Microsoft Exchange 2013

1 Introduction

 The KEMP LoadMaster combines versatility with ease-of-use to speed deployment of the complete portfolio of advanced messaging applications and protocols used by Exchange 2013, including Outlook Web App (OWA), Outlook Anywhere (OA),  Exchange ActiveSync (EAS), Simple Mail Transfer Protocol (SMTP), Post Office Protocol version 3 (POP3) and Internet Message Access Protocol version 4 (IMAP4). With built-in SSL acceleration and/or overlay, the LoadMaster offloads a key source of CPU drain to improve the capacity of Client Access Servers (CASs). Layer 7 health checking at the LoadMaster ensures that if one of the CASs becomes inaccessible, the load balancer will take that server offline, while automatically re-routing and reconnecting users to other functioning servers.

The entire KEMP LoadMaster product family, including the Virtual LoadMaster (VLM) supports Microsoft Exchange 2013.

1.1 About This Manual

This manual addresses how to deploy and configure a LoadMaster appliance with Microsoft Exchange 2013.

KEMP’s LoadMaster family of products is available in various models to support networks of different throughput requirements. Information in this manual applies to all LoadMaster models.

1.2 Prerequisites

It is assumed that the reader is a network administrator or a person otherwise familiar with networking and general computer terminology. It is further assumed that the Exchange 2013 environment has been set up and the KEMP LoadMaster has been installed.

LoadMaster documentation is available at http://www.kemptechnologies.com/documentation.

At a minimum, you should have:

  • Installed the Microsoft Servers, Active Directories and followed other Microsoft requirements
  • Installed the LoadMaster on the same network as the servers.
  • Established access to the LoadMaster Web User Interface (WUI)

2 Exchange 2013 Overview

Microsoft Exchange Server is a mail server, calendaring software and contact manager. It is a server program that runs on Windows Server and is part of the Microsoft Servers line of products. The improvements made in Exchange 2013 have made it easier to load balance Exchange-related traffic.

Exchange 2013 includes the following solutions for switchover and failover redundancy:

High availability: Exchange 2013 uses Database Availability Groups (DAGs) to keep multiple copies of your mailboxes on different servers synchronized. That way, if a mailbox database fails on one server, users can connect to a synchronized copy of the database on another server.

Site resilience: You can deploy two Active Directory sites in separate geographic locations, keep the mailbox data synchronized between the two, and have one of the sites take on the entire load if the other fails.

Online mailbox moves: During an online mailbox move, email accounts are still accessible. Users are only locked out for a brief period of time at the end of the process, when the final synchronization occurs. Online mailbox moves can be performed across forests or in the same forest.

Shadow redundancy: Shadow redundancy protects the availability and recoverability of messages while they are in transit. With shadow redundancy, the deletion of a message from the transport databases is delayed until the transport server verifies that all the next hops for that message have completed. If any of the next hops fail before reporting successful delivery, the message is resubmitted for delivery to the hop that did not complete.

2.1 Differences Between Exchange 2010 and Exchange 2013

One of the biggest changes in Exchange 2013 is that the number of server roles has reduced to just two. In older versions of Exchange there were a number of server roles for Hub Transport, Unified Messaging, Mailbox and Client Access. In Exchange 2013 there are just two server roles:

  • The Mailbox Server which includes all of the functions to route mail, render web content and receive voicemail
  • The CAS which authenticates clients and routes requests to the correct mailbox server

The CAS now acts as a reverse proxy. The CAS no longer renders OWA when a user accesses it. The CAS determines which mailbox database their mailbox is located on and provides the request to the back-end mailbox server that hosts the database. The mailbox server then renders the OWA content, not the CAS.

Clients no longer interact with Exchange using RPC, it is all done over HTTPS. Outlook Anywhere is the protocol that Outlook clients use to access their mailbox.

 

Exchange 2013 Service Pack 1 introduces new connectivity option MAPI/HTTP which is disabled by default. It must be manually enabled by administrator and is only available as a connectivity option to clients running Office 2013 Service Pack 1 or later. Older clients continue using RPC/HTTP.

Outlook 2003 is not supported with Exchange 2013.

Unlike previous versions of Exchange, Exchange 2013 no longer requires session affinity at the load balancing layer. For more information, refer to the related article in The Exchange Team Blog: Load Balancing in Exchange 2013.

2.2 Understanding Server Load Balancing

Server load balancing is a way to manage which servers receive traffic. Server load balancing provides failover redundancy to ensure users continue to receive service in case of failure. It also enables your deployment to handle more traffic than one server can process while offering a single host name for clients.

Server load balancing serves two primary purposes. It reduces the impact of a single CAS failure within one Active Directory site. In addition, server load balancing ensures that the load on the CAS and Transport servers is optimally distributed.

Two key changes in Exchange 2013 make load balancing a lot simpler:

  • HTTPS-only access from clients means that there is only one protocol to consider. The HTTP failure states are well known and clients typically respond in a similar way.
  • As OWA is rendered on the same server that is hosting the user’s mailbox database; if a client hits a different CAS there is no performance degradation as the session rendering for that user is already up and running.

Forms-based authentication has also been improved. The authentication cookie is provided to the user after logon and it is encrypted using the CAS’s SSL certificate. This allows a logged in user to resume their session on a different CAS without having to re-authenticate (if servers share the same SSL certificate).

Understanding Server Load.png

3 Virtual Service Templates

KEMP have developed templates containing our recommended settings for Exchange 2013. These templates can be installed on the LoadMaster and can be used when creating each of the Virtual Services. Using a template automatically populates the settings in the Virtual Services. This is quicker and easier than manually configuring each Virtual Service. If needed, you can make changes to any of the Virtual Service settings after using the templates.

Released templates can be downloaded from the KEMP documentation page: http://www.kemptechnologies.com/documentation/.

For more information and steps on how to import and use templates, refer to the Virtual Services and Templates, Feature Description.

The Microsoft Exchange 2013 templates currently available are grouped in three downloadable files as follows:

  • Exchange2013Core

This file contains templates for non-SSL offloaded HTTPS, SSL offloaded HTTPS and SMTP Virtual Services.

This is the primary set of services needed to balance Exchange 2013.

  • Exchange2013ESP

This set contains individual templates for a HTTPS service with SSL offloading and an SMTP service, both with ESP enabled.

These services are only necessary if you want to use ESP functionality.

  • Exchange2013Additional

This set contains templates for IMAP, POP and SMTP services, including variants for STARTTLS and SSL secured services.

If you create another Virtual Service using the same template, ensure to change the Service Name to a unique name.

When using SNMP monitoring of ESP-enabled Virtual Services that were created using a template, ensure to monitor each SubVS directly rather than relying on the master service. This is because the Authentication Proxy sub-service will always be marked as up and, as a consequence, so will the master service.

 

4 Configuring Virtual Services for Exchange 2013

The sections below give instructions on how to configure the various Virtual Services related to Microsoft Exchange. The settings in this document are recommended by KEMP. They may not be applicable to your specific configuration. For further information and help, please contact our Support team.

If using Exchange 2013 (not SP1), ensure to enable SSL re-encryption. Also, if using Exchange 2013 (not SP1), MAPI is not used and can be removed.

4.1 HTTPS Virtual Service

Follow the instructions below to set up a HTTPS Virtual Service:

1. Select the Add New option within the Virtual Services section of the main menu tree.

HTTPS Virtual Service.png

2. Enter the IP address of the Virtual Service in the Virtual Address field.

3. Enter 443 in the Port field.

4. Type a name, for example Exchange 2013 HTTPS in the Service Name field.

5. Select tcp in the Protocol drop-down list.

6. Click the Add this Virtual Service button to add the Virtual Service.

HTTPS Virtual Service_1.png

7. Within the Basic Properties section of the Virtual Services options page, select the following options:

a) Select HTTP/HTTPS in the Service Type drop-down list

HTTPS Virtual Service_2.png

8. Within the Standard Options section of the Virtual Services options page, select the following options:

b) Ensure the Force L4 checkbox is clear.

When L7 is referred to in KEMP documentation it is in relation to the actual TCP connection. When Microsoft refer to L7 for Exchange it is in relation to SSL decryption and re-encryption. This is different and what KEMP recommends is not necessarily L7 configuration unless SSL acceleration is enabled.

c) Ensure the Transparency checkbox is clear.

d) Ensure that none is selected in the Persistence Options drop-down list.

e) Ensure that round robin is selected in the Scheduling Method drop-down list.

f) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout button.

HTTPS Virtual Service_3.png

9. Within the SSL Properties section, ensure that the SSL Acceleration check box is not selected.

10. Within the Advanced Options section, select the following options:

a) Ensure that https://%h%s is the value of the Redirection URL in the Add a Port 80 Redirector VS section.

b) Click Add HTTP Redirector.

This creates a new redirect Virtual Service on port 80 with the same IP address.

HTTPS Virtual Service_4.png

11. Within the ESP Options section, ensure that the Enable ESP checkbox is not selected.

HTTPS Virtual Service_5.png

12. Within the Real Servers section of the Virtual Services options page, select the following options:

a) Ensure that HTTPS Protocol has been selected as the health-checking option.

b) Enter 443 in the Checked Port field and click on the Set Check Port button.

c) Enter /owa/healthcheck.htm in the URL field and click on the Set URL button.

d) Ensure the Use HTTP/1.1 checkbox is deselected.

e) Select GET from the HTTP Method drop-down list.

To add content rules to the VS, follow the steps in the Create Content Rules section.

Minor changes now need to be made to the redirect Virtual Service that was added:

1. Click View/Modify Services in the main menu.

2. Click Modify on the Redirect Virtual Service with the blank name which has the same IP address as the Virtual Service that was just created.

HTTPS Virtual Service_6.png

3. Enter a recognizable Service Name, for example Exchange 2013 HTTP Redirect and click Set Nickname.

4. In Standard Options, set the Persistence Mode to None.

4.1.1 HTTPS using SubVSs

Follow the instructions below to set up a HTTPS Virtual Service with SubVSs.

4.1.1.1 Create the Parent Virtual Service

Follow the instructions below to set up the parent HTTPS Virtual Service:

1. Select the Add New option within the Virtual Services section of the main menu tree.

HTTPS using SubVSs.png

2. Enter the IP address of the Virtual Service in the Virtual Address field.

3. Enter 443 in the Port field.

4. Type a name, for example Exchange 2013 HTTPS in the Service Name field.

5. Select tcp in the Protocol drop-down list.

6. Click the Add this Virtual Service button to add the Virtual Service.

7. Within the Basic Properties section of the Virtual Services options page, select the following options:

a) Select HTTP/HTTPS in the Service Type drop-down list.

HTTPS using SubVSs_1.png

8. Within the Standard Options section of the Virtual Services options page, set the fields as outlined below:

a) Ensure the Force L4 checkbox is clear.

b) Ensure the Transparency checkbox is clear.

c) Ensure that none is selected in the Persistence Options drop-down list.

d) Ensure that round robin is selected in the Scheduling Method drop-down list.

e) Enter 1800 in the Idle Connection Timeout field and click the Set Idle Timeout button.

HTTPS using SubVSs_2.png

9. Within the SSL Properties section, select the Enabled check box.

10. Click OK.

11. Select the Reencrypt check box.

VSVSAP008.png

12. Within the Advanced Properties section, select the following options:

a) Ensure that https://%h%s is the value of the Redirection URL in the Add a Port 80 Redirector VS section. Click Add HTTP Redirector.

This creates a redirect Virtual Service on port 80 with the same IP address.

HTTPS using SubVSs_4.png

13. Within the ESP Options section, ensure that the Enable ESP check box is not selected.

4.1.1.2 Create the SubVSs

Follow the instructions below to set up the SubVSs:

1. In the Real Servers section of the Virtual Services options page, click the Add SubVS button.

2. A message stating that the SubVS has been created appears, click OK.

The Real Servers section should now be renamed to SubVSs.

The following steps deal with creating a SubVS for an Exchange service such as owa.

3. In the SubVSs section of the SubVS options page, click the Modify button next to the SubVS and select the following options:

HTTPS using SubVSs_5.png

a) In the SubVS Name field enter a relevant name such as owa

b) In the SubVS Type field select the HTTP/HTTPS option

HTTPS using SubVSs_6.png

4. Within the ESP Options section, ensure that the Enable ESP check box is not selected.

HTTPS using SubVSs_7.png

5. In the Real Servers section of the SubVS options page select the following options:

a) Enter /owa/healthcheck.htm in the URL field and click the Set URL button.

b) Ensure the Use HTTP/1.1 checkbox is deselected

c) Ensure that the GET option is selected from the HTTP Method drop-down list.

6. When finished editing the SubVS, click Back. Now you can add other SubVSs to this Virtual Service as needed.

7. Configure each SubVS using the settings in the table below.

SubVS Name

 

Healthcheck URL

Allowed Virtual Directories

OWA (as in steps above)

 

/owa/healthcheck.htm

/owa*

Autodiscover

 

/autodiscover/healthcheck.htm

/autodiscover*

ECP

 

/ecp/healthcheck.htm

/ecp*

EWS

 

/ews/healthcheck.htm

/ews*

ActiveSync

 

/microsoft-server-activesync/healthcheck.htm

/microsoft-server-activesync*

OAB

 

/oab/healthcheck.htm

/oab*

Powershell

 

/powershell/healthcheck.htm

/powershell*

RPC

 

/rpc/healthcheck.htm

/rpc*

MAPI

 

/mapi/healthcheck.htm

/mapi*

Authentication Proxy

 

 

 

If you are using Kerberos Constrained Delegation (KCD) please ensure you add a Real Server to the Authentication Proxy SubVS. For further information on KCD, refer to the KCD, Feature Description

4.1.1.3 Create Content Rules

Content Rules need to be created for the Virtual Services to function correctly.

To create a Modify URL rule for owa please complete the following steps:

1. Select the Rules & Checking > Content Rules menu option

2. Click the Create New button

HTTPS using SubVSs_8.png

3. Enter a relevant name, for example Redirect_Root in the Rule Name field

4. Select the Modify URL option in the Rule Type drop-down

5. Enter /^\/$/ in the Match String field

6. Enter /owa in the Modified URL field

7. Click the Create Rule button

To create a Content Matching rule for owa please complete the following steps:

1. Select the Rules & Checking > Content Rules menu option.

HTTPS using SubVSs_9.png

2. Click the Create New button.

HTTPS using SubVSs_10.png

3. Enter a relevant name, for example OWA in the Rule Name field.

4. Select the Content Matching option is selected in the Rule Type drop-down list.

5. Ensure the Regular Expression option is selected in the Match Type drop-down list.

6. Enter /^\/owa.*/ in the Match String field.

7. Select the Ignore Case checkbox.

8. Click the Create Rule button.

Create additional Content Matching rules following steps 1 to 8 above but using the values as described in the table below.

Rule Name

Match String

Ignore Case

ActiveSync

/^\/microsoft-server-activesync.*/

yes

Autodiscover

/^\/autodiscover.*/

yes

ECP

/^\/ecp.*/

yes

EWS

/^\/ews.*/

yes

OAB

/^\/oab.*/

yes

PowerShell

/^\/powershell.*/

yes

RPC

/^\/rpc.*/

yes

Root

/^\/$/

No

MAPI

/^\/mapi.*/

yes

Authentication Proxy

/^\/lm_auth_proxy*$/

yes

4.1.2 HTTPS Offloading Using SubVSs

To set up HTTPS Offloading Using SubVSs, follow the steps below:

1. Select the Add New option within the Virtual Services section of the main menu tree.

HTTPS Offloading Using SubVSs.png

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 443 as the Port.

4. Enter a recognizable Service Name, for example Exchange 2013 HTTPS Offloaded.

5. Click Add this Virtual Service.

HTTPS Offloading Using SubVSs_1.png

6. In the SSL Properties section, select the Enabled check box.

7. If desired, select the Reencrypt check box.

HTTPS Offloading Using SubVSs_2.png

8. In the Standard Options section, enter 1800 in the Idle Connection Timeout text box and click Set Idle Timeout.

VSVSAP009.png

9. In the Advanced Properties section, complete the steps below:

a) Click Show Header Rules.

b) Select the Modify URL: Redirect_Root rule and click Add.

If the Redirect Root content rule does not exist yet, refer to the Create Content Rules section to create it.

c) Click Back.

d) Select X-Forwarded-For in the Add HTTP Headers drop-down list.

e) Click the Add HTTP Redirector button.

10. In the Real Servers section, click the Add SubVS button.

11. A message stating that the SubVS has been created appears, click OK.

The Real Servers section should now be renamed to SubVSs.

The following steps deal with creating a SubVS for an Exchange service such as owa.

12. In the SubVSs section of the SubVS options page, click the Modify button next to the SubVS and select the following options:

HTTPS Offloading Using SubVSs_4.png

a) In the SubVS Name field enter a relevant name such as owa

b) In the SubVS Type field select the HTTP/HTTPS option

HTTPS Offloading Using SubVSs_5.png

13. Within the ESP Options section, ensure that the Enable ESP check box is not selected.

HTTPS using SubVSs_7.png

14. In the Real Servers section of the SubVS options page select the following options:

a) Enter /owa/healthcheck.htm in the URL field and click the Set URL button.

b) Ensure the Use HTTP/1.1 checkbox is deselected.

c) Ensure that the GET option is selected from the HTTP Method drop-down list.

15. When finished editing the SubVS, click Back. Now you can add other SubVSs to this Virtual Service as needed.

16. Configure each SubVS using the settings in the table below.

SubVS Name

 

Healthcheck URL

OWA (as in steps above)

 

/owa/healthcheck.htm

Autodiscover

 

/autodiscover/healthcheck.htm

ECP

 

/ecp/healthcheck.htm

EWS

 

/ews/healthcheck.htm

ActiveSync

 

/microsoft-server-activesync/healthcheck.htm

OAB

 

/oab/healthcheck.htm

Powershell

 

/powershell/healthcheck.htm

RPC

 

/rpc/healthcheck.htm

MAPI

 

/mapi/healthcheck.htm

 

4.1.3 HTTPS Offloading Using ESP and SubVSs

To set up HTTPS Offloading Using ESP, follow the steps below:

1. Select the Add New option within the Virtual Services section of the main menu tree.

HTTPS Offloading Using ESP.png

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 443 as the Port.

4. Enter a Service Name, for example Exchange 2013 HTTPS Offloading with ESP.

5. Click Add this Virtual Service.

HTTPS Offloading Using ESP_1.png

6. In the SSL Properties section, select Enabled.

7. If desired, select Reencrypt.

HTTPS Offloading Using ESP_2.png

8. In the Standard Options section, enter 1800 in the Idle Connection Timeout text box and click Set Idle Timeout.

VSVSAP009.png

9. In the Advanced Properties section, complete the steps below:

a) Click Show Header Rules.

b) Select the Modify URL: Redirect_Root rule and click Add.

If the Redirect Root content rule does not exist yet, refer to the Create Content Rules section to create it.

c) Click Back.

d) Select X-Forwarded-For in the Add HTTP Headers drop-down list.

e) Click the Add HTTP Redirector button.

10. Now you need to add the SubVSs. To do this, expand the Real Servers section and click Add SubVS. Then click the Modify button to configure it.

Details for each of the SubVSs that need to be created are below.

11. For each of the SubVSs created, ensure that in the ESP section, the Enable ESP checkbox is selected, and select the following options:

a) Select the User Access, Security and Connection check boxes in ESP Logging.

b) Select the relevant SSO Domain.

For instructions on how to add an SSO domain, refer to the ESP, Feature Description.

c) Enter all of the allowed virtual hosts into the Allowed Virtual Hosts text box, for example mail.example.com, and click the Set Allowed Virtual Hosts button.

d) Configure each SubVS using the settings in the table below.

SubVS Name

Allowed Virtual Directories

Pre-Authorization Excluded Directories

Client Auth. mode

Server Auth. mode

SSO Image Set

SSO Greeting Message

Autodiscover

/autodiscover*

 

None

None

n/a

 

ECP

/ecp*

 

Form Based

.Form based

Exchange

Please enter your Exchange credentials.

EWS

/ews*

 

None

None

n/a

 

ActiveSync

/microsoft-server-activesync*

 

Basic Auth.

Basic Auth.

n/a

 

OAB

/oab*

 

None

None

n/a

 

Powershell

/powershell*

 

None

None

n/a

 

RPC

/rpc*

 

None

None

n/a

 

OWA

/owa*

/owa/<guid@smtpdomain>*1

Form Based

Form based

Exchange

Please enter your Exchange credentials.

MAPI

/mapi*

 

None

None

n/a

 

Authentication Proxy

/*

 

Form Based

Form based

Exchange

Please enter your Exchange credentials.

If you are using Kerberos Constrained Delegation (KCD) please ensure you add a Real Server to the Authentication Proxy SubVS. For further information on KCD, refer to the KCD, Feature Description

1 GUID is unique to each Exchange deployment. To find the correct GUID, run the following command on the Exchange Server:

Get-Mailbox -Arbitration | where {$_.PersistedCapabilities -like “OrganizationCapabilityClientExtensions”} | fl exchangeGUID, primarysmtpaddress

The Logoff String must be set to /owa/logoff.owa in the OWA SubVS. In a customized environment, if the OWA logoff string has been changed, the modified logoff string must be entered in the Logoff String text box.

HTTPS Offloading Using ESP_3.png

 

The SSO Greeting Message field accepts HTML code, so you can insert your own image if required. However, there are several characters that are not supported. These are the grave accent character ( ` ) and the single quotes (’). If a grave accent character is used in the SSO Greeting Message, the character will not display in the output, for example a`b`c becomes abc. If a single quote is used, users will not be able to log in.

HTTPS Offloading Using ESP_4.png

12. For each of the SubVSs created, set the following options in the Real Servers section:

a) Enter 443 in the Checked Port text box and click Set Check Port.

b) Ensure the Use HTTP/1.1 check box is deselected.

c) Select GET as the HTTP Method.

d) Enter the relevant health check URL. Refer to Table 4-16 in the Create the SubVSs section for the health check URLs.

13. After the SubVSs have been created, in the parent Virtual Service; enable Content Switching by clicking the Enable button in the Advanced Properties section.

4.2 IMAP Virtual Service

Follow the instructions below to set up an IMAP Virtual Service:

1. Select the Add New option within the Virtual Services section of the main menu tree.

IMAP Virtual Service.png

2. Enter the IP address of the Virtual Service in the Virtual Address field.

3. Enter 143 in the Port field.

4. Type a name, for example Exchange 2013 IMAP in the Service Name field.

5. Select tcp in the Protocol drop-down list.

6. Click the Add this Virtual Service button to add the Virtual Service.

IMAP Virtual Service_1.png

7. Within the Basic Properties section of the Virtual Services options page, select the following options:

a) Select Generic in the Service Type drop-down list/

IMAP Virtual Service_2.png

8. Within the Standard Options section of the Virtual Services options page, select the following options:

b) Ensure the Force L4 checkbox is clear.

c) Ensure the Transparency check box is clear.

d) Ensure that IMAP4 is selected in Server Initiating Protocols drop-down list.

e) Ensure that none is selected in the Persistence Options drop-down list.

f) Ensure that round robin is selected in the Scheduling Method drop-down list.

g) Enter 3600 in the Idle Connection Timeout text box and click Set Idle Timeout.

IMAP Virtual Service_3.png

9. Within the SSL Properties section, ensure that the SSL Acceleration checkbox is not selected.

IMAP Virtual Service_4.png

10. Do not change any of the options within the Advanced Options section.

IMAP Virtual Service_5.png

11. Within the Real Servers section of the Virtual Services options page, select the following options:

a) Ensure that Mailbox (IMAP) Protocol has been selected as the health-checking option.

b) Enter 143 in the Checked Port field and click on the Set Check Port button.

4.2.1 IMAP STARTTLS Virtual Service

To configure the IMAP STARTTLS VS, follow the steps below:

1. Select the Add New option within the Virtual Services section of the main menu tree.

IMAP STARTTLS Virtual Service.png

2. Enter a Virtual Address.

3. Enter 143 as the Port.

4. Enter a recognizable Service Name, for example Exchange 2013 IMAP with STARTTLS.

IMAP STARTTLS Virtual Service_1.png

5. Within the Basic Properties section of the Virtual Services options page, select the following options:

a) Select STARTTLS protocols in the Service Type drop-down list

IMAP STARTTLS Virtual Service_2.png

6. Within the Standard Options section of the Virtual Services options page, select the following options:

a) Remove the tick from the Transparency check box.

b) Ensure that IMAP is selected in STARTTLS mode drop-down list.

c) Enter 3600 in the Idle Connection Timeout field and click Set Idle Timeout.

IMAP Virtual Service_5.png

7. In the Real Servers section, enter 143 in the Checked Port text box and click the Set Check Port button.

4.2.2 IMAPS Virtual Service

To configure the IMAPS VS, follow the steps below:

1. Select the Add New option within the Virtual Services section of the main menu tree.

IMAPS Virtual Service.png

2. Enter the IP address in the Virtual Address text box.

3. Enter 993 in the Port field.

4. Enter a recognizable Service Name, for example Exchange 2013 IMAPS.

5. Click Add this Virtual Service.

IMAPS Virtual Service_1.png

6. Within the Standard Options section of the Virtual Services options page:

a) Remove the tick from the Transparency check box.

b) Select IMAP4 in the Server Initiating Protocols drop-down list.

c) Enter 3600 in the Idle Connection Timeout field and click Set Idle Timeout.

IMAPS Virtual Service_2.png

7. Within the Real Servers section of the Virtual Services options page, select the following options:

a) Ensure that TCP Connection Only has been selected as the health-checking option.

b) Enter 993 in the Checked Port field and click on the Set Check Port button.

4.2.3 IMAPS Offloaded Virtual Service

To configure the IMAPS Offloaded, follow the steps below:

1. Select the Add New option within the Virtual Services section of the main menu tree.

IMAPS Offloaded Virtual Service.png

2. Enter the IP address of the Virtual Service in the Virtual Address field.

3. Enter 993 in the Port field.

4. Enter a recognizable Service Name, for example Exchange 2013 IMAPS Offloaded.

IMAPS Offloaded Virtual Service_1.png

5. In the SSL Properties section, select the SSL Acceleration - Enabled check box.

6. Click OK.

IMAPS Offloaded Virtual Service_2.png

7. Within the Standard Options section of the Virtual Services options page, set the following options:

a) Remove the tick from the Transparency check box.

b) Select IMAP4 in the Server Initiating Protocols drop-down list.

c) Enter 3600 in the Idle Connection Timeout field and click on the Set Idle Timeout button

8. in the Real Servers section of the Virtual Services options page, select the following options:

a) Ensure that Mailbox (IMAP) Protocol has been selected as the health-checking option.

b) Enter 143 in the Checked Port text box and click Set Check Port.

4.3 POP Virtual Service

Follow the instructions below to set up a POP Virtual Service:

1. Select the Add New option within the Virtual Services section of the main menu tree.

POP Virtual Service.png

2. Enter the IP address of the Virtual Service in the Virtual Address field.

3. Enter 110 in the Port field.

4. Type a name, for example Exchange 2013 POP in the Service Name field.

5. Select tcp in the Protocol drop-down list.

6. Click the Add this Virtual Service button to add the Virtual Service.

POP Virtual Service_1.png

7. Within the Basic Properties section of the Virtual Services options page, select the following options:

a) Select Generic in the Service Type drop-down list

POP Virtual Service_2.png

8. Within the Standard Options section of the Virtual Services options page, select the following options:

a) Ensure the Force L4 checkbox is clear.

b) Ensure the Transparency check box is clear.

c) Ensure that POP3 is selected in Server Initiating Protocols drop-down list.

d) Ensure that none is selected in the Persistence Options drop-down list.

e) Ensure that round robin is selected in the Scheduling Method drop-down list.

f) Enter 3600 in the Idle Connection Timeout field and click Set Idle Timeout.

POP Virtual Service_3.png

9. Within the SSL Properties section, ensure that the SSL Acceleration checkbox is not selected.

10. Do not change any of the options within the Advanced Options section.

POP Virtual Service_4.png

11. Within the Real Servers section of the Virtual Services options page, select the following options:

a) Ensure that Mailbox (POP3) Protocol has been selected as the health-checking option.

b) Enter 110 in the Checked Port field and click on the Set Check Port button.

4.3.1 POP with STARTTLS Virtual Service

To configure a POP Virtual Service with STARTTLS, follow the steps below:

1. Select the Add New option within the Virtual Services section of the main menu tree.

POP with STARTTLS Virtual.png

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 110 as the Port.

4. Enter a recognizable Service Name, for example Exchange 2013 POP with STARTTLS.

5. Click Add this Virtual Service.

POP with STARTTLS Virtual_1.png

6. Within the Basic Properties section of the Virtual Services options page, select the following options:

a) Select STARTTLS protocols in the Service Type drop-down list.

 

POP with STARTTLS Virtual_2.png

7. Within the Standard Options section of the Virtual Services options page, select the following options:

a) Remove the tick from the Transparency check box.

b) Enter 3600 in the Idle Connection Timeout text box and click Set Idle Timeout.

POP Virtual Service_4.png

8. In the Real Servers section, enter 110 in the Checked Port text box and click the Set Check Port button.

4.3.2 POPS Virtual Service

To configure a POPS VS, follow the steps below:

1. Select the Add New option within the Virtual Services section of the main menu tree.

POPS Virtual Service.png

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 995 in the Port field.

4. Enter a recognizable Service Name, for example Exchange 2013 POPS.

POPS Virtual Service_1.png

5. In the Standard Options section:

a) Remove the tick from the Transparency check box.

b) Select POP3 in the Server Initiating Protocols drop-down list.

c) Enter 3600 in the Idle Connection Timeout text box and click Set Idle Timeout.

POPS Virtual Service_2.png

6. Within the Real Servers section of the Virtual Services options page, enter 995 in the Checked Port field and click on the Set Check Port button.

4.3.3 POPS Offloaded Virtual Service

To configure a POPS Offloaded Virtual Service, follow the steps below:

1. Select the Add New option within the Virtual Services section of the main menu tree.

POPS Offloaded Virtual Service.png

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 995 in the Port field.

4. Enter a recognizable Service Name, for example Exchange 2013 POPS Offloaded.

5. Click Add this Virtual Service.

POPS Offloaded Virtual Service_1.png

6. Within the SSL Properties section, select the SSL Acceleration - Enabled checkbox.

7. Click OK.

POPS Offloaded Virtual Service_2.png

8. Within the Standard Options section of the Virtual Services options page:

a) Remove the tick from the Transparency checkbox.

b) Select POP3 in the Server Initiating Protocols drop-down list.

c) Enter 3600 in the Idle Connection Timeout text box and click Set Idle Timeout.

POPS Offloaded Virtual Service_3.png

9. Within the Real Servers section:

a) Set the Real Server Check Parameters drop-down list to Mailbox (POP3) Protocol.

b) Enter 110 in the Checked Port text box and click Set Check Port.

4.4 SMTP Virtual Service

Follow the instructions below to set up an SMTP Virtual Service:

1. Select the Add New option within the Virtual Services section of the main menu tree.

SMTP Virtual Service.png

2. Enter the IP address of the Virtual Service in the Virtual Address field.

3. Enter 25 in the Port field.

4. Type a name, for example Exchange 2013 SMTP in the Service Name field.

5. Select tcp in the Protocol drop-down list.

6. Click the Add this Virtual Service button to add the Virtual Service.

SMTP Virtual Service_1.png

7. Within the Basic Properties section of the Virtual Services options page, select the following options:

a) Select Generic in the Service Type drop-down list

SMTP Virtual Service_2.png

8. Within the Standard Options section of the Virtual Services options page, select the following options:

a) Ensure the Force L4 checkbox is clear.

b) Ensure the Transparency checkbox is clear.

c) Ensure that SMTP is selected in Server Initiating Protocols drop-down list.

d) Select Source IP Address as the Persistence Mode.

e) Set the Timeout value to 1 Hour.

f) Ensure that round robin is selected in the Scheduling Method drop-down list.

g) Enter to 120 in the Idle Connection Timeout text box and click Set Idle Timeout.

SMTP Virtual Service_3.png

9. Within the SSL Properties section, ensure that the SSL Acceleration check box is not selected.

SMTP Virtual Service_4.png

10. Do not change any of the options within the Advanced Options section.

SMTP Virtual Service_5.png

11. Within the ESP Options section, ensure that the Enable ESP checkbox is not selected.

SMTP Virtual Service_6.png

12. Within the Real Servers section of the Virtual Services options page, select the following options:

a) Ensure that Mailbox (SMTP) Protocol has been selected as the health-checking option.

b) Enter 25 in the Checked Port field and click on the Set Check Port button.

4.4.1 SMTPS Virtual Service

To configure an SMTPS Virtual Service, follow the steps below:

1. In the main menu of the LoadMaster WUI, select Virtual Services and Add New.

SMTPS Virtual Service.png

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 587 as the Port.

4. Enter a recognizable Service Name, for example Exchange 2013 SMTPS.

5. Click Add this Virtual Service.

SMTPS Virtual Service_1.png

6. Within the Standard Options section, set the fields as follows:

a) Remove the tick from the Transparency check box.

b) Select SMTP from the Server Initiating Protocols drop-down list.

c) Set the Persistence Mode to Source IP Address.

d) Set the Timeout value to 1 Hour.

e) Enter 120 in the Idle Connection Timeout text box and click Set Idle Timeout.

SMTPS Virtual Service_2.png

7. In the Real Servers section, enter 587 and click Set Check Port.

4.4.2 SMTPS Offloaded Virtual Service

To configure a SMTPS Offloaded Virtual Service, follow the steps below:

1. In the main menu of the LoadMaster WUI, select Virtual Services and Add New.

SMTPS Offloaded Virtual Service.png

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 587 in the Port field.

4. Enter a recognizable Service Name, for example Exchange 2013 SMTPS Offloaded.

5. Click Add this Virtual Service.

6. Expand the SSL Properties section.

SMTPS Offloaded Virtual Service_1.png

7. Select Enabled.

8. Click OK.

SMTPS Offloaded Virtual Service_2.png

9. Within the Standard Options section of the Virtual Services options page, select the following options:

a) Remove the tick from the Transparency check box.

b) Select SMTP in the Server Initiating Protocols drop-down list.

c) Select Source IP Address as the Persistence Mode.

d) Select 1 Hour as the Timeout value.

e) Enter 120 in the Idle Connection Timeout field and click Set Idle Timeout.

10. Within the Real Servers section of the Virtual Services options page:

a) Select Mail (SMTP) Protocol as the health-checking option.

b) Enter 25 in the Checked Port text box and click Set Check Port.

4.4.3 SMTP with STARTTLS Virtual Service

To configure a SMTP Virtual Service with STARTTLS, follow the steps below:

1. In the main menu of the LoadMaster WUI, select Virtual Services and Add New.

SMTP with STARTTLS Virtual.png

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 25 as the Port.

4. Enter a recognizable Service Name, for example Exchange 2013 SMTP with STARTTLS.

5. Click Add this Virtual Service.

SMTP with STARTTLS Virtual_1.png

6. Within the Basic Properties section of the Virtual Services options page:

a) Select STARTTLS protocols in the Service Type drop-down list.

SMTP with STARTTLS Virtual_2.png

7. Within the Standard Options section of the Virtual Services options page:

a) Remove the tick from the Transparency check box.

b) Ensure that SMTP (STARTTLS if requested) is selected in the STARTTLS mode drop-down list.

c) Set the Persistence Mode to Source IP Address.

d) Set the Timeout value to 1 Hour.

e) Enter 120 in the Idle Connection Timeout text box and click Set Idle Timeout.

SMTP with STARTTLS Virtual_3.png

8. In the Real Servers section:

a) Enter 25 in the Checked Port text box and click Set Check Port.

4.4.4 SMTP with ESP Virtual Service

To configure a SMTP VS with ESP, follow the steps below:

1. In the main menu of the LoadMaster WUI, select Virtual Services and Add New.

SMTP with ESP Virtual Service.png

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 25 as the Port.

4. Enter a recognizable Service Name, for example Exchange 2013 SMTP with ESP.

5. Click Add this Virtual Service.

SMTP with ESP Virtual Service_1.png

6. Within the ESP Options section, select the following options:

a) Ensure that the Enable ESP checkbox is selected.

b) Ensure that the Connection Logging checkbox is selected.

c) Enter the all the permitted domains that are allowed to be received by this service and click the Set Permitted Domains button.

SMTP with ESP Virtual Service_2.png

7. Within the Standard Options section, set the fields as follows:

a) Remove the tick from the Transparency check box.

b) Ensure that SMTP is selected in the Server Initiating Protocols drop-down list.

c) Set the Persistence Mode to Source IP Address.

d) Set the Timeout value to 1 Hour.

e) Enter 120 in the Idle Connection Timeout text box and click Set Idle Timeout.

SMTP with ESP Virtual Service_3.png

8. Within the Real Servers section, set the fields as follows:

a) Enter 25 in the Checked Port text box and click Set Check Port.

References

Unless otherwise specified, the documents below can be found at http://kemptechnologies.com/documentation

Web User Interface (WUI), Configuration Guide

Virtual Services and Templates, Feature Description

ESP, Feature Description

Microsoft Exchange 2010, Deployment Guide

Exchange Team Blog post on Load Balancing in Exchange 2013

http://blogs.technet.com/b/exchange/archive/2014/03/05/load-balancing-in-exchange-2013.aspx

KCD, Feature Description

View or configure Outlook Web App virtual directories

https://technet.microsoft.com/en-us/library/dd298140(v=exchg.150).aspx

 

Document History

Date

Change

Reason for Change

Ver.

Resp.

Dec 2015

Release updates

Updates for 7.1-32 release

5.0

LB

Jan 2016

Minor change

Updated Copyright Notices

6.0

LB

Feb 2016

Minor change

Defect resolved

7.0

KG

Mar 2016

Minor change

Enhancement made

8.0

LB

July 2016

Minor change

Enhancement made

9.0

LB

Oct 2016

Release updates

Updates for 7.2.36 release

10.0

LB

Jan 2017

Minor change

Enhancement made

11.0

LB

July 2017 Release updates Updates for 7.2.39 release 12.0 POC

 

Was this article helpful?

0 out of 0 found this helpful

Comments