Plan, Install, Configure and

Manage Client Access:

Implement Load Balancing



Implement load balancing
This objective may include but is not
limited to:
Configure namespace load balancing
Configure Session Initiation Protocol (SIP) load
balancing
Plan for differences between layer seven and layer
four load balancing methods
Configure Windows Network Load Balancing
(WNLB)
The Company:
From A to Z Eventaganza

Problem:
They have HA of their Mailbox
servers but not their CAS

Goal:
Review options to provide solid
load balancing and availability
Scenario: Event Planners

Load balancing with 2010 was a real pain and was costly

Distributing MAPI traffic across an RPC CAS array was
painful and the need for Layer 7 load balancers that
included all these awesome features like SSL offloading,
service level monitoring and so forth, was expensive

And that expense has to be considered in pairs because
you need TWO load balancers per implementation if you
wish to have redundancy of your balancers too

Client Access arrays and Exchange 2013: Not required
Looking Backwards at 2010
The CAS role has been altered to be stateless and act as a proxy
with no rendering done on the CAS

It authenticates a user and proxies the request back to the
Mailbox server where the users mailbox resides where all the
rendering is done

All client interaction is now done through HTTPS with Outlook
Anywhere (even internal clients) so MAPI or RPC client access is
not longer used for client interaction

The CAS role is now the entry point for UM. UM connects by
sending a SIP request to the UM call router in the CAS which
answers the request and sends a SIP redirection to the caller
who can connect to the MB server through SIP and RTP directly
Improvements to Exchange 2013 Client Access
Affinity
Load Balancers
Client Access Server Mailbox Server
Outlook or OWA
End-User
Mailbox Server
Mailbox Server
Client Access Server
Client Access DAG
There are some great improvements in the architecture of
Exchange 2013 that make for a better load balancing/high
availability implementation

For example, the use of only one protocol in HTTPS, a new
method of handling HTTP cookies during forms based
authentication, etc

The new authentication method where rendering is handled on
the Mailbox side means (if all Client Access servers have the
same SSL cert) the session can go through either CAS

These adjustments make it possible for Layer 4 load balancers to
be used now
Load Balancing Improvements
For starters, to have higher availability or load balancing
you need more than one Client Access server

To achieve both high availability and load balancing you can
use:
DNS round robin (no real load balancing)
Network Load Balancing
Hardware/Virtual load balancing
CAS High Availability and Load Balancing
Not the best option nor is it typically recommended over a
hardware-based (or virtual) load balancer or even NLB

The failover takes place at the client level as it reaches out
for a DNS record for your Client Access servers and is
provided one of the options you have configured

Logically you need multiple CAS to make this work and you
have to configure multiple A records for IP addresses of
your CAS servers

Remember there is no true load balancing or automatic
failover with round-robin
DNS Round Robin
NLB is built right into Windows Server OS and it allows you
to distribute the load between your Client Access servers

You assign a virtual IP along with the typical IP address for
each member of the NLB cluster

Because the client uses the VIP to connect, if a CAS is
unavailable the NLB will connect the client to a different
CAS

NLB is fine for labs and small environments where the
expense of a hardware load balancer is an issue
Windows Network Load Balancing
NLB cannot be used with Exchange if the CAS is located on
a Mailbox server part of a DAG (NLB is not compatible with
Windows clustering)

NLB doesnt detect service outages (only outages by IP)

NLB can result in port flooding

Not a good solution for small IP pools because it only does
client affinity using the source IP
WNLB Limitations
Also uses a virtual IP (VIP) but is much more sophisticated
than NLB

Performance is better with a real load balancing solution
Hardware-based (virtual) Load Balancing
As mentioned a bit earlier the new architectural changes
with regard to the Client Access server makes it so that you
dont need all the expensive Layer 7 intelligence and a
Layer 4 load balancer is typically all you need

Layer 4 load balancers (in a basic form) can also determine
if a server is in a failure state or check for specific services
(like OWA) and ensure it is up and running

Layer 4 load balancers cannot do is determine amongst
multiple services if a single service is down and reroute just
that service (that requires Layer 7)
Layer 4 vs. Layer 7
Namespace Options with Load Balancing
Load Balancers
Client Access Server
Outlook or OWA
End-User
Client Access Server
Client Access
OWA/ECP/OA/EWS
OWA/ECP/OA/EWS
OWA/ECP/OA/EWS
externalurl.domain.com
Layer 4 and Layer 7 with single namespace
Namespace Options with Load Balancing
Load Balancers
Client Access Server
Outlook or OWA
End-User
Client Access Server
Client Access
ECP
OA
owa.domain.com
Layer 4 with multiple namespaces
OWA
EWS
OAB
ecp.domain.com
oa.domain.com
ews.domain.com
oas.domain.com
ECP
OA
OWA
EWS
OAB
The namespace model within Exchange 2013 has been simplified
and this benefits us with load balancing with regard to number
of namespaces needed to make it happen

Here is what we needed with 2010:
Primary and secondary datacenter Internet protocol namespaces (2)
Primary and secondary datacenter OWA failback namespaces (2)
Primary and secondary datacenter RPC Client Access namespaces (2)
Autodiscover namespace (1)
Legacy namespace (1)
Transport namespace (depending on if you were doing ad-hoc or partner-to-partner
encryption) (1)

There are still a lot of namespaces needed in a site resilient
design but 2 are no longer needed
Namespaces and Site Resiliency
After reviewing all the options it appears they have
decided to go with two Kemp load balancers using
Layer 7 (for the added functionalities over Layer 4)

They will make sure all CAS servers use the same
SSL certificate

They are also looking at providing site resilience in
the future and appreciate that fewer namespaces
will need to be considered
Scenario: From A to Z Eventaganza
Additional Research
Load Balancing (TechNet)
http://technet.microsoft.com/en-us/library/jj898588(v=exchg.150).aspx

Introducing Load Balancing in Exchange 2013 with Steve
Goodman (Part 1)
http://www.msexchange.org/articles-tutorials/exchange-server-2013/high-
availability-recovery/introducing-load-balancing-exchange-server-2013-
part1.html

Introducing Load Balancing in Exchange 2013 with Steve
Goodman (Part 2)
http://www.msexchange.org/articles-tutorials/exchange-server-2013/high-
availability-recovery/introducing-load-balancing-exchange-server-2013-
part2.html