Publikowanie i Load Balancing serwerów Lync na przykładzie urządzeń KempKonrad SagałaArchitekt systemów ITAPN Promise S.A.

Podstawowe funkcje Lync 2013Front-end server running all workloads.

SQL Server backend.

Edge server.

Persistent chat Server.

Monitoring database.

Exchange.

System Center.

SharePoint WAC*.

2

Publicclouds

Federatedbusinesses

Remoteusers SQL

Front end

servers

Back end SQL server

Web access and mobile

PSTN

ADActive

directory

SQL

Monitoring

Exchange UM and

archiving

System

Center

WAC

Lync endpoints

FPO

Edge server

DMZ

Optional persistent chat pool

XMPP Gw

Central Mgt

Voice routing

Conferencing

Lync Web App

Mobile

SIP registrar

*New in Lync Server 2013

3

Microsoft Lync Server 2010/2013 Load Balancer1. Front End pools, Director pools, and or Edge Server

pools2. Layer 7 health checking3. Load balancing for the internal and external web

services (DNS)4. High availability5. SSL offload/acceleration, network traffic optimization6. High-speed load balancing

4

Load Balancing usług Lync

HTTP traffic requires a hardware load balancer instead of DNS load balancing

Federation with Office Communications Server 2007 Connectivity to public IM users Exchange UM for remote users using Exchange UM prior to

Exchange 2010 with SP1 High availability for Lync edge services, persistance legacy, PIC (public internet connectivity) and XMPP federation

(presence protocol)

Lync Server 2010/2013 supports two types of load balancing :1. (DNS) load balancing 2. Hardware load balancing.

HTTPs

All other Traffic

All Traffic through Load BalancersAll Protocols (SIP, Media, HTTPs, …)

Only HTTPs through Load BalancersAll other traffic is Direct to FE Servers

Dlaczego potrzebujemy load balancer w Lync 2010/2013

Front-End Server with KEMP Loadmaster : Front-End Server DNS load balanced, WebServices Hardware load balanced:

Edge Server with KEMP Loadmaster

Situation DNS load balancing supported?

DNS load balancing recommended?

Hardware load balancer (only) recommended?

All or most users homed in the pool run Lync Server 2010 clients.

Yes Yes

Many users homed in the pool still running older clients.

Yes Yes

Interoperates only with other servers running Lync Server 2010.

Yes Yes

Interoperates with many servers running earlier versions of Office Communications Server.

Yes Yes

Running Exchange UM with Exchange 2010 SP1 (or not running Exchange UM)

Yes Yes

Edge Security Pack• Microsoft announced the END-OF-LIFE of the Forefront Threat Management

Gateway (TMG) which has been a key component of the Exchange, Lync or SharePoint solution

• The KEMP Edge Security Pack (ESP) pack is designed to deliver a complete solution (based on Reverse Proxy function) using the KEMP LoadMaster line of load balancers to customers who would have previously deployed Microsoft TMG to publish their Microsoft applications

1. End Point Authentication for Pre-Auth2. Persistent Logging and Reporting for User

Logging3. Single Sign On across Virtual Services4. LDAP authentication from the LoadMaster to

the Active Directory5. NTLM and Basic authentication

communication from a Client to the LoadMaster

1. Persistent Logging and Reporting for User Logging2. Single Sign On Across Virtual Services3. LDAP Authentication from the LoadMaster to the Active Directory4. NTLM and Basic Authentication Communication from a Client to the LoadMaster5. Hide the existence and characteristics of an origin server or servers…… SNAT6. In the case of secure websites offloads the task of SSL acceleration is offloaded to the KEMP Load balancer…..SSL acceleration7. A reverse proxy has to reduce load on its origin servers by……Caching ( web acceleration)8. A reverse proxy can optimize content by compressing it in order to speed up loading times……Compression 9. A reverse proxy has to distribute the load from incoming requests to several servers …. Load Balancing Load-Balanced

Pools Supported NAT Modes

Notes

Enterprise pools and Communicator Web Access

Full-NAT (SNAT)

Half-NAT is not supported for load balancing of internal pools because inter-server communications within an internal pool fail when servers in the pool try to connect to their own VIP

Edge pools Full-NAT (SNAT)

and

Half-NAT (DNAT)

The VIP for the external interface of Edge Servers should be set to half-NAT or full-NAT only for traffic to the edge (for each VIP that is used for Edge Servers and HTTP). Also, NAT is not supported for the IP address of the external interface of the A/V Edge Server of an Edge Server, so the IP address of the external interface of the A/V Edge service on each Edge Server must be publicly routable (no NAT).

Funkcje reverse proxy

Kemp LoadMaster Updates

9

• November 2013 - Version 7.0-10a• Templates for Lync Server Scenario,• New virtual machines with Windows 2012/Windows 8 Support,• Lot of small improvements and bug fixes.

• February 2014 – Version 7.0-12a• Support for Windows 2012R2/Windows 8.1/Vmware 5.5,• SSL Enhancements  -  TLS 1.2 support, SNI support , enhanced

client certificates and configurable ciphers have been added,• ESP functionality enhancement - Idle and session timeout can

be set and it is possible to switch between idle and session timeout

• Lot of small improvements and bug fixes.

Kemp LoadMaster Templates

10

Kemp LoadMaster – VIP from Template

11

Kemp LoadMaster – few services on one IP

12

Interesting articles:http://michaelvh.wordpress.com/2014/01/03/publishing-multiple-services-to-the-internet-on-a-single-ip-address-using-a-kemp-load-balancer-and-content-switching-rules/

http://michaelvh.wordpress.com/2014/01/30/rewriting-urls-with-kemp-loadmaster/

Q & A