CAS Array

Complete guide on configuring KEMP VLM load balancer for Exchange 2013

Complete guide on configuring KEMP VLM load balancer for Exchange 2013

Introduction

Published: 2012-11-02
Updated: 2013-04-24
Version: 1.1

Update:
Made some updates regarding the health check for the OWA and Outlook Anywhere service.

Since Exchange Server 2013 reached RTM the 11th of October, and finally it was published to MSDN the 24th of October. This post is based on the RTM version of Exchange 2013.

I decided to write a post that included both the KEMP configuration together with the Exchange 2013 configuration. I’ve also seen that Jaap Wesselius have posted an article regarding this topic already, it’s my hope that I can fill the gap regarding the complete configuration of both Exchange and the load balancer.

For illustrating my lab environment, see the picture below.

On the left side is the “client” which tries to connect, in the middle is the load balancers and to the right are my two Exchange 2013 servers.

Drawing1

I did decide to have one namespace per service for having a better flexibility, however this is NOT required. But the advantage for having it like this is that the load balancer can check the health of each component. If one component is not working, it’s just disabling that service from the corresponding server, and not the whole server.
But an disadvantage is a increased cost for the certificate and the load balancer get’s a bit more complex.

I’m using the Virtual LoadMaster which resides in different versions (in the end of my post I will provide some links regarding versions etc).

Initial configuration

My configuration is a two-leg load balancer, where the first leg is placed into the client network segment and the other leg (NIC) is placed into my server segment.

The initial configuration is done by providing a license key.

image

Go to System Configuration –> Interfaces –> eth0 for configuring the IP address of the first network card.

image

System Configuration –> Local DNS Configuration –> Hostname configuration for giving the VLM a hostname.

image

System Configuration –> Local DNS Configuration –> DNS configuration for configuring the VLM with a domain and DNS server.

image

System Configuration –> Route Management –> Default Gateway for configuring the VLM with a default gateway.

image

Often it’s required to have the VLM understand other networks and can route traffic to them, for configuring additional route go to System Configuration –> Route Management –> Additional Routes.

image

Don’t forget to configure the date and time on the VLM, go to System Configuration –> System Administration –> Date/Time. I’ve configured to use “ntp.lth.se” as my NTP server, it’s recommended to use the NTP option.

image

When the configuration is done, a good tip is to take a backup of it, go to System Configuration –> System Administration –> Backup/Restore.

image

High Availability configuration

Kemp is providing a high availability cluster of two load balancing nodes, where one is active and one is passive (standby). I’ve been playing around with it and it works really good. The passive kicks in right away when the active one is broken or restarted/shutdown.

During a restart of the active node the passive becomes the active node.

In general, they share a cluster IP/name where the configuration is done and on each LB node the local settings can be done such as configuring date/time, IP addresses etc.

Start with the first node, for configuring this go to System Configuration –> Miscellaneous Options –> HA Parameters. Set it to “HA Mode: HA (First) Mode”.

image

Go to System Configuration –> Interfaces –> eth0. Give the load balancer cluster a IP address and also provide the IP address for the second node. Don’t forget to press the “Set Shared address” and “Set Partner address” buttons for saving the configuration. Then go back to System Configuration –> System Administration –> System Reboot. Restart the first node.

When the first node is back online, continue with the second node. Go to System Configuration –> Miscellaneous Options –> HA Parameters. Set it to “HA Mode: HA (Second) Mode”.

image

Example of my first node.

image

Example of my second node.

image

Creating and configuring load balancing services

I will create two examples for load balancing services, one for OWA and one for Outlook Anywhere.
Using these examples, you can easily creating services by yourself for the other ones.

OWA

Go to Virtual Services –> View/Modify Services –> Add New.

image

Type in the IP address for the service in the Virtual Address field, together with port, protocol and name.
Press “Add this Virtual Service”.

image

Make sure that “Force L7” is checked, but the “L7 Transparency” is unchecked.
Since Exchange 2013 doesn’t require persistence anymore, make sure that the option is set to “None”.
For the load method/Scheduling method, I’m using Round-Robin which is pretty much spreading the load on all servers.

image

Update:
Under “Real Servers”, let’s configure the health checks. Make sure it’s set to use HTTPS protocol. This together with Checked Port: “443” and URL: “/owa/healthcheck.htm”. Don’t forget to press the “Set URL” button for saving the settings. Check the option “Use HTTP/1.1” and select GET as the HTTP Method.

image

Let’s press the “Add New…” button under “Real Servers”. Add your Exchange 2013 Client Access servers. When all servers are added, press the Back button. (I’m using multirole servers, so all of them are added)

image

When everything is setup it should look like the figure below.

image

When you’re satisfied with the configuration, press the Back button. The services should then show up as green if the protocols are available.

image

Outlook Anywhere

Go to Virtual Services –> View/Modify Services –> Add New.

image

Type in the IP address for the service in the Virtual Address field, together with port, protocol and name.
Press “Add this Virtual Service”.

image

Make sure that “Force L7” is checked, while the “L7 Transparency” is unchecked.
Since Exchange 2013 doesn’t require persistence anymore, make sure that the option is set to “None”.
For the load method/Scheduling method, I’m using “Round-Robin” which is spreading the load to the servers.

image

Update:
Under “Real Servers”, let’s configure the health checks. Make sure it’s set to use HTTPS protocol. This together with Port: 443 and URL: “/rpc/healthcheck.htm”. Don’t forget to press the “Set URL” button for saving the settings. Also check the option “Use HTTP/1.1” and select GET as the HTTP Method.

image

Let’s press the “Add New…” button under “Real Servers”. Add your Exchange 2013 Client Access servers. When all servers are added, press the Back button.

image

Everything is now setup for load balancing the Outlook Anywhere function.

image

In the services console, it should look like below if the health is successfully verified.

image

Note: In my lab environment I’ve decided to not use L7 transparency since I don’t have any use for it. It is used when the Client Source IP address needs to show up at the CAS Servers. This can sometimes be important when using SMTP filters. So for proper load balancing, the traffic needs to flow through the load balancer, both back and forth. Therefore you need to change the Default Gateway settings of your servers, when you are activating the L7 Transparency.

Final tests

Let’s start with testing the load balancing functions so that Outlook is able to connect and that the connections are spread throughout the servers.

Here’s my final configuration, for clarifying that I’m using five different VIP’s, one for each service.

image

The figure below shows that Outlook 2013 profile is getting connected, I was using the autodiscover feature for configuring the Outlook profile. Both the InternalHostname and the ExternalHostname is configured to: outlook.testlabs.se in my scenario, on both my servers. For authentication I’m using NTLM.

image

Since Outlook 2013 was worked fine, it’s up to OWA to show up.
I reached the form-based authentication page and put in my credentials and finally got to the Inbox.
Did this a couple of times, together with login into the Admin Center for getting some more sessions in the load balancer.
This for checking so that the VLM spreads the load between the servers in a good way.

image

image

Below are two figures that shows how the sessions are spread between the servers.
To me this looks really good!
The first figure shows the servers and how the sessions are spread between them.
The second figure does show the services instead of the servers, this together with the total amount of connections last minute and up to the last hour.

These two figures together shows how the load is spread, since this is just a lab environment I don’t have an large amount of connections. It would be really interesting to see in a large enterprise environment how the load is spread between the servers.

image

image

Helpful links

General documentation
http://www.kemptechnologies.com/documentation

Sizing tool for load balancer (Exchange 2010)
http://www.kemptechnologies.com/emea/loadmaster-sizing-for-ms-exchange-2010.html

Deployment guide
http://www.kemptechnologies.com/fileadmin/content/pdf/KEMP_Exchange_2010_Deployment_Guide_5_1_v1.6.pdf

Compare Load Balancer models
http://www.kemptechnologies.com/emea/products/server-load-balancing-internet-router-load-balancer.html

Exchange Load Balancers
http://www.kemptechnologies.com/emea/loadbalancingresource/ms-exchange-2010.html

Virtual Load Balancers
http://www.kemptechnologies.com/emea/products/virtual-load-balancers/vlm-overview.html

Multi-Site Load Balancers
http://www.kemptechnologies.com/emea/products/multi-site-load-balancers/overview.html

Thanks for reading!
I hope that this was informative and interesting to read, please feel free to provide feedback

Regards,
Jonas Andersson

Exchange Server 2013 Preview – Part 4: Configure DAG, CAS Array and Public Folders

Exchange Server 2013 Preview – Part 4: Configure DAG, CAS Array and Public Folders

In this series of posts, you can read about the fresh release of Exchange 2013 beta/Preview.
The posts are done as “how-to” posts with configuration examples from both Exchange Administration Console (EAC) and Exchange Management Shell (EMS).

Earlier parts can be found below:

Part 1: Installation guide
Part 2: Basic configuration
Part 3: Continue of configuration, URL’s etc.

At the end of the post, I will link to some interesting TechNet articles around High Availability, Disaster Recovery, Site resilience and Public Folder migration.

Note: My posts around Exchange 2013 Preview/beta are based on Beta information and it could be changed before it will be released (RTM).

Database Availability Group (DAG)

If this expression is new to you, here are some background information.
The DAG is the new cluster technology from Exchange 2010 and also included in 2013. It give us the opportunity to have a mailbox database replicated between two or more servers, the DAG can have utilize up to 16 copies of each database (16 different servers). The advantage of this is that if one server fails, it’s easy and very fast for doing switchover/failover to another server.

Some interesting changes around databases are that each database runs under it’s own process in Windows. Store (ESE) is totally rewritten, again.. which means you can’t use databases from older versions of Exchange directly on Exchange 2013. I have also read that IOPS requirements for databases have been reduced with another 50% from Exchange 2010, but I haven’t read it officially so maybe it’s just a rumor. We’ll see what happens when it’s being release and probably Microsoft will release an update mailbox calculator.

DAG is available for both Standard and Enterprise version of Exchange, and supported to run on both Windows 2008 R2 and Windows Server 8. Though all DAG members needs to run the same OS version.

Let’s get ready to create the DAG and add the Databases as copies on each DAG member/node.

Using EAC: It’s time to like the new EAC “console”.

Running “ipconfig” on both mailbox servers, for checking the IP addresses. Both for the MAPI network and the Replication network.

image

image

Go into Control Panel and check the network interfaces,

image

Login to the EAC, go to Servers and select Database Availability Group. Press Add button (+).

image

Type in DAG name, Witness Server, Witness directory and DAG IP. Press Save.

image

When the DAG is created, select it and Press Edit. Check the option “Configure database availability group network manually”. Press Save.

image

It’s now time for adding the mailbox servers into the DAG, this by pressing “Manage membership” button.

image

Press the Add button (+) and add the mailbox servers.

image

Add the mailbox servers that should reside in the DAG. Press OK.

image

Press Save.

image

The configuration now gets saved, failover clustering was installed on mailbox servers. Press Close.

image

Next thing to do it the DAG Networks, as you can see in the right bottom corner, a network called “MapiDagNetwork” has been created. I want to have the control over these networks so I will create my own.
Start by pressing “New DAG Network”. I’m about to create two new networks.

image

I will give the first network a name like MAPI Network, and assign the Subnet to it where the clients are supposed to connect. Press Save.

image

My second network will be called Replication Network, since that it’s purpose and also assign it to the correct Subnet. Press Save.

image¨

Since we now have created those two network, let’s remove the automatic created one by pressing “Remove” button.

image

Press OK.

image

The MAPI Network is not supposed to be used as replication network, so let’s disable that function by pressing “Disable Replication” on the MAPI network. Press OK.

image

The DAG should now show two networks called MAPI and Replication. The MAPI Network should not be enabled for replication.

image

Final DAG configuration

The last step (just a recommendation) is to enable the DAC mode, this for preventing split brain syndrome. Which means that you end up with having same database mounted on two (or more) different servers. More info about DAC mode can be found on the link in the end of the post.

This can’t be done through EAC (maybe that will change to RTM). So let’s start up Exchange Management Shell (EMC).

Set-DatabaseAvailabilityGroup –Identity DAG01 –DatacenterActivationMode DagOnly

image

Database copies

On each mailbox database we now need to add a copy to another server for having the redundancy.

In the menu, go to Databases and select one database, then press the Add database copy button.

image

Specify mailbox server that at the moments doesn’t hold a copy of the database and add it by pressing the browse button. Press Save.

Note: In this menu you also have the option to configure lag time (if using lagging node).

image

The database now get’s copied (Seeding).

image

Then do the same procedure on all of your databases.

image

Press Close, when the operation is done.

image

Do the same procedure on all of your databases.

image

The seeding operation is running.

image

Press Close.

image

It might take a while (some minutes..) until it get’s Healthy and everything has been checked and verified.
In my test environment it took around 15min to be fine. It should look like the picture below when everything is completed.

image

Using PowerShell: The Web interface is nice to work with. But I prefer the PowerShell, because I have the full control over what’s going on.

Let’s start with creating the DAG by using the command below:

New-DatabaseAvailabilityGroup –Name DAG01 –WitnessServer TLCAS01 –WitnessDirectory C:\FSW_DAG01 –DatabaseAvailabilityGroupIpAddresses 172.16.1.15

Configure the DAG so that the networks can be manually configured:
Set-DatabaseAvailabilityGroup –Identity DAG01 –ManualDagNetworkConfiguration $True

Add the mailbox servers into the DAG:
Add-DatabaseAvailabilityGroupServer –Identity DAG01 –MailboxServer TLMB01
Add-DatabaseAvailabilityGroupServer –Identity DAG01 –MailboxServer TLMB02

Enable DAC mode for the DAG:
Set-DatabaseAvailabilityGroup –Identity DAG01 –DatacenterActivationMode DagOnly

List the DAG Networks:
Get-DatabaseAvailabilityGroupNetwork

Create two new DAG Networks, one for Mapi and one for Replication:
New-DatabaseAvailabilityGroupNetwork –DatabaseAvailabilityGroup DAG01 –Name Mapi –Description “Mapi Network” –ReplicationEnabled $False –Subnets “172.16.1.0/24”

New-DatabaseAvailabilityGroupNetwork –DatabaseAvailabilityGroup DAG01 –Name Replication –Description “Replication Network” –ReplicationEnabled $True –Subnets “10.0.0.0/8”

Remove the automated created network, it will not be used:
Remove-DatabaseAvailabilityGroupNetwork –Identity DAG01\MapiDagNetwork

image

image

image

Database copies

On each mailbox database we now need to add a copy to another server for having the redundancy.

Specify a mailbox server that at the moments doesn’t hold a copy of the database and add it by running the following commands.

Add-MailboxDatabaseCopy –Identity DB01 –MailboxServer TLMB02
Add-MailboxDatabaseCopy –Identity DB02 –MailboxServer TLMB02
Add-MailboxDatabaseCopy –Identity DB03 –MailboxServer TLMB02

image

Verify the replication status on each mailbox server:
Get-MailboxDatabaseCopyStatus –Server TLMB01
Get-MailboxDatabaseCopyStatus –Server TLMB02

image

Public Folders

The Public Folder databases are now gone, and transferred to “normal” mailboxes instead. The advantage of this is that the mailbox itself can now be replicated using DAG technology. This doesn’t mean that the public folder contents is replicated, it’s still required that you configure the public folder replication for the contents.

With “normal” mailbox I mean that they reside in the mailbox databases, just like user mailboxes does. However they can in someway be compared to shared and room, those are also special mailboxes.

If you decide to use the Public Folders in Exchange 2013, the first step will be to create a mailbox that holds the public folder hierarchy. This will be the writeable copy, you can have copies of the hierarchy. But you can only have one that is allowed to make changes/writeable.

How can the hierarchy mailbox be created?

Using EAC: Go to Public Folders section, this is the first warning/error message you will receive.
It means that you don’t have any public folder hierarchy (mailbox) created yet.

image

Go to the second public folder selection called “Public Folders Mailboxes”. Add (+), create the first mailbox for the public folders, so it’s hierarchy can be saved.

image

Give the mailbox a friendly name, example: PF_Hierarchy, place it into an organizational unit and select a mailbox database where it should be saved into. Press Save.

image

Now when the hierarchy is created, let’s create some test folders too.
Go back to “Public Folders”, press the Add (+) button. Give the public folder a name. Press Save.

image

If you want to configure any storage quota on the public folder content, press Edit and configure it. Statistics can also be found under Edit selection, which sometimes is valuable.

image

Just for testing purposes I did mail-enable the folder. By pressing the Enable button.

image

Press Yes.

image

Let’s check the properties for the folder again, now we see that we have lots of new settings. Here’s a small example how the Mail Flow settings looks like.

image

Using PowerShell: Start up Exchange Management Shell, the following commands will be used for creating the public folder hierarchy and contents folder.

Create the hierarchy by running the following command
New-Mailbox –Name PF_Hierarchy –Alias PF_Hierarchy –Database DB01 –OrganizationalUnit Users

This mailbox, like shared/room mailboxes is also disabled by default. This for not having the possibility to logon as this user.

Let’s create the folder named Testlabs
New-PublicFolder –Name Testlabs

Finally, mail enable the public folder
Enable-MailPublicFolder –Identity \Testlabs

image

We have public folders located in Exchange 2007/2010, what about them?

In the end of this post, you can find a link to a TechNet article, it provides you with a great step-by-step guide. I haven’t tried to migrate public folder contents from earlier versions of Exchange since SP3 for Exchange 2010 is required for having coexistence between Exchange 2010 and Exchange 2013. SP3 is right now under development/testing and no official information can be found.

When I get my hands on SP3, this will be one of the first things to try out.

Client Access Server Array

In my previous blog post I did write about some news regarding MAPI and RPC, where I did mention what changes been made. It can be found here.

The “new” Client Access Server role can now been seen as more of a traditional Front-End server.
It utilize as a front-end connection point and redirects/proxies (depending on method) the clients to it’s correct mailbox server.

After the architectural change around the CAS role, it’s now “stateless” which means there’s no need for the load balancer to configure affinity/sticky session. For example, it means that the clients is not required to have the connection established to the same CAS server for having the OWA to work. This means that all CAS servers now will serve all clients with connections to it’s mailbox endpoint server.

How to create a client access array?

Right now, I don’t see any specific reason for creating the CAS Array, since the traffic will be proxied from the CAS servers to the correct active Mailbox servers.

In an upcoming blog post I will cover how to configure the load balancing for Exchange 2013.

Upcoming topics: load balancing Exchange 2013 using different load balancers, database fail-over, move mailbox reports, disaster recovery etc.

But first it’s time for 3 weeks of vacation, until then. Keep on reading the posts and you’re more than welcome to comment on them.

Thanks for reading, I hope it did gave you some valuable information.

More information:

High Availability
http://technet.microsoft.com/en-us/library/dd638137%28v=exchg.150%29.aspx

DAC mode
http://technet.microsoft.com/en-us/library/dd979790.aspx

Client Access Server
http://technet.microsoft.com/en-us/library/dd298114%28v=exchg.150%29

Public Folder migration scenario
http://technet.microsoft.com/en-us/library/jj150486%28v=exchg.150%29