Upload
kemp-load-balancers
View
1.196
Download
0
Embed Size (px)
DESCRIPTION
Deliver secure, highly available Microsoft Applications with 3 key Load Balancer services with Alex Lewis (Lync MVP, Modality Systems), Jon Braunhut (Chief Scientist at http://KEMPTechnologies.com) and Bhargav Shukla (Exchange MVP, Director of Product Research and Innovation at http://kemptechnologies.com).
Citation preview
Deliver Secure, Highly Available Microsoft
Applications with 3 Key Load Balancer Services
Alex Lewis !Principal Consultant and VP at Modality Systems and Author of Lync 2010/2013 Unleashed !Lync MVP
Jon Braunhut !Chief Scientist at KEMP Technologies
Bhargav Shukla !Director of Product Research and Innovation at KEMP Technologies !Exchange MVP
Exchange 2013 Load Balancing
Exchange 2013 Reverse Proxy
and KEMP Edge Security Pack
Q&A
Lync 2013 Web Services… and other Services
Load Balancing
Lync 2013 Reverse Proxy
Office Web Apps
Publishing
Agenda
Why Load Balance Lync?
Even with DNS LB, web services must be load balanced using an external load balancer
Often simplifies PBX integration with multiple mediation servers
External applications often don’t understand DNS LB or treat it as DNS RR
HA for Lync edge services including legacy, PIC and XMPP federation
1
2
3
4
Load Balancer Requirements
RoleHigh Availability
LoadBalancer
DNSBalancing
Standard edition server Not available N/A N/A
Enterprise edition front end server
Deploy multiple server in a pool and use load balancing
Yes Yes
Back end serverSQL server uses windows clustering for high availability No No
A/V conferencing server
Deploy multiple servers in a pool. Load balancing not required N/A N/A
Edge Server Deploy multiple servers in a pool and use load balancing
Yes Yes
Mediation server Deploy multiple servers in a pool and use load balancing
Yes Yes
MonitoringStandby server (MSMQ) on the front-end queues messages in the event of a failure No No
ArchivingStandby server (MSMQ) on the front-end queues messages in the event of a failure No No
Director Deploy multiple servers in a pool and use load balancing
Yes Yes
File sever Use Windows cluster or distributed file system Yes Yes
Basic HTTPS Load Balancing
No more cookie insertion for mobile!
Lync 2013 Web Services
Be sure to turn on HTTP->HTTPS
Redirection
Separate Virtual IPs for Internal & External Web
Services
Create a virtual service on port 443 for Lync Edge External Conferencing
Set HTTP 302 Redirect with redirect URL set to https://%h%s
In the virtual service status menu you will see “Redirect”
HTTP to HTTPS Redirection
Load Balancing Mediation Pools
Required for most ITSPs for direct connectivity without an SBC
Required for IP PBXs that don’t support DNS-LB – and that’s almost all of them
Ensure equal load balancing
Easier maintenance and testing
1
2
3
4
SNAT Load Balancing (Full-NAT) for gateway/PBX side of Mediation Server Pool
Use if Gateway doesn’t support DNS LB to simplify Gateway/PBX configuration
Best Practices for LB Mediation
Lync 2013 Mobile Client
Windows 8 Lync App
Lync 2013 Desktop client
Load Balancer
Internet DMZ Internal Network
Active Directory
Lync 2013 Mobile Client Lync 2013 Desktop client
Lync Front-‐End Pool
Mirrored Back-‐End Servers
Office Web Apps Server
Load Balancer
Lync Edge Pool
Reverse Proxy
Lync 2013 Reverse Proxy
Device deployed between clients and servers, usually in the DMZ, and interacts with servers and services on behalf of the client
Commonly used to provide load balancing for availability and scalability
Terminates TCP traffic
Protects internal HTTP servers by providing a single point of access to the internal network
Full reverse proxies provide advanced Layer 7 features such as SSL acceleration, traffic management, intrusion prevention, content acceleration, etc.
More than NAT
Reverse Proxy – What is it?
1
2
3
4
5
6
Reverse Proxy – What is it?
="
Load balance port 80 and 443
Translate to server ports 8080 and 4443
Can not use pre-authentication
No persistence is required
Alternatively check /meet/blank.html instead of 5061 to ensure IIS is working
Use 20 minute TCP session timeout
Use 1800 seconds TCP idle timeout
Health check on port 5061, or use hardware load balancer monitoring port from topology if defined
Lync 2013 Web Services Reverse Proxy
1
2
3
4
5
6
7
8
Enable and Reencrypt SSL
Load balance port TCP/443
Office Web Apps Publishing
Use Source IP for persistence with 30 minute timeout, use other methods if NAT or concentrators are involved
Perform healthcheck on /hosting/discovery, using HTTP GET
1
Use 1800 seconds Idle timeout
2
3
4
5
• CAS Array is no more!
• Client Access is stateless proxy
• Load balancing requirements are simplified
• SSL Termination at load balancer isn’t required
• Session affinity isn’t required enabling even distribution of connections
• Service Pack 1
• SSL Offloading is now possible
• MAPI/HTTP is new transport mechanism
What’s new in Exchange 2013
Exchange 2013 Publishing/Load Balancing/Security• Provide high availability for client
connections
• Pre-authenticate external clients
• Layered security with vDir filtering and IP filtering
• Single Sign-on with other applications (i.e. SharePoint)
• Relay SMTP for external apps w/domain filtering
• Content switching for publishing on shared public IP address
Managed Availability • Monitors end user Experience • Provides health state of Exchange components • Each component has dynamic healthcheck.htm
Load Balancing at Layer 4 • No SSL termination on Load Balancer • No advanced configuration (i.e. cookie affinity)
Load Balancing at Layer 7 • More advanced configuration • Requires SSL termination at Load Balancer • More granular health checks with single namespace • Granular control over failures
Load Balancing in Exchange 2013
DMZ Internal Network
Edge Security and ReverseProxy for Exchange
Load Balancer /Reverse Proxy
Exchange CAS
Exchange CAS
Exchange CAS
Recap of Key Load Balancer Services
Awareness(Application &
Resource)
Reverse Proxy Replacement
Security Services
About KempKEMP Designs & Develops Load Balancer and ADC Software
Enabling our customers to achieve optimal application performance w/: • High Availability • Scalability • Acceleration • Security
KEMP – Fastest Growing ADC Vendor, #3 WW Units Shipped
Cloud ADCs Bare Metal ADCs Virtual ADC Appliances ADC H/W Appliances
Price/Performance leader with ubiquitous platform deployments : • 20,000+ WW customer deployments • Microsoft Gold Certified Partner –
Messaging and Communications • Pricing starts at $1,990 • Free Trial - http://bit.ly/KEMPWebinar
(case sensitive)
More info on KEMP athttp://www.KEMPTechnologies.com !Follow KEMP at: @KEMPtech More on Modality Systems athttp://www.modalitysystems.com [email protected] @modalitysystems @alexlewis
Watch our other webinars here:http://kemptechnologies.com/en/load-balancing-webinars-and-videos