Complete guide on configuring KEMP VLM load balancer for Exchange 2013

Andersson · November 11, 2012

Introduction

Since Exchange Server 2013 reached RTM the 11th of October, and finally it was published to MSDN the 24th of October. This post is based on the RTM version of Exchange 2013.

I decided to write a post that included both the KEMP configuration together with the Exchange 2013 configuration. I’ve also seen that Jaap Wesselius have posted an article regarding this topic already, it’s my hope that I can fill the gap regarding the complete configuration of both Exchange and the load balancer.

For illustrating my lab environment, see the picture below.

On the left side is the “client” which tries to connect, in the middle is the load balancers and to the right are my two Exchange 2013 servers.

I did decide to have one namespace per service for having a better flexibility, however this is NOT required. But the advantage for having it like this is that the load balancer can check the health of each component. If one component is not working, it’s just disabling that service from the corresponding server, and not the whole server.

But an disadvantage is a increased cost for the certificate and the load balancer get’s a bit more complex.

I’m using the Virtual LoadMaster which resides in different versions (in the end of my post I will provide some links regarding versions etc).

Initial configuration

My configuration is a two-leg load balancer, where the first leg is placed as an administrative IP (management IP) and the other leg (NIC) is placed into my server/client segment.

The initial configuration is done by providing a license key.

Go to System Configuration –> Interfaces –> eth0 for configuring the IP address of the first network card.

System Configuration –> Local DNS Configuration –> Hostname configuration for giving the VLM a hostname.

System Configuration –> Local DNS Configuration –> DNS configuration for configuring the VLM with a domain and DNS server.

System Configuration –> Route Management –> Default Gateway for configuring the VLM with a default gateway.

Often it’s required to have the VLM understand other networks and can route traffic to them, for configuring additional route go to System Configuration –> Route Management –> Additional Routes.

Don’t forget to configure the date and time on the VLM, go to System Configuration –> System Administration –> Date/Time. I’ve configured to use “ntp.lth.se” as my NTP server, it’s recommended to use the NTP option.

When the configuration is done, a good tip is to take a backup of it, go to System Configuration –> System Administration –> Backup/Restore.

High Availability configuration

Kemp is providing a high availability cluster of two load balancing nodes, where one is active and one is passive (standby). I’ve been playing around with it and it works really good. The passive kicks in right away when the active one is broken or restarted/shutdown.

During a restart of the active node the passive becomes the active node.

In general, they share a cluster IP/name where the configuration is done and on each LB node the local settings can be done such as configuring date/time, IP addresses etc.

Start with the first node, for configuring this go to System Configuration –> Miscellaneous Options –> HA Parameters. Set it to “HA Mode: HA (First) Mode”.

Go to System Configuration –> Interfaces –> eth0. Give the load balancer cluster a IP address and also provide the IP address for the second node. Don’t forget to press the “Set Shared address” and “Set Partner address” buttons for saving the configuration. Then go back to System Configuration –> System Administration –> System Reboot. Restart the first node.

When the first node is back online, continue with the second node. Go to System Configuration –> Miscellaneous Options –> HA Parameters. Set it to “HA Mode: HA (Second) Mode”.

Example of my first node.

Example of my second node.

Creating and configuring load balancing services

I will create two examples for load balancing services, one for OWA and one for Outlook Anywhere.

Using these examples, you can easily creating services by yourself for the other ones.

OWA

Go to Virtual Services –> View/Modify Services –> Add New.

Type in the IP address for the service in the Virtual Address field, together with port, protocol and name.

Press “Add this Virtual Service”.

Make sure that “Force L7” is checked, but the “L7 Transparency” is unchecked.

Since Exchange 2013 doesn’t require persistence anymore, make sure that the option is set to “None”.

For the load method/Scheduling method, I’m using Round-Robin which is pretty much spreading the load on all servers.

Under “Real Servers”, let’s configure the health checks. Make sure it’s set to use HTTPS protocol. This together with URL: /owa. Don’t forget to press the “Set URL” button for saving the settings.

Let’s press the “Add New…” button under “Real Servers”. Add your Exchange 2013 Client Access servers. When all servers are added, press the Back button.

When everything is setup it should look like the figure below.

When you’re satisfied with the configuration, press the Back button. The services should then show up as green if the protocols are available.

Outlook Anywhere

Go to Virtual Services –> View/Modify Services –> Add New.

Type in the IP address for the service in the Virtual Address field, together with port, protocol and name.

Press “Add this Virtual Service”.

Make sure that “Force L7” is checked, while the “L7 Transparency” is unchecked.

Since Exchange 2013 doesn’t require persistence anymore, make sure that the option is set to “None”.

For the load method/Scheduling method, I’m using “Round-Robin” which is spreading the load to the servers.

Under “Real Servers”, let’s configure the health checks. Make sure it’s set to use HTTPS protocol. This together with URL: /rpc. Don’t forget to press the “Set URL” button for saving the settings.

Let’s press the “Add New…” button under “Real Servers”. Add your Exchange 2013 Client Access servers. When all servers are added, press the Back button.

Everything is now setup for load balancing the Outlook Anywhere function.

In the services console, it should look like below if the health is successfully verified.

Note: In my lab environment I’ve decided to not use L7 transparency since I don’t have any use for it. It is used when the Client Source IP address needs to show up at the CAS Servers. This can sometimes be important when using SMTP filters. So for proper load balancing, the traffic needs to flow through the load balancer, both back and forth. Therefore you need to change the Default Gateway settings of your servers, when you are activating the L7 Transparency.

Final tests

Let’s start with testing the load balancing functions so that Outlook is able to connect and that the connections are spread throughout the servers.

Here’s my final configuration, for clarifying that I’m using five different VIP’s, one for each service.

The figure below shows that Outlook 2013 profile is getting connected, I was using the autodiscover feature for configuring the Outlook profile. Both the InternalHostname and the ExternalHostname is configured to: outlook.testlabs.se in my scenario, on both my servers. For authentication I’m using NTLM.

Since Outlook 2013 was worked fine, it’s up to OWA to show up.

I reached the form-based authentication page and put in my credentials and finally got to the Inbox.

Did this a couple of times, together with login into the Admin Center for getting some more sessions in the load balancer.

This for checking so that the VLM spreads the load between the servers in a good way.

Below are two figures that shows how the sessions are spread between the servers.

To me this looks really good!

The first figure shows the servers and how the sessions are spread between them.

The second figure does show the services instead of the servers, this together with the total amount of connections last minute and up to the last hour.

These two figures together shows how the load is spread, since this is just a lab environment I don’t have an large amount of connections. It would be really interesting to see in a large enterprise environment how the load is spread between the servers.

Helpful links

General documentation

http://www.kemptechn...m/documentation

Sizing tool for load balancer (Exchange 2010)

http://www.kemptechn...hange-2010.html

Deployment guide

http://www.kemptechn...de_5_1_v1.6.pdf

Compare Load Balancer models

http://www.kemptechn...d-balancer.html

Exchange Load Balancers

http://www.kemptechn...hange-2010.html

Virtual Load Balancers