Deliver secure, highly available Microsoft Applications with 3 key Load Balancer services with Alex Lewis (Lync MVP, Modality Systems), Jon Braunhut (Chief Scientist at http://KEMPTechnologies.com) and Bhargav Shukla (Exchange MVP, Director of Product Research and Innovation at http://kemptechnologies.com).
2. Alex
Lewis
!
Principal Consultant
and VP at Modality
Systems and Author
of Lync 2010/2013
Unleashed
!
Lync MVP
Jon
Braunhut
!
Chief Scientist at
KEMP Technologies
Bhargav
Shukla
!
Director of Product
Research and
Innovation at KEMP
Technologies
!
Exchange MVP
3. Exchange 2013
Load Balancing
Exchange 2013
Reverse Proxy
and KEMP Edge
Security Pack
Q&A
Lync 2013 Web
Services… and
other Services
Load Balancing
Lync 2013
Reverse Proxy
Office Web
Apps
Publishing
Agenda
5. Even with DNS LB, web services must be load
balanced using an external load balancer
Often simplifies PBX integration with
multiple mediation servers
External applications often don’t understand
DNS LB or treat it as DNS RR
HA for Lync edge services including legacy,
PIC and XMPP federation
1
2
3
4
7. Role
High
Availability
Load
Balancer
DNS
Balancing
Standard edition
server
Not available N/A N/A
Enterprise edition
front end server
Deploy multiple server in a pool and use load
balancing
Yes Yes
Back end server
SQL server uses windows clustering for high
availability
No No
A/V conferencing
server
Deploy multiple servers in a pool. Load balancing
not required
N/A N/A
Edge Server
Deploy multiple servers in a pool and use load
balancing
Yes Yes
Mediation server
Deploy multiple servers in a pool and use load
balancing
Yes Yes
Monitoring
Standby server (MSMQ) on the front-end queues
messages in the event of a failure
No No
Archiving
Standby server (MSMQ) on the front-end queues
messages in the event of a failure
No No
Director
Deploy multiple servers in a pool and use load
balancing
Yes Yes
File sever Use Windows cluster or distributed file system Yes Yes
8. Basic HTTPS Load
Balancing
No more cookie
insertion for mobile!
Lync 2013 Web Services
Be sure to turn on
HTTP->HTTPS
Redirection
Separate Virtual IPs
for Internal &
External Web
Services
9. Create a virtual service
on port 443 for Lync
Edge External
Conferencing
Set HTTP 302 Redirect
with redirect URL set to
https://%h%s
In the virtual service status menu you will see “Redirect”
HTTP to HTTPS Redirection
10. Load Balancing Mediation Pools
Required for most ITSPs for direct connectivity
without an SBC
Required for IP PBXs that don’t support
DNS-LB – and that’s almost all of them
Ensure equal load balancing
Easier maintenance and testing
1
2
3
4
11. SNAT Load Balancing (Full-
NAT) for gateway/PBX side
of Mediation Server Pool
Use if Gateway doesn’t
support DNS LB to simplify
Gateway/PBX configuration
Best Practices for LB Mediation
12. Lync
2013
Mobile
Client
Windows
8
Lync
App
Lync
2013
Desktop
client
Load
Balancer
Internet DMZ Internal
Network
Active
Directory
Lync
2013
Mobile
Client Lync
2013
Desktop
client
Lync
Front-‐End
Pool
Mirrored
Back-‐End
Servers
Office
Web
Apps
Server
Load
Balancer
Lync
Edge
Pool
Reverse
Proxy
Lync 2013 Reverse Proxy
13. Device deployed between clients and servers, usually in the DMZ,
and interacts with servers and services on behalf of the client
Commonly used to provide load balancing for availability
and scalability
Terminates TCP traffic
Protects internal HTTP servers by providing a single point of
access to the internal network
Full reverse proxies provide advanced Layer 7 features such as
SSL acceleration, traffic management, intrusion prevention,
content acceleration, etc.
More than NAT
Reverse Proxy – What is it?
1
2
3
4
5
6
15. Load balance port 80 and 443
Translate to server ports 8080 and 4443
Can not use pre-authentication
No persistence is required
Alternatively check /meet/blank.html instead of 5061 to
ensure IIS is working
Use 20 minute TCP session timeout
Use 1800 seconds TCP idle timeout
Health check on port 5061, or use hardware load balancer
monitoring port from topology if defined
Lync 2013 Web Services Reverse Proxy
1
2
3
4
5
6
7
8
16. Enable and Reencrypt SSL
Load balance port TCP/443
Office Web Apps Publishing
Use Source IP for persistence with 30 minute
timeout, use other methods if NAT or
concentrators are involved
Perform healthcheck on /hosting/discovery,
using HTTP GET
1
Use 1800 seconds Idle timeout
2
3
4
5
17. • CAS Array is no more!
• Client Access is stateless proxy
• Load balancing requirements are simplified
• SSL Termination at load balancer isn’t required
• Session affinity isn’t required enabling even
distribution of connections
• Service Pack 1
• SSL Offloading is now possible
• MAPI/HTTP is new transport mechanism
What’s new in Exchange 2013
18. Exchange 2013
Publishing/Load
Balancing/Security
• Provide high availability for client
connections
• Pre-authenticate external clients
• Layered security with vDir filtering
and IP filtering
• Single Sign-on with other applications
(i.e. SharePoint)
• Relay SMTP for external apps w/
domain filtering
• Content switching for publishing on
shared public IP address
19. Managed Availability
• Monitors end user Experience
• Provides health state of Exchange components
• Each component has dynamic healthcheck.htm
Load Balancing at Layer 4
• No SSL termination on Load Balancer
• No advanced configuration (i.e. cookie affinity)
Load Balancing at Layer 7
• More advanced configuration
• Requires SSL termination at Load Balancer
• More granular health checks with single namespace
• Granular control over failures
Load Balancing in Exchange 2013
20. DMZ Internal Network
Edge Security and Reverse
Proxy for Exchange
Load Balancer /
Reverse Proxy
Exchange CAS
Exchange CAS
Exchange CAS
22. About Kemp
KEMP Designs & Develops Load
Balancer and ADC Software
Enabling our customers to achieve
optimal application performance w/:
• High Availability
• Scalability
• Acceleration
• Security
KEMP – Fastest Growing ADC
Vendor, #3 WW Units Shipped
Cloud ADCs Bare Metal ADCs Virtual ADC Appliances ADC H/W Appliances
Price/Performance leader with ubiquitous
platform deployments :
• 20,000+ WW customer deployments
• Microsoft Gold Certified Partner –
Messaging and Communications
• Pricing starts at $1,990
• Free Trial - http://bit.ly/KEMPWebinar
(case sensitive)
23. More info on KEMP at
http://www.KEMPTechnologies.com
!
Follow KEMP at:
@KEMPtech
More on Modality Systems at
http://www.modalitysystems.com
alex.lewis@modalitysystems.com
@modalitysystems
@alexlewis
24. Watch our other webinars here:
http://kemptechnologies.com/en/load-
balancing-webinars-and-videos