring: | TCP Connection |
| Load Balancing Policy | IP-Bound (Formerly “IP Based”) |
| Connectivity: | Reverse Proxy (Formerly “Managed”) |
| Cache: | Off |
| Virtual Service SSL: | No SSL |
| Real Server SSL: | No SSL |
| Enable Connection Pooling: | N/A |
| Connection Pool Size: | N/A |
Configuring Static RPC/CA/PF (Client Access Service & Public Folders)
Configure the new virtual service with the IP details for your new service.
In this example we will configure the following IP details, based on a
One-Armed Configuration.
Virtual Service Details:
| Primary: | n/a |
| IP Address: | 192.168.1.247 |
| Subnet Mask: | 255.255.255.0 |
| Port: | 59534 |
| Service Name: | Exchange 2010 RPC/CA/PF |
| Service Type: | Layer4 |
| Max Connection: | n/a |
Destination:
| Real Server Details: |
Exchange 2010 Client Access Server 1 |
| Real Server IP: | 192.168.1.215 |
| Real Server Port: | 59534 |
| Notes | `Client Access Server 1 |
Actions:
| Server Monitoring: | TCP Connection |
| Load Balancing Policy | IP-Bound (Formerly “IP Based”) |
| Connectivity: | Reverse Proxy (Formerly “Managed”) |
| Cache: | Off |
| Virtual Service SSL: | No SSL |
| Real Server SSL: | No SSL |
| Enable Connection Pooling: | N/A |
| Connection Pool Size: | N/A |
Configuring Static RPC/ADS (Address Book Service)
Configure the new virtual service with the IP details for your new service.
In this example we will configure the following IP details, based on a
One-Armed Configuration.
Virtual Service Details:
| Primary: | n/a |
| IP Address: | 192.168.1.247 |
| Subnet Mask: | 255.255.255.0 |
| Port: | 59535 |
| Service Name: | Exchange 2010 RPC/ADS |
| Service Type: | Layer4 |
| Max Connection: | n/a |
Destination:
| Real Server Details: |
Exchange 2010 Client Access Server 1 |
| Real Server IP: | 192.168.1.215 |
| Real Server Port: | 59535 |
Actions:
| Server Monitoring: | TCP Connection |
| Load Balancing Policy | IP-Bound (Formerly “IP Based”) |
| Connectivity: | Reverse Proxy (Formerly “Managed”) |
| Cache: | Off |
| Virtual Service SSL: | No SSL |
| Real Server SSL: | No SSL |
| Enable Connection Pooling: | N/A |
| Connection Pool Size: | N/A |
Configuring Exchange HTTPS (OWA) – Layer 7
Virtual Service Details:
| Primary: | n/a |
| IP Address: | 192.168.1.247 |
| Subnet Mask: | 255.255.255.0 |
| Port: | 443 |
| Service Name: | Exchange 2010 HTTPS |
| Service Type: | Accelerate HTTP |
| Max Connection: | n/a |
Destination:
| Real Server Details: |
Exchange 2010 Client Access Server 1 |
| Real Server IP: | 192.168.1.215 |
| Real Server Port: | 443 |
Actions:
| Server Monitoring: | Monitoring OWA |
| Load Balancing Policy | Cookie |
| Connectivity: | Reverse Proxy (Formerly “Managed”) |
| Cache: | Off |
| Virtual Service SSL: | Exchange2010Certificate |
| Real Server SSL: | Any |
| Enable Connection Pooling: | N/A |
| Connection Pool Size: | N/A |
Configuring Exchange HTTPS (OWA) – Layer 4
Virtual Service Details:
| Primary: | n/a |
| IP Address: | 192.168.1.247 |
| Subnet Mask: | 255.255.255.0 |
| Port: | 443 |
| Service Name: | Exchange 2010 HTTPS |
| Service Type: | Layer4 |
| Max Connection: | n/a |
Destination:
| Real Server Details: |
Exchange 2010 Client Access Server 1 |
| Real Server IP: | 192.168.1.215 |
| Real Server Port: | 443 |
Actions:
| Server Monitoring: | TCP Connection |
| Load Balancing Policy | IP-Bound (Formerly “IP Based”) |
| Connectivity: | Reverse Proxy (Formerly “Managed”) |
| Cache: | Off |
| Virtual Service SSL: | No SSL |
| Real Server SSL: | No SSL |
| Enable Connection Pooling: | N/A |
| Connection Pool Size: | N/A |
Real Server Monitor
For Exchange 2010 HTTPS OWA service you can create a Layer 7
application layer health check to ensure a server is capable of serving
content.
Navigate to the Configure –
Real-Server Monitor section.
- Click Add Monitor
- A new blank row will be created
- Double Click on the Name column to edit then tab to each subsequent column and complete as below
- This rule name will now appear in the Basic actions – Server Monitoring which you can
select to apply to the 443 virtual service.
SSL Certificates
If you have chosen the option to configure OWA as a layer 7 service you
will need to create or import a certificate in to the ALB-X.
Once you have either imported an existing certificate or created it on
the Edgenexus ALB-X you will then be able to select it from the SSL drop
down within the Basic actions
section.
Please refer to the userguide for more information how to manage SSL certificates.
TCP Timeout Changes
By default the Edgenexus ALB-X has a 90 second timeout for TCP
connections. Whilst this is very efficient for web traffic it is more
desirable to extend this for Exchange 2010 deployment.
Please email support@edgenexus.io with your preferred TCP timeout
value.
Values between 5 Minutes and 2 hours are recommended but we can
customise this to any value you require.
support@edgenexus.io will send you a custom configuration update file
which you then upload on to the ALB-X. This is a very quick and simple
procedure that can be completed from within the GUI in around 15
seconds.
You can download a 2 hour TCP timeout jetPACK update here
To apply the jetPACK update
- Navigate to Advanced – Update Software – Configuration
- Click Browse (for the file above)
- Click Upload and wait for approximately 15s
- When the screen returns the TCP update has been applied
jetPACK Quick Installation
| The Edgenexus ALB-X can be configured automatically with a Exchange 2010 “jetPACK”, template which is fully-tuned with all of the application-specific settings that you need in order to enjoy optimised service delivery from your ALB-X |
||
| If you supply the virtual IP address and real server IP addresses to support@edgenexus.io we will send you a custom jetPACK that you simply upload to the Edgenexus ALB-X |
||
| The upload can be done via the GUI and will be fully configured in less than 1 minute |
||
| The relevant jetPACK can be applied to multiple Edgenexus ALB-X appliances saving valuable time and eliminating simple mistakes |
||
| For more information and to download a jetPACK please click here |
Troubleshooting
Further help can be found on the main edgeNEXUS website
http://www.edgenexus.io/support/
Contact Us
I hope you have found this Deployment Guide informative, but if you
need any clarification or further information, please do not hesitate
to get in contact with edgeNEXUS Support:
|
|
support@jetNEXUS.com |
Phone |
+44 (0870) 382 5529 |
Blog |
http://jetNEXUS.blogspot.com/ |
Back to Top