Transcript
Publikowanie i Load Balancing serwerów Lync na przykładzie urządzeń KempKonrad SagałaArchitekt systemów ITAPN Promise S.A.
Podstawowe funkcje Lync 2013Front-end server running all workloads.
SQL Server backend.
Edge server.
Persistent chat Server.
Monitoring database.
Exchange.
System Center.
SharePoint WAC*.
2
Publicclouds
Federatedbusinesses
Remoteusers SQL
Front end
servers
Back end SQL server
Web access and mobile
PSTN
ADActive
directory
SQL
Monitoring
Exchange UM and
archiving
System
Center
WAC
Lync endpoints
FPO
Edge server
DMZ
Optional persistent chat pool
XMPP Gw
Central Mgt
Voice routing
Conferencing
Lync Web App
Mobile
SIP registrar
*New in Lync Server 2013
3
Microsoft Lync Server 2010/2013 Load Balancer1. Front End pools, Director pools, and or Edge Server
pools2. Layer 7 health checking3. Load balancing for the internal and external web
services (DNS)4. High availability5. SSL offload/acceleration, network traffic optimization6. High-speed load balancing
4
Load Balancing usług Lync
HTTP traffic requires a hardware load balancer instead of DNS load balancing
Federation with Office Communications Server 2007 Connectivity to public IM users Exchange UM for remote users using Exchange UM prior to
Exchange 2010 with SP1 High availability for Lync edge services, persistance legacy, PIC (public internet connectivity) and XMPP federation
(presence protocol)
Lync Server 2010/2013 supports two types of load balancing :1. (DNS) load balancing 2. Hardware load balancing.
HTTPs
All other Traffic
All Traffic through Load BalancersAll Protocols (SIP, Media, HTTPs, …)
Only HTTPs through Load BalancersAll other traffic is Direct to FE Servers
Dlaczego potrzebujemy load balancer w Lync 2010/2013
Front-End Server with KEMP Loadmaster : Front-End Server DNS load balanced, WebServices Hardware load balanced:
Edge Server with KEMP Loadmaster
Situation DNS load balancing supported?
DNS load balancing recommended?
Hardware load balancer (only) recommended?
All or most users homed in the pool run Lync Server 2010 clients.
Yes Yes
Many users homed in the pool still running older clients.
Yes Yes
Interoperates only with other servers running Lync Server 2010.
Yes Yes
Interoperates with many servers running earlier versions of Office Communications Server.
Yes Yes
Running Exchange UM with Exchange 2010 SP1 (or not running Exchange UM)
Yes Yes
Edge Security Pack• Microsoft announced the END-OF-LIFE of the Forefront Threat Management
Gateway (TMG) which has been a key component of the Exchange, Lync or SharePoint solution
• The KEMP Edge Security Pack (ESP) pack is designed to deliver a complete solution (based on Reverse Proxy function) using the KEMP LoadMaster line of load balancers to customers who would have previously deployed Microsoft TMG to publish their Microsoft applications
1. End Point Authentication for Pre-Auth2. Persistent Logging and Reporting for User
Logging3. Single Sign On across Virtual Services4. LDAP authentication from the LoadMaster to
the Active Directory5. NTLM and Basic authentication
communication from a Client to the LoadMaster
1. Persistent Logging and Reporting for User Logging2. Single Sign On Across Virtual Services3. LDAP Authentication from the LoadMaster to the Active Directory4. NTLM and Basic Authentication Communication from a Client to the LoadMaster5. Hide the existence and characteristics of an origin server or servers…… SNAT6. In the case of secure websites offloads the task of SSL acceleration is offloaded to the KEMP Load balancer…..SSL acceleration7. A reverse proxy has to reduce load on its origin servers by……Caching ( web acceleration)8. A reverse proxy can optimize content by compressing it in order to speed up loading times……Compression 9. A reverse proxy has to distribute the load from incoming requests to several servers …. Load Balancing Load-Balanced
Pools Supported NAT Modes
Notes
Enterprise pools and Communicator Web Access
Full-NAT (SNAT)
Half-NAT is not supported for load balancing of internal pools because inter-server communications within an internal pool fail when servers in the pool try to connect to their own VIP
Edge pools Full-NAT (SNAT)
and
Half-NAT (DNAT)
The VIP for the external interface of Edge Servers should be set to half-NAT or full-NAT only for traffic to the edge (for each VIP that is used for Edge Servers and HTTP). Also, NAT is not supported for the IP address of the external interface of the A/V Edge Server of an Edge Server, so the IP address of the external interface of the A/V Edge service on each Edge Server must be publicly routable (no NAT).
Funkcje reverse proxy
Kemp LoadMaster Updates
9
• November 2013 - Version 7.0-10a• Templates for Lync Server Scenario,• New virtual machines with Windows 2012/Windows 8 Support,• Lot of small improvements and bug fixes.
• February 2014 – Version 7.0-12a• Support for Windows 2012R2/Windows 8.1/Vmware 5.5,• SSL Enhancements - TLS 1.2 support, SNI support , enhanced
client certificates and configurable ciphers have been added,• ESP functionality enhancement - Idle and session timeout can
be set and it is possible to switch between idle and session timeout
• Lot of small improvements and bug fixes.
Kemp LoadMaster Templates
10
Kemp LoadMaster – VIP from Template
11
Kemp LoadMaster – few services on one IP
12
Interesting articles:http://michaelvh.wordpress.com/2014/01/03/publishing-multiple-services-to-the-internet-on-a-single-ip-address-using-a-kemp-load-balancer-and-content-switching-rules/
http://michaelvh.wordpress.com/2014/01/30/rewriting-urls-with-kemp-loadmaster/
Q & A
top related