Why load balance Exchange
Every generation of Exchange had their own areas of specialty:
- Exchange 2003 forced us to learn about clustering and SAN’s
- Exchange 2007 made us PKI experts,
- Exchange 2010 on the other hand introduced us to load balancing
Before we dive into the specifics of the Kemp appliance, let’s review why the need for a load balancing Exchange 2010? And while we’re at it, Isn’t Windows NLB free?
Sure NLB is free, since it comes with the Windows OS, however there’s free and “free”. Yes it’s free since you receive it as part of the OS. However it’s fairly costly if you expect it to do anything more than OS based failover. Application level load balancing implies a number of things at minimum:
Define the application within the load balancer using application based protocols
The load balancer is aware of the health of the application
The load balancer is able to make a load balancing decision based on application health and existing load
Windows NLB does none of these things. It is unaware of the application health, and makes a failover decision based on if the OS NLB component is responding or not.
Exchange 2007 and Exchange 2010 are built very differently, due to the changes in high availability in the newer version of Exchange.
Exchange 2007 clustered mail stores could not support any additional roles, requiring a split between CAS/HUB and the mailbox role.
With Exchange 2010, Microsoft allows and actively recommends the combination of roles into logical units, i.e. “all in one” machines which are easy to scale out due to the identical configuration across nodes; A clustered mail server is able to host both the CAS and Hub role.
Which takes us back to why we need to load balance in the first place; The Exchange 2010 CAS role serves as the client end point for MAPI and HTTPS based traffic. Without launching into a discussion into name space planning, multiple CAS servers will respond to the same name space, e.g. https://mail.mycompany.com/owa. While responding to the request, the servers will also need to manage the authentication of the user, and it would be nice if the user didn’t need to re-authenticate randomly since the request may be going to multiple servers. Load balancers make load balancing decisions based on the known or assumed load of the service, and then once a client is directed to a particular server, keeps that client bound, or connected to the CAS server for the length of the users session. The preservation of that session without the user bouncing amongst servers is known as preserving the session state, and it is one of the more important functions when measuring a client’s experience.
Kemp VLM Overview
The Exchange Server 2010 Load Balancer Deployment page lists the load balancers which have been tested with Exchange 2010. A number are available as physical or virtual machines.
Often load balancers are licensed by the transactional capability on offer, specifically measured in transactions per second (TPS). The more transactions per second, the more expensive and/or larger the load balancer. Virtual models are really attractive in this regard, since they tend to be limited only by licensing or the resources allocated.
The Load balancer under review is one of the several virtual models Kemp has on offer, more information is available here.
Both physical models and virtual models support high availability, such that two devices may be paired and offer failover amongst each other. It is important to note that if you’re choosing to virtualize this function, you should not place both virtual machines on the same physical host. Note that due to the inclusion of two virtual network ports on the VLM’s, all virtual models may be deployed in a single or dual arm configuration.
Kemp VLM’s are available for Hyper-V and VMware. The download process is straight forward, allowing licensing to occur after the virtual machines are installed.
Basic setup and pairing the Virtual Machines into a redundant configuration is very straight forward, resulting in a virtual IP representing the redundant pair.
The next step is to choose a virtual IP address to represent the service in question, and use the templates to define the service. Kemp’s templates can make things a little too easy, and I elected to not use the MAPI template, I did however use the Exchange HTTPS templates.
The supplied template HTTPS template made setting up all HTTPS based services really simple, however I chose to not use the supplied MAPI template, since it load balances all ports, i.e. *, as opposed to a defined range I preferred to explicitly configure the defined port range for increased security. (Also, in larger implementations, load balancing all ports will lead to memory exhaustion on some other brands of load balancers.) As a result I created three rules for the RPC end point mapper, RPC and Address book respectively.
In my configuration I load balanced, HTTPS, MAPI and SMTP amongst other services. All of these used some form of state based load balancing, either based on source IP’s in simple configurations, or more complicated methods such as cookie based load balancing.
When creating such a configuration for the first time, the available options may be daunting; however Kemp supplies really good guidance in the form of quick start guides and best practice documentation. The HTTPS configuration on the left reveals the persistence options, the load balancing or scheduling method, as well as the health check methods included in the template to ensure that requests land on healthy and responding servers.
Monitoring and reporting on the various services was similarly straight forward. Often it can be difficult to measure the true impact of load balancing from the application itself. The included live reporting offers a detailed view on the service, allowing a review of the load balancing methods chosen for a particular service or live server.
The product is easy to learn and easy to use. The supplied guidance is straightforward and well written, allowing a complete novice to load balancing to deploy a configuration in a small amount of time. Without delving into specifics, the product is aggressively priced, especially comparing the unlimited VLM-1000, to high end models in the physical range. My overall experience with Kemp VLMs was more than pleasing.
Kemp VLM’s do what they say on the tin, so to speak, and I have no reservations recommending this product.