WIXLIB

DEPLOYMENT GUIDELoad Balancing MicrosoftExchange 2010v2.0.2Deployment Guide

Contents1. About this Guide. 32. Loadbalancer.org Appliances Supported. 33. Loadbalancer.org Software Versions Supported. 34. Microsoft Exchange Software Versions Supported. 35. Exchange Server 2010. 46. Exchange 2010 Server Roles. 4Client Access Server.4Hub Transport Server.4Mailbox Server/Database Availability Group’s (DAG).57. Load Balancing Exchange 2010. 5Which Roles?.5Persistence (aka Server Affinity).5Virtual Service (VIP) Requirements.6Port Requirements.6Load Balancer Deployment.7Load Balancer Deployment Mode.88. Loadbalancer.org Appliance – the Basics. 9Virtual Appliance Download & Deployment.9Initial Network Configuration.9Accessing the Web User Interface (WebUI).9HA Clustered Pair Configuration.119. Exchange 2010 Configuration for Load Balancing. 12Step 1 – Configure the CAS Array & Internal/External URL's.12Step 2 – Configure Static RPC Ports.14Step 3 – Configure Send & Receive Connectors.16Step 4 – Microsoft Outlook Client Configuration.1710. Appliance Configuration for Exchange 2010. 17Step 1 – Configure the Virtual Services & Real Servers.17Step 2 – Finalizing the Configuration.2511. Microsoft Exchange Testing Tool. 2512. Technical Support. 2513. Further Documentation. 2514. Conclusion. 2515. Appendix. 261 – Configuring the Load balancer using a single VIP for all CAS Services.262 – Limiting inbound SMTP Connections using Firewall Rules.263 – Using HTTP Cookie Persistence for OWA Users.274 – Enabling full Transparency using TProxy.285 – Using a Layer 4 Virtual Service for the HT Role.286 – Clustered Pair Configuration – Adding a Slave Unit.2916. Document Revision History. 322 Copyright Loadbalancer.org www.loadbalancer.org sales@loadbalancer.org

1. About this GuideThis guide details the steps required to configure a load balanced Microsoft Exchange 2010 environment utilizingLoadbalancer.org appliances. It covers the configuration of the load balancers and also any Microsoft Exchange 2010configuration changes that are required to enable load balancing.For more information about initial appliance deployment, network configuration and using the Web User Interface(WebUI), please also refer to the relevant Administration Manual: v7 Administration Manual v8 Administration Manual2. Loadbalancer.org Appliances SupportedAll our products can be used with Exchange 2010. The complete list of models is shown below:Discontinued ModelsCurrent Models *Enterprise R16Enterprise R20Enterprise VA R16Enterprise MAXEnterprise VAEnterprise 10GEnterprise R320Enterprise 40GEnterprise UltraEnterprise VA R20Enterprise VA MAXEnterprise AWS **Enterprise AZURE **Enterprise GCP *** For full specifications of these models please refer to: http://www.loadbalancer.org/products/hardware** Some features may not be supported, please check with Loadbalancer.org support3. Loadbalancer.org Software Versions Supported V8.3.7 and later4. Microsoft Exchange Software Versions Supported Microsoft Exchange 2010 – all versions3 Copyright Loadbalancer.org www.loadbalancer.org sales@loadbalancer.org

5. Exchange Server 2010Exchange 2010 is Microsoft's enterprise level messaging and collaboration server.6. Exchange 2010 Server RolesSystem functionality is split into five role as shown in the following table. Mandatory roles are Mailbox, Client Access andHub Transport. The Edge Transport and Unified Messaging roles are optional and depend on the infrastructure andoperational requirements.RolePurposeMailbox ServerThis server hosts mailboxes and public folders.Client Access ServerThis is the server that hosts the client protocols, such as Post Office Protocol3 (POP3), Internet Message Access Protocol 4 (IMAP4), Secure HypertextTransfer Protocol (HTTPS), Outlook Anywhere, Availability service, andAutodiscover service. The Client Access Server also hosts Web services.Note: A number of issues have been seen with IOS-7 on the iPhone whenused with ActiveSync. Upgrading to IOS-8 resolved these issues.Unified Messaging ServerThis is the server that connects a Private Branch exchange (PBX) system toExchange 2010.Hub Transport ServerThis is the mail routing server that routes mail within the Exchangeorganization.Edge Transport ServerThis is the mail routing server that typically sits at the perimeter of thetopology and routes mail in to and out of the Exchange organization.Client Access ServerThe Client Access Server Role also known as CAS, provides Exchange connectivity for all clients regardless of clienttype or protocol including Outlook Web App (aka OWA), ActiveSync, POP3, IMAP4, RPC Client Access (MAPI) andOutlook Anywhere (previously known as RPC over HTTP). Exchange now has a single common path through which alldata access occurs.Therefore, due to the critical nature of this role, it's common practice to implement load balancing and redundancytechnologies to ensure availability.Hub Transport ServerFor internal server to server mail traffic, HT servers are automatically load balanced by Exchange 2010 and there is no need toconfigure any type of load balancing mechanism to load balance the mail submission traffic among Exchange servers.However, some sites may decide not to deploy an ET server. In this scenario, inbound SMTP mail is typically forwarded from athird party smart host directly to the HT server. Also, internal applications and systems often need to send email via Exchangeand typically are only able to do so using an SMTP connection. To provide redundancy in these cases, additional loadbalancing & HA techniques are required to ensure availability of the HT role.4 Copyright Loadbalancer.org www.loadbalancer.org sales@loadbalancer.org

Mailbox Server/Database Availability Group’s (DAG)Exchange 2010 brings the ability to combine both CAS and HT roles on a mailbox server that is also configured as aDAG member. This permits a highly available solution using just two Exchange servers and one or two (configured as aclustered pair for added redundancy) Loadbalancer.org appliances. Another server is needed to act as the witnessserver, but this doesn’t need to be an Exchange server. It could be any Windows 2003/2008 file server within theenvironment.Note: DAG's utilize Microsoft Clustering Services which cannot be enabled on the same server asMicrosoft Network Load Balancing (NLB). Therefore, using Microsoft NLB is not an option in this case.Using a Loadbalancer.org appliance provides an ideal solution.7. Load Balancing Exchange 2010Note: It's highly recommended that you have a working Exchange 2010 environment first beforeimplementing the load balancer.Which Roles?The CAS role does not have any built-in load balancing functionality. The HT role does provide load balancingfunctionality for server to server mail traffic, but not external SMTP traffic that arrives from other applications or fromoutside the organization directly to the HT server. Therefore, it is a common requirement to load balance both the CASand HT roles. In some cases only the CAS role is load balanced. The exact load balancing requirements depend on thenumber of servers in use and how/where the roles are deployed.Persistence (aka Server Affinity)Some Exchange 2010 protocols require affinity and others do not. For more details please refer to the followingMicrosoft Technet article: 8.aspxFor additional information on the various affinity options, please refer to the following Microsoft Technet /ff625247.aspx#affinitySummary of Persistence Requirements:Persistence – RequiredPersistence – RecommendedPersistence – Not RequiredOutlook Web AppOutlook AnywhereOffline Address BookExchange Control PanelActiveSyncAutoDiscoverExchange Web ServiceAddress Book ServicePOP3RPC Client Access ServiceRemote PowerShellIMAP4For simplicity and consistency we recommend that source IP persistence is used for all protocols that requirepersistence between client and back-end server.5 Copyright Loadbalancer.org www.loadbalancer.org sales@loadbalancer.org

Note: If OWA users pass through a NAT device to reach the load balancer then IP based persistencemay not be appropriate since the source IP address would be the same for these users. This wouldcause all OWA sessions to be directed to the same backend CAS. In this situation, HTTP cookiepersistence can be used. This requires HTTPS traffic to be terminated on the load balancer to allowthe cookie to be inserted/read. Also, additional Exchange server configuration steps must be followed.For more details, please refer to section 3 in the Appendix on page 27.Virtual Service (VIP) RequirementsThere are a number of options when deciding on the number of VIPs required for the CAS and HT roles. Thisdeployment guide presents two options as shown below:Option 1 – Four VIPs (Used for the example configuration in this guide)This method uses three VIPs for the CAS role, and one VIP for the HT role as follows: CAS role – HTTPS & HTTP services CAS role – RPC services CAS role – IMAP4 or POP3 services (if used/required) HT role – SMTP servicesThis method allows the settings for each VIP to be customized (e.g. persistence/affinity options) to suit the servicebeing load balanced and also ensures more granular health-checks.Note: IMAP4 and POP3 are not typically used. Therefore the IMAP4 and POP3 VIPs are not generallyrequired.Option 2 – Two VIPs (not recommended for production deployments)This method uses two VIPs - one VIP for all CAS services, and one VIP for the HT role. This is useful for rapiddeployments and is only recommended for evaluation & testing purposes. For details of this, please refer to section 1 inthe Appendix on page 26.Port RequirementsThe following table shows the port list that must be load balanced for the CAS and HT roles. Note that some servicessuch as IMAP4 or POP3 may not be required in your environment.TCP PortRole(s)Uses25HTSMTP80CASHTTP – various6 Copyright Loadbalancer.org www.loadbalancer.org sales@loadbalancer.org

110CASPOP3 clients135CASRPC end point mapper143CASIMAP4 clients443CASHTTPS – various993CASSecure IMAP4 clients995CASSecure POP3 clients60200*CASStatic port for RPC client access service60201*CASStatic port for Exchange address book service HT Hub Transport Server, CAS Client Access Server * These ports have been chosen as the static RPC ports. Microsoft recommends that any port within the range59531 to 60554 should be used, and that the same ports should be used on all Client Access Servers withinthe same AD site. For a full Exchange Server 2010 port list, please refer to the following Microsoft Technet /bb331973.aspxNote: If you use Microsoft ISA Server or TMG, you may need to disable the RPC Filter to allowOutlook client RPC related communication to work correctly.Load Balancer DeploymentThere are multiple ways to deploy Exchange, but in this example two servers are used. Each server hosts the CAS & HTroles, as well as the Mailbox role in a DAG configuration. This provides high availability for these three key Exchangeroles and uses a minimum number of Exchange servers.Clients then connect to the Virtual Services (VIPs) on the load balancer rather than connecting directly to one of theExchange servers. These connections are then load balanced across the Exchange servers to distribute the loadaccording to the load balanci

Aug 06, 2019 · Microsoft Network Load Balancing (NLB). Therefore, using Microsoft NLB is not an option in this case. Using a Loadbalancer.org appliance provides an ideal solution. 7. Load Balancing Exchange 2010 Note: It's highly recommended that you have a working Exchange 2010 environment