Microsoft Exchange 2010

 Download PDF File

Table of Contents

1.1Load Balancing Microsoft Exchange Server 2010

1.2About This Manual

1.3Prerequisites

2.1Understanding Server Load Balancing

2.2Optimizing the KEMP LoadMaster for Exchange 2010

2.2.1SSL Acceleration (SSL Offloading)

2.2.2Persistence

2.2.3Idle Connection Timeout

2.2.4Drop Connections on Real Server Failure

2.2.5Drop at Drain Time End

2.2.6Port Configuration

2.2.7Connection Scaling

2.2.8Header Rewriting

2.3Preconfigured Virtual Services

2.3.1RPC Client Access Service

2.3.2Hub-Edge-SMTP

2.3.3Enforce Secure Access

2.3.4All HTTPS Services

4.1Configuring KEMP LoadMaster with a Consolidated Virtual Service for HTTPS-based Exchange 2010 Clients and Services

4.2Configuring a Virtual Service for HTTPS-based services (with SSL Offload and without ESP)

4.3Configuring a Virtual Service for HTTPS-based services (with SSL Offload and with ESP)

4.3.1Create the Content Rules

4.3.2Configure the Virtual Service

4.4Configuring a Virtual Service for HTTPS-based Services (without SSL Offload)

4.4.1Configuring the HTTP Redirect Virtual Service

4.5Configuring the KEMP LoadMaster for Outlook MAPI

4.5.1Creating the Virtual Service for the RPC CA (MAPI) & Address Book Service

4.6Configuring the LoadMaster with Unique Virtual Services

4.6.1Outlook Web App (OWA)

4.6.2Control Panel (ECP)

4.6.3ActiveSync (EAS)

4.6.4Outlook Anywhere (OA)

4.6.5Web Services (EWS)

4.6.6Autodiscover Service (AS)

4.6.7Internet Message Access Protocol (IMAP4)

4.6.8Post Office Protocol (POP3)

4.6.9Simple Mail Transfer Protocol (SMTP)

4.6.10Importing and Assigning an SSL Certificate

5.1Exchange 2010 Data Center Failover

 

1Introduction

Since the year 2000, and with thousands of customers world-wide, KEMP leads the industry in driving the price/performance value proposition for application delivery and server load balancing to levels that businesses of any size can afford. KEMP’s LoadMaster family of purpose-built hardware and Virtual Load Masters (VLMs) offer advanced Layer 4 and Layer 7 server load balancing, content switching, SSL Acceleration and a multitude of other advanced Application Delivery and Optimization (ADC) features. The LoadMaster intelligently and efficiently distributes user traffic among application servers so that your users get the best experience possible.

1.1Load Balancing Microsoft Exchange Server 2010

The KEMP LoadMaster combines versatility with ease-of-use to speed deployment of the complete portfolio of advanced messaging applications and protocols used by Exchange 2010, including Outlook Web App (OWA), Outlook Anywhere (OA), ActiveSync (EAS), Simple Mail Transfer Protocol (SMTP), Post Office Protocol version 3 (POP3), Internet Message Access Protocol version 4 (IMAP4) and Remote Procedure Call (RPC) Client Access (RPC CA). With built-in SSL acceleration and/or overlay, the LoadMaster offloads a key source of CPU drain to improve the capacity of Client Access Servers (CASs). Layer 7 health checking at the LoadMaster ensures that if one of the servers and/or workloads become inaccessible, the load balancer will take that server offline, while automatically re-routing and reconnecting users to other functioning servers.

The entire KEMP LoadMaster product family, including the Virtual LoadMaster (VLM) supports Microsoft 2010.

1.2About This Manual

This manual addresses how to deploy and configure a LoadMaster appliance with Microsoft Exchange 2010.

KEMP’s LoadMaster family of products is available in various models to support networks of different throughput requirements. Information in this manual applies to all LoadMaster models.

Images used in this manual are samples to help you determine if you are “in the right place” when actually performing the configuration.

Certain procedures contain instructions that refer to a website. If you are configuring your LoadMaster and at the same time you need to access a website then you should do so in a new and different browser session (that is, do not use your web browser to access/configure the LoadMaster and then, prior to finishing your configuration, browse to a different URL and then use the Back button or other method to return to the LoadMaster).

1.3Prerequisites

It is assumed that the reader is a network administrator or a person otherwise familiar with networking and general computer terminology. It is further assumed that the Exchange 2010 environment has been set up and the KEMP LoadMaster has been installed.

LoadMaster documentation is available at http://www.kemptechnologies.com/documentation.

At a minimum, you should have:

  • Installed the Microsoft Servers, Active Directories and followed other Microsoft requirements
  • Installed the LoadMaster on the same network as the servers.
  • Established access to the LoadMaster Web User Interface (WUI)
  • Created a Client Access array using the “New-ClientAccessArray” cmdlet (see steps at http://technet.microsoft.com/en-us/library/ee332317.aspx).

KEMP recommends changing the default gateway on the Real Servers to point to the LoadMaster. This allows accurate server-side access logging of client IP addressing. KEMP recommends performing this change during a maintenance window to avoid disruption of customer traffic.

2 Exchange 2010 Overview

Microsoft Server Exchange 2010 provides several solutions for failover redundancy. These solutions include the following:

High availability and site resilience: You have the option of deploying two Active Directory (AD) sites in separate geographic locations or stretch a single AD site between the two locations, keep the mailbox data synchronized between the two, and have one of the sites take on the entire load if the other fails.

Online mailbox moves: In an online mailbox move, end users can access their e-mail accounts during the move. Users are only locked out of their accounts for a brief time at the end of the process, when the final synchronization occurs. Online mailbox moves are supported between Exchange 2010 databases and between Server 2007 Service Pack 2 (SP2) and Exchange 2010 databases. You can perform online mailbox moves across forests or in the same forest.

Shadow redundancy: Shadow redundancy protects the availability and recoverability of messages while they are in transit. With shadow redundancy, the deletion of a message from the transport databases is delayed until the transport server verifies that all the next hops for that message have completed. If any of the next hops fail before reporting successful delivery, the message is resubmitted for delivery to the hop that did not complete.

2.1Understanding Server Load Balancing

Server load balancing is a way to manage which servers receive traffic. Server load balancing provides failover redundancy to ensure users continue to receive service in case of failure. It also enables your deployment to handle more traffic than one server can process while offering a single host name for clients.

Server load balancing serves two primary purposes. It reduces the impact of a single Client Access Server (CAS) failure within one of your Active Directory sites. In addition, server load balancing ensures that the load on your CAS and Transport servers is optimally distributed.

Server load balancing reduces the impact of a single CAS failure within one of your Active Directory sites and ensures that the load on your servers is evenly distributed. Architectural changes with respect to earlier versions of Exchange make server load balancing even more important than in the past. A load-balanced array of CASs is recommended for each Active Directory site and for each version of Exchange. It is not possible to share one load-balanced array of CASs for multiple Active Directory sites or to mix different versions of or service pack versions of within the same array.

Several aspects of Exchange 2010 make server load balancing important. The RPC CAS on the CAS role improves the user's experience during mailbox failovers by moving the connection endpoints for mailbox access from Outlook and other MAPI clients to the CAS role instead of to the mailbox server. In earlier versions of Exchange, Outlook connected directly to the mailbox server hosting the user's mailbox, and directory connections were either proxied through the mailbox server role or referred directly to a particular Active Directory global catalog server. Now that these connections are handled by the CAS role, both external and internal Outlook connections must be load-balanced across the array of CASs in a deployment to achieve fault tolerance and optimal performance.

For more information, please refer to the Microsoft documentation on this subject matter available on the web at http://technet.microsoft.com/en-us/library/ff625247.aspx.

Figure 2‑1: Exchange 2010 Topology

When a KEMP LoadMaster-based CAS array has been configured, all servers in the array can be represented by a single VIP address and an FQDN (Fully Qualified Domain Name). When a client request comes in, it is sent to an Exchange 2010 CAS server in the CAS array using any available KEMP LoadMaster scheduling (distribution) method that you select. The scheduling method is defaulted to round robin as the preferred method because it does a better job of balancing traffic in many situations.

2.2Optimizing the KEMP LoadMaster for Exchange 2010

The KEMP LoadMaster has features and capabilities in addition to those described in this manual, however, the features and capabilities listed below in particular can be used to optimize the configuration of the LoadMaster to work best with Exchange 2010 server load balancing requirements.

2.2.1SSL Acceleration (SSL Offloading)

The KEMP LoadMaster offers SSL acceleration (also referred to as “SSL offloading”) for Virtual Services. With SSL acceleration, the SSL session is terminated at the LoadMaster. Some of the benefits to using SSL acceleration are that the LoadMaster migrates the SSL workload from the Real Servers (which can be hardware accelerated by LoadMaster), can perform Layer 7 processing (such as persistence or content switching), SSL security hardening, and a central point of management of SSL certificates.

With SSL Acceleration, the SSL session is terminated at the LoadMaster and sent to the Real Servers un-encrypted. In some security situations, it may be necessary to encrypt the connection between the LoadMaster and Real Servers. This can be achieved with reverse SSL. Review the LoadMaster manual to configure a reverse SSL deployment.

With reverse SSL, the SSL session is first terminated at the LoadMaster. Persistence and other Layer 7 functionality can then be performed. After that, the traffic is re-encrypted in a new SSL session between the LoadMaster and the Real Server.

Without terminating the SSL session at the LoadMaster, the headers and content cannot be read, so persistence cannot be done. The only consistently reliable persistence method available when the SSL session is not terminated at the LoadMaster is Source IP.

Hardware SSL and Software SSL are the two types of SSL termination capabilities available in your LoadMaster. Functionally, hardware and software SSL are the same. The difference is in what part of the LoadMaster handles the actual cryptographic functions associated with SSL operations.

With software SSL, the LoadMaster's general processor handles encryption/decryption tasks. These tasks are shared with other tasks that the LoadMaster performs, such as server load balancing, health checking, and other administrative tasks. Because SSL operations are CPU-intensive, software SSL is sufficient for low levels of SSL traffic but insufficient for higher levels of SSL traffic. Higher connection rates of SSL on a software SSL LoadMaster may degrade overall performance of the LoadMaster.

With hardware SSL, the LoadMaster has a separate specialized processor, which handles all SSL functions. No matter the level of SSL connections, the LoadMaster’s general processor is not burdened. This specialized hardware is purpose-built for SSL, and can handle extremely high Transactions Per Second (TPS) of SSL traffic.

An SSL certificate is required for all SSL transactions, and as such is required for all SSL-enabled Virtual Services. With the LoadMaster, there are two types of SSL certificates: self-signed certificates generated by the LoadMaster or the administrator and certificates that are signed by a trusted CA (Certificate Authority) such as Digicert, Verisign or Thawte. In addition, with LoadMaster you are managing only one certificate instead of multiple certificates on each Real Server.

When an SSL-enabled Virtual Service is configured on the LoadMaster, a self-signed certificate is installed automatically. Both self-signed and CA signed certificates provide encryption for data in motion. A CA-signed certificate also provides authentication -- a level of assurance that the site is what it reports to be, and not an impostor.

The primary operational difference between a self-signed certificate and a CA certificate is that with a self-signed, a browser will generally give some type of warning that the certificate came from an untrusted issuer. Generally, self-signed certificates should not be used for public-facing production websites. As such, the Exchange 2010 configuration instructions indicate that you would first need to export an appropriately signed certificate from Exchange 2010 in order that you may import it into the LoadMaster.

2.2.2Persistence

Session persistence (a.k.a. Session Affinity or Stickiness) is the ability of the LoadMaster to make sure a given Client always gets to the same Real Server, even across multiple connections. Persistence can make sure that all requests from a client are sent to the same server in a Server Load Balancer (SLB) array or server farm (in case of CAS array).

Using cookies with Outlook 2003 on Windows XP is not supported by Microsoft. The client does not know how to handle this extra information and will close down the connection. Outlook 2007 is able to work but KEMP recommends using Source IP Address persistence. Only clients running Windows 7 and above, running Outlook 2010 or newer can use cookies without problems. Cookies may work with Outlook 2003 and 2007 on Windows 7 but it is not supported by Microsoft. If having difficulty, the best option for these clients is to use Source IP Address persistence. Another recommendation is to turn off additional headers as these can also cause problems.

2.2.3Idle Connection Timeout

If there is no traffic for the period of time specified the connection is timed out and disconnected. The global default is 660 seconds (11 minutes). This value can be adjusted per service type by modifying the Idle Connection Timeout field in the Standard Options section of the Virtual Service modify screen.

For each Virtual Service you can set idle connection timeout values for the connections. In order to make optimal use of your KEMP LoadMaster you should not set these timeout values too low as this could result in clients needing to re-establish a connection, which typically results in the end user being informed to re-authenticate. It is recommended you test which timeout values works best in your specific scenario before the solution goes into production.

There are some special values for the Idle Connection Timeout field:

Setting it to 0 will ensure that the default L7 connection timeout is used. The default Connection Timeout value can be modified by going to System Configuration > Miscellaneous Options > Network Options.

Setting it to 1 will discard the connection after the packet is first forwarded – a response is not expected or handled

Setting it to 2 will use a DNS type of operation. The connection is dropped after the reply message.

Setting the Idle Connection Timeout to the special values of 1 or 2 allow better performance and memory usage for UDP connections and they correspond better to how UDP is used.

2.2.4Drop Connections on Real Server Failure

By default existing connections are not closed if a Real Server fails. This can lead to issues with Outlook clients if an Exchange CAS server fails. A solution to this is to enable the Drop Connections on RS Failure option which can be found on the System Configuration > Miscellaneous > L7 Configuration screen in the WUI.

When this option is enabled, LoadMaster tracks all the incoming connections and which Real Servers they are connected to. When a Real Server fails, all connections to the Real Server are immediately dropped, forcing the connections to reconnect to a different Real Server.

Enabling this option has the added benefit of allowing relatively higher Idle Connection Timeout values to be set as the danger of the client retaining a connection to a failed server is removed.

2.2.5Drop at Drain Time End

By default existing connections are not closed when a real server is disabled. This can lead to issues with Outlook clients if an Exchange CAS server is administratively disabled. A solution to this is to enable the Drop at Drain Time End option which can be found on the System Configuration > Miscellaneous > L7 Configuration screen in the WUI.

When this option is enabled, LoadMaster will sever all existing connections to a disabled server after the L7 Connection Drain Time is reached. Clients will then be forced to re-establish a connection to one of the remaining Real Servers.

2.2.6Port Configuration

There are many different types of possible data paths. It is recommended that your port configuration stay within the realm of default protocol Request For Comment (RFC). However, your KEMP LoadMaster may be configured to use whichever port happens to be most appropriate for your particular network. For more information regarding port definitions, refer to Microsoft documentation at http://technet.microsoft.com/en-us/library/bb331973.aspx.

2.2.7Connection Scaling

LoadMaster is a scalable load balancer, allowing for more than 64,000 client connections to a single Virtual Service at one time. If this is required, you should execute the Connection Scaling for Large Scale Deployments procedure located in Appendix A: Connection Scaling For Large Scale Deployments.

2.2.8Header Rewriting

Your KEMP LoadMaster offers HTTP header insertions, deletions, and modifications. Our header rewriting feature can be useful with respect to the URL users must input or remember. For more information, refer to the Content Rules, Feature Description.

2.3Preconfigured Virtual Services

The LoadMaster Exchange appliance and the Virtual LoadMaster Exchange products both come preconfigured with four basic services that will allow most users to start using the LoadMaster right away without the need to setup additional VS’s.

The LoadMaster Exchange is a deprecated product and is no longer available for purchase.

The four preconfigured services are described in the sections below.

2.3.1RPC Client Access Service

The RPC Client Access (RPC CA) service is enabled by default when you install the Exchange 2010 CAS role. The RPC CA service handles the Outlook MAPI connections.

The change in Exchange 2010 to move all processing to the CAS was implemented to provide all data access through a single, common path of the CAS. This change improves consistency for applying business logic to clients, and provides a better client experience when failover occurs. This change also allows a higher number of concurrent connections per server and a higher number of mailboxes per server.

2.3.2Hub-Edge-SMTP

In Microsoft Server 2010, the Edge Transport server role is deployed in a perimeter network. Designed to minimize the attack surface, the Edge Transport server handles all Internet-facing mail flow, which provides Simple Mail Transfer Protocol (SMTP) relay and smart host services for the organization. Additional layers of message protection and security are provided by a series of agents that run on the Edge Transport server and act on messages as they are processed by the message transport components. These agents support the features that provide protection against viruses and spam and apply transport rules to control message flow.

2.3.3Enforce Secure Access

With this service, the LoadMaster Exchange will autonomously redirect any unencrypted HTTP requests to an identical secured HTTPS connection.

2.3.4All HTTPS Services

This is a catch-all service that provides application-aware access for OWA, OA, EAS, ECP, EWS and AutoD services.

If all services are provided using a single FQDN, a simple single SSL certificate can be installed to provide security for all connections. Alternatively, these services can be provided on distinct FQDNs by installing a Unified Communications Certificate (UCC) (multi-named) certificate and setting DNS resolution for all FQDNs to the same virtual IP address.

These Virtual Services are treated as any other Virtual Service and may be modified or deleted, as required.

 

The LoadMaster Exchange is a deprecated product and is no longer available for purchase.

3Virtual Service Templates

KEMP have developed templates containing our recommended settings for Exchange 2010. These templates can be installed on the LoadMaster and can be used when creating each of the Virtual Services. Using a template automatically populates the settings in the Virtual Services. This is quicker and easier than manually configuring each Virtual Service. If needed, you can make changes to any of the Virtual Service settings after using the templates.

Released templates can be downloaded from the KEMP documentation page: http://www.kemptechnologies.com/documentation/.

For more information and steps on how to import and use templates, refer to the Virtual Services and Templates, Feature Description.

For steps on how to manually add and configure the Virtual Services, refer to the sections below.

The Exchange 2010 templates currently available are grouped in three downloadable files as follows:

  • Core Services

This set contains templates for MAPI/RPC, SMTP and both SSL offloaded and SSL pass-through HTTP/HTTPS services.

This is the primary set of services needed to balance Exchange 2010.

  • Extended Services

This set contains individual templates for both SSL offloaded and SSL pass-through versions of services for OWA, EAS, OA, ECP, EWS, and AS.

These services are only necessary if you want to break out each service type into its own Virtual Service.

  • Additional Services

This set contains templates for IMAP, POP and SMTP services, including variants for STARTTLS and SSL secured services.

If you create another Virtual Service using the same template, ensure to change the Service Name to a unique name.

When using SNMP monitoring of ESP-enabled Virtual Services that were created using a template, ensure to monitor each SubVS directly rather than relying on the master service. This is because the Authentication Proxy sub-service will always be marked as up and, as a consequence, so will the master service.

4Load Balancing CAS Services

This section provides step-by-step instructions on how to configure the KEMP LoadMaster to load balance the various services of Microsoft Exchange 2010.

Each service handled by the CAS role is briefly described below:

Outlook Web App: Outlook Web App (OWA) is enabled by default when you install the Client Access server role. OWA lets you access your mailbox from a web browser. In previous versions of Exchange, a specific version of Internet Explorer was required in order to get the OWA premium experience. With Exchange 2010, you can get the premium experience with Microsoft Internet Explorer, Mozilla Firefox and Apple Safari.

Control Panel: The Exchange Control Panel (ECP) is enabled by default when you install the Client Access server role. ECP is a new web module that lets an end-user or administrator manage the miscellaneous settings or perform other tasks for a mailbox from a web browser. It replaces the old OWA options page included with the previous version of Exchange Server.

Outlook Anywhere: Outlook Anywhere (OA), formerly known as RPC over HTTP, lets clients that use Microsoft Office Outlook 2010, Outlook 2007, or Outlook 2003 connect to their servers from outside the corporate network or over the Internet using the RPC over HTTP Windows networking component. The Windows RPC over HTTP Proxy component, which Outlook Anywhere clients use to connect, wraps RPCs with an HTTP layer. This allows traffic to traverse network firewalls without requiring RPC ports to be opened. In Exchange 2010, as in 2007, it's easy to deploy and manage this feature. To deploy Outlook Anywhere (OA) in your Exchange 2010 messaging environment, you should enable OA on all Internet-facing CASs using the “Enable Outlook Anywhere wizard” in the Management Console or the “Enable-OutlookAnywhere” cmdlet. In addition, you must set the external URLs for ECP, EWS and OAB unless only public folders are used for distributing the Offline Address Book (OAB).

ActiveSync: Exchange ActiveSync (EAS) is enabled by default when you install the CAS role. ECP lets you synchronize a mobile phone with your Exchange 2010 mailbox. EAS is a Microsoft synchronization protocol that's optimized to work together with high-latency and low-bandwidth networks. The protocol, based on HTTP and XML, lets mobile phones access an organization's information on a server that's running Microsoft. EAS enables mobile phone users to access their e-mail, calendar, contacts, and tasks and to continue to be able to access this information while they are working offline.

Offline Address Book: The Offline Address Book (OAB) is created by default when you install the mailbox server role. OAB is a copy of one or more address lists that's been downloaded so that an Outlook user can access the information it contains while disconnected from the server. Administrators can choose which address lists are made available to users who work offline, and they can also configure the method by which the OAB is distributed (web-based distribution or public folder distribution).

 

Web Services: The Exchange Web Services (EWS) is enabled by default when you install the CAS role. EWS is a web services Application Programming Interface (API) that can be used by 3rd party applications to access mailbox data. It is also used by various Microsoft applications and devices for integration with Exchange.

Autodiscover Service: The Autodiscover Service (AS) is enabled by default when you install the CAS role. AS is a service that makes it easier to configure Outlook2007 or Outlook2010 and EAS-based mobile devices that support this service. AS cannot be used withearlier versions of Outlook, including Outlook2003.

RPC Client Access Service: The RPC Client Access (RPC CA) service is enabled by default when the Exchange 2010 Client Access Server role is installed. The RPC CA service handles the Outlook MAPI connections. The change in Exchange 2010 to move all processing to the CAS was implemented to provide all data access through a single, common path of the CAS. This change improves consistency for applying business logic to clients, and provides a better client experience when failover occurs. This change also allows a higher number of concurrent connections per server and a higher number of mailboxes per server. In addition to moving processing of incoming Outlook connections to the CAS, in Exchange 2010, directory access is also handled by the CAS.

Address Book Service: The Exchange Address Book (EAB) service is enabled by default when you install the Exchange 2010 CAS role. The EAB service handles directory access requests from Outlook clients.

Post Office Protocol: Post Office Protocol (POP) is disabled by default when you install the Exchange 2010 CAS role. POP was designed to support offline mail processing. With POP3, e-mail messages are removed from the server and stored on the local POP3 client, unless the client has been set to leave mail on the server. This puts the data management and security responsibility in the hands of the user. POP3 does not offer advanced collaboration features such as calendaring, contacts, and tasks.

Internet Message Access Protocol: Internet Message Access Protocol (IMAP) is disabled by default when you install the Exchange 2010 CAS role. IMAP offers offline and online access, but like POP3, IMAP4 does not offer advanced collaboration features such as calendaring, contacts, and tasks.

4.1Configuring KEMP LoadMaster with a Consolidated Virtual Service for HTTPS-based Exchange 2010 Clients and Services

For most configurations, KEMP recommends creating a single Virtual Service for all HTTPS-based Exchange 2010 clients and services. That is a Virtual Services used by Outlook Web App (OWA), Exchange Control Panel (ECP), Outlook Anywhere (OA), Offline Address Book (OAB), Exchange ActiveSync (EAS), Exchange Web Services (EWS) and the Autodiscover service.

Using a single Virtual Service keeps the load balancer configuration simple and lets you have a single FQDN and associated SSL certificate for all Exchange 2010 client access methods and services.

You may use the same FQDN and SSL certificate for IMAP4 and POP3 access, even though they are on different Virtual Services, since they do not use port 443 like the above-mentioned client access methods and services.

In the configuration services below, refer to the Web User Interface (WUI), Configuration Guide for detailed descriptions of each of the WUI fields.

4.2Configuring a Virtual Service for HTTPS-based services (with SSL Offload and without ESP)

When you choose to offload SSL, you should follow the recommendations set by Microsoft. KEMP Technologies understands these recommendations to be:

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  2. Select Add New.

Figure 4‑1: Add a Virtual Service

  1. Enter a valid Virtual Address.
  2. Enter 443 as the Port.
  3. Enter a recognizable Service Name, for example Exchange 2010 HTTPS Offloaded.
  4. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the SSL Properties section.

Figure 4‑2: SSL Properties section

  1. Select the Enabled check box.

By default, a self-signed certificate is used. Click OK when a message displays indicating that there is no SSL certificate currently available for your Virtual Service and that a temporary one is used until a valid certificate is installed.

Optional: You can export the appropriate certificate and key from Exchange 2010 using the Microsoft export information found at http://technet.microsoft.com/en-us/library/bb310778.aspx. Ensure to export the certificate and private key as a Personal Information File (PFX). An SSL certificate can also be obtained from any certificate authority. When prompted by a third party certificate authority to specify a server type, indicate “Apache”. The format of Apache server type certificates is recognized by the LoadMaster.

 

Optional: You can import the appropriate PFX certificate and key file into the LoadMaster. For instructions on how to do this, refer to Section 4.6.10.

Figure 4‑3: Standard Options

  1. Expand the Standard Options section.
  2. Remove the tick from theTransparencycheck box.
  3. For Persistence Options, select Super HTTP as the Mode.
  4. Select 1 Hour as the Timeout value.
  5. Ensure that round robin is selected as the Scheduling Method.
  6. Enter 900 in the Idle Connection Timeout text box and click Set Idle Timeout.
  7. Expand the Advanced Properties section.

Figure 4‑4: Advanced Properties

  1. In the Add Header to Request text boxes, enter FRONT-END-HTTP in the first box and ON in the second box. Click Set Header.
  2. Click Add HTTP Redirector.
  3. Expand the Real Servers section.

Figure 4‑5: Real Servers section

  1. For Real Server Check Parameters, ensure that HTTP Protocol is selected.
  2. Enter 80 in the Checked Port text box. Click Set Check Port.
  3. A URL needs to be entered and set in the URL text box. The URL varies depending on the service to be checked. Review the Configuration Table in Appendix C: Configuration Table. As an example, if you were configuring Outlook Web App (OWA), the URL would be /owa.
  4. Click the Add New… button.

Figure 4‑6: Real Server parameters

  1. Enter the CAS address in the Real Server Address text box.
  2. Ensure the Port is set to 80.
  3. Click Add This Real Server.
  4. Click OK in response to the confirmation that the Real Server was added.

To view, modify or delete any Virtual Services that have been added, select the Virtual Services > View/Modify Services option in the main menu of the LoadMaster WUI.

The settings in the HTTP redirect Virtual Service need to be configured. To do this, follow the steps in Section 4.4.1.

4.3Configuring a Virtual Service for HTTPS-based services (with SSL Offload and with ESP)

4.3.1Create the Content Rules

Content Rules need to be created for the Virtual Service to function correctly.

To create the Modify URL rule for owa please complete the following steps:

  1. Select the Rules & Checking > Content Rules menu option.
  2. Click the Create New button.

Figure 4‑7: Redirect_Root Content Rule

  1. Enter a relevant name, for example Redirect_Root in the Rule Name field.
  2. Select the Modify URL option in the Rule Type drop-down.
  3. Enter /^\/$/ in the Match String field.
  4. Enter /owa in the Modified URL field.
  5. Click the Create Rule button.

To create a Content Matching rule for owa please complete the following steps:

  1. Select the Rules & Checking > Content Rules menu option.

Figure 4‑8: Create Rule

  1. Click the Create New button.
  2. Enter a relevant name, for example OWA in the Rule Name field.

Figure 4‑9: OWA Content Matching Rule

  1. Select the Content Matching option is selected in the Rule Type drop-down list.
  2. Ensure the Regular Expression option is selected in the Match Type drop-down list.
  3. Enter /^\/owa.*/ in the Match String field.
  4. Select the Ignore Case checkbox.
  5. Click the Create Rule button.

Create additional Content Matching rules following steps 1 to 8 above but using the values as described in the table below.

Rule Name

Match String

Ignore Case

ActiveSync

/^\/microsoft-server-activesync.*/

yes

Autodiscover

/^\/autodiscover.*/

yes

ECP

/^\/ecp.*/

yes

EWS

/^\/ews.*/

yes

OAB

/^\/oab.*/

yes

PowerShell

/^\/powershell.*/

yes

RPC

/^\/rpc.*/

yes

Root

/^\/$/

No

Authentication Proxy

/^\/lm_auth_proxy.*$/

Yes

Figure 4‑10: Content Rule Settings

4.3.2Configure the Virtual Service

To configure a Virtual Service for HTTPS-based services, with SSL offloading and ESP enabled, follow the steps below:

  1. In the main menu of the LoadMaster WUI, select Virtual Services > Add New.

Figure 4‑11: Virtual Service Settings

  1. Enter a valid Virtual Address.
  2. Enter 443 as the Port.
  3. Enter a recognizable Service Name.
  4. Click Add this Virtual Service.
  5. Expand the SSL Properties section.

Figure 4‑12: SSL Properties section

  1. Select Enabled.
  2. Click OK.

By default, a self-signed certificate is used. Click OK when a message displays indicating that there is no SSL certificate currently available for your Virtual Service and that a temporary one is used until a valid certificate is installed.

Optional: You can export the appropriate certificate and key from Exchange 2010 using the Microsoft export information found at http://technet.microsoft.com/en-us/library/bb310778.aspx. Ensure to export the certificate and private key as a Personal Information File (PFX). An SSL certificate can also be obtained from any certificate authority. When prompted by a third party certificate authority to specify a server type, indicate “Apache”. The format of Apache server type certificates is recognized by the LoadMaster.

Optional: You can import the appropriate PFX certificate and key file into the LoadMaster. For instructions on how to do this, refer to Section 4.6.10.

  1. Expand the Standard Options section.

Figure 4‑13: Standard Options

  1. Remove the tick from the Transparency check box.
  2. Enter 900 in the Idle Connection Timeout text box and click Set Idle Timeout.
  3. Expand the Advanced Properties section.

Figure 4‑14: Advanced Properties

  1. Click Show Header Rules.

Figure 4‑15: Add Modify URL Rule

  1. Select the Modify URL rule and click Add.
  2. Click Back.

Figure 4‑16: Advanced Properties

  1. Enter FRONT-END-HTTP in the first Add Header to Request text box.
  2. Enter ON in the second Add Header to Request text box.
  3. Click Set Header.
  4. Click Add HTTP Redirector.
  5. Expand the ESP Options section.

Figure 4‑17: ESP Options

  1. Now the SubVSs need to be added. Expand the Real Servers section.

Figure 4‑18: Real Servers section

  1. Click Add SubVS.
  2. Click OK.

Figure 4‑19: Modify SubVS

  1. To configure the SubVS, click Modify.

Figure 4‑20: Basic Properties

  1. Enter a recognizable SubVS Name, for example OWA, and click Set Nickname.
  2. Expand the Standard Options section.

Figure 4‑21: Standard Options

  1. Remove the tick from the Transparency check box.
  2. Select Super HTTP as the Persistence Mode.
  3. Select 1 Hour as the Timeout value.

Figure 4‑22: ESP Options

  1. Expand the ESP Options section.
  2. Select Enable ESP.
  3. Select the relevant SSO Domain.
  4. Enter any required Allowed Virtual Hosts and click Set Allowed Virtual Hosts.
  5. Enter /owa* and click Set Allowed Directories.
  6. Select Form Based as the Client Authentication Mode.
  7. Select Basic Authentication as the Server Authentication mode.
  8. Select Exchange as the SSO Image Set.
  9. Enter Please enter your Exchange credentials. in the SSO Greeting Message and click Set SSO Greeting Message.

There are several characters that are not supported. These are the grave accent character ( ` ) and the single quotes (’). If a grave accent character is used in the SSO Greeting Message, the character does not display in the output. For example, a`b`c becomes abc. If a single quote is used, users will not be able to log in.

  1. Expand the Real Servers section.

Figure 4‑23: Real Servers section

  1. Enter 443 as the Checked Port and click Set Check Port.
  2. Enter /owa as the URL and click Set URL.
  3. Select the Use HTTP/1.1 check box.
  4. Select GET as the HTTP Method.
  5. Now, add the remaining required SubVSs. The specific settings for the additional SubVSs, which differ from the above steps, are in the table below.

SubVS Name

Allowed Virtual Directories

 

Client Auth. mode

Server Auth. mode

SSO Image Set

SSO Greeting Message

Health Check URL

Autodiscover

/autodiscover*

 

None

None

n/a

 

/autodiscover

ECP

/ecp*

 

Form Based

Basic Auth.

Exchange

Please enter your Exchange credentials.

/ecp

EWS

/ews*

 

None

None

n/a

 

/ews

ActiveSync

/microsoft-server-activesync*

 

Basic Auth.

Basic Auth.

n/a

 

/microsoft-server-activesync

OAB

/oab*

 

None

None

n/a

 

/oab

Powershell

/powershell*

 

None

None

n/a

 

/powershell

RPC

/rpc*

 

None

None

n/a

 

/rpc

Authentication Proxy

/*

 

Form Based

Basic Auth.

Exchange

Please enter your Exchange credentials.

 
  1. When all the SubVSs have been added, go to the parent Virtual Service modify screen and expand the Advanced Properties section.

Figure 4‑24: Enable Content Switching

  1. Click Enable to enable Content Switching.
  2. Now, the content rules need to be assigned to each of the SubVSs. To do this, expand the SubVSs section.

Figure 4‑25: Assign Content Rules

  1. Click None.

Figure 4‑26: Add Rule

  1. Select the relevant rule for the SubVS selected and click Add.
  2. Repeat the previous two steps to add rules to each of the SubVSs.

In addition to the OWA rule, the root rule should also be assigned to the OWA SubVS.

4.4Configuring a Virtual Service for HTTPS-based Services (without SSL Offload)

To configure a Virtual Service for HTTPS-based services, without SSL offload, follow the steps below:

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑27: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 443 as the Port.

Select tcp as the Protocol. The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the Standard Options section.

Figure 4‑28: Standard Options section

  1. Ensure that the Force L4 check box is clear.
  2. Ensure that the Transparencycheck box is disabled.
  3. For Persistence Options, select Source IP Address as the Mode.
  4. Select 1 Hour as the Timeout value.
  5. Select round robin as the Scheduling Method.
  6. Enter 900 as the Idle Connection Timeout and click Set Idle Timeout.
  7. Expand the Advanced Properties section.

Figure 4‑29: Advanced Properties

  1. Click Add HTTP Redirector.
  2. Expand the Real Servers section.

Figure 4‑30: Real Servers section

  1. For Real Server Check Parameters, selectHTTPS Protocol.
  2. Enter 443 as the Checked Port and click Set Check Port.
  3. Enter /owa as the URL and click Set URL.
  4. Click the Add New… button.

Figure 4‑31: Real Server parameters

  1. Enter the Real Server Address.
  2. Enter 443 as the Port.
  3. Click Add This Real Server.
  4. Click OKin response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers that have been added, click View/Modify Services.

4.4.1Configuring the HTTP Redirect Virtual Service

The HTTP redirect Virtual Service needs to be configured. Follow the steps below to do this:

  1. In the main menu, go to Virtual Services > View/Modify Virtual Services.

Figure 4‑32: Modify Redirect Virtual Service

  1. Click the Modify button on the Redirect Virtual Service.

Figure 4‑33: Basic Properties

  1. Enter a recognizable Service Name, such as Exchange 2010 HTTPS - HTTP Redirect.
  2. Expand the Standard Options section.

Figure 4‑34: Standard Options

  1. Select None as the Persistence Mode.
  2. Expand the Real Servers section.

Figure 4‑35: Real Servers

  1. Select None from the Real Server Check Parameters drop-down list.

4.5Configuring the KEMP LoadMaster for Outlook MAPI

In Exchange 2010, MAPI traffic to the user’s mailbox goes to the endpoint configured in the database. By default, it is set to the FQDN of the Exchange server. If the database is created after creating the Client Access Array, the new database automatically uses the CAS Array FQDN and will go to the load balancer if DNS is configured correctly.

Public folder traffic is also MAPI but it does not use the CAS Array FQDN and this behaviour cannot be changed. This traffic will always bypass the load balancer in Exchange 2010.

4.5.1Creating the Virtual Service for the RPC CA (MAPI) & Address Book Service

Follow the steps below to create the Virtual Service for Outlook MAPI connectivity:

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  2. Select Add New.

Figure 4‑36: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter *(asterisk) as the Port.

If you wish to configure your Exchange 2010 environment to utilize static RPC ports as opposed to the dynamic port range realized by inputting the asterisk, you should first configure your Exchange 2010 Server by following the instructions at http://social.technet.microsoft.com/wiki/contents/articles/configuring-static-rpc-ports-on-an-exchange-2010-client-access-server.aspx. You can enter a specific port number for each Virtual Service.

 

Do not change the wildcard service to Layer 4 as doing so will cause inoperability.

  1. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the Standard Options section.

Figure 4‑37: Standard Options section

  1. Ensure the Force L4 checkbox is clear.
  2. Ensure the Transparency check box is clear.
  3. For Persistence Options, select Source IP Address as the Mode.
  4. Select 1 Hour as the Timeout value.
  5. Select round robin as the Scheduling Method.
  6. Enter 86400 as the Idle Connection Timeout and click Set Idle Timeout.

This will provide an idle timeout of 24 hours and prevent Outlook Users having to re-authenticate during the working day.

  1. Expand the Real Servers section.

Figure 4‑38: Real Servers section

  1. For Real Server Check Parameters, selectTCP Connection Only.
  2. Enter 135 as the Port.
  3. Click the Add New… button.
  4. Enter the Real Server Address.
  5. Click Add This Real Server.
  6. Click OKin response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers that have been added, select Virtual Services > View/Modify Services in the main menu of the LoadMaster WUI.

4.6Configuring the LoadMaster with Unique Virtual Services

By maintaining a unique Virtual Service for each CAS service, you can manage each independently from one another. For example, you may wish to have different pool membership, server load balancing methods, or custom monitors for OWA and OA. If those services are each associated with a different Virtual Service, micro-management becomes easier.

When using a unique Virtual Service for each CAS service, the same FQDN and port cannot be shared among the services. So for HTTPS-based services, you should use unique FQDNs for each CAS service and Virtual Service. This is a general limitation when load balancing services using layer 7.

The following sections contain steps necessary for creating a Virtual Service for each of the available CASs in Exchange 2010.

4.6.1Outlook Web App (OWA)

4.6.1.1Configuring a Virtual Service for OWA (with SSL Offload)

When offloading SSL for OWA, you should follow the recommendations set by Microsoft. KEMP Technologies understands these recommendations to be:

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑39: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 443 as the Port.
  3. Enter a recognisable Service Name, for example Exchange 2010 OWA.
  4. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the SSL Properties section.

Figure 4‑40: SSL Properties section

  1. Select the Enabled checkbox.

By default, a self-signed certificate is used. Click OK when a message displays indicating that there is no SSL certificate currently available for your Virtual Service.

Optional: You can export the appropriate certificate and key from Exchange 2010 using the Microsoft export information found at http://technet.microsoft.com/en-us/library/bb310778.aspx . Ensure to export the certificate and private key as a Personal Information File (PFX). An SSL certificate can be obtained from any certificate authority. When prompted by a third party certificate authority to specify a server type, indicate “Apache”. The format of Apache server type certificates is recognized by the LoadMaster.

Optional: You can import the appropriate PFX certificate and key file into the LoadMaster. For instructions on how to do this, refer to Section 4.6.10.

  1. Expand the Standard Options section.

Figure 4‑41: Standard Options

  1. Remove thetick from the Transparencycheck box.
  2. For Persistence Options, select Super HTTP as the Mode.
  3. Select 1 Hour as the Timeout value.
  4. Enter 900 as the Idle Connection Timeout and click Set Idle Timeout.
  5. Expand the Advanced Properties section.

Figure 4‑42: Advanced Properties

  1. In the Add Headers to Request text boxes, enter FRONT-END-HTTP in the first box and ON in the second. Click Add Header.
  2. Click Add HTTP Redirector.
  3. Expand the Real Servers section.

Figure 4‑43: Real Servers section

  1. For Real Server Check Parameters, select HTTP Protocol.
  2. Enter 80 as the Checked Port and click Set Check Port.
  3. Enter /owa in the URL text box and click Set URL.
  4. Click the Add New… button.

Figure 4‑44: Real Server parameters

  1. Enter the Real Server Address.
  2. Enter 80 as the Port.
  3. Click Add This Real Server.
  4. Click OK in response to the confirmation that the Real Server was added.

To view, modify, or delete any Real Servers that have been added, select the Virtual Services > View/Modify Services option in the main menu of the LoadMaster WUI.

The HTTP redirect Virtual Service needs to be configured. Refer to Section 4.5.1 for instructions on how to do this.

4.6.1.2Configuring a Virtual Service for OWA (without SSL Offload)

To configure a Virtual Service for OWA, without SSL offload, follow the steps below:

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑45: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 443 as the Port.
  3. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the Standard Options section.

Figure 4‑46: Standard Options

  1. Ensure the Force L4 check box is clear.
  2. Ensure the Transparency check box is clear.
  3. For Persistence Options, select Source IP Address as the Mode.
  4. Select 1 Hour as the Timeout value.
  5. Select round robin as the Scheduling Method.
  6. Enter 900 as the Idle Connection Timeout and click Set Idle Timeout.
  7. Expand the Advanced Properties section.

Figure 4‑47: Advanced Properties

  1. Click the Add HTTP Redirector button.
  2. Expand the Real Servers section.

Figure 4‑48: Real Servers

  1. Ensure that HTTPS Protocol is selected.
  2. Enter 443 in the Checked Port text box and click Set Check Port.
  3. Enter /owa in the URL text box.
  4. Click Set URL.
  5. Click the Add New… button.
  6. Enter the Real Server Address.
  7. Enter 443 as the Port.
  8. Click Add This Real Server.
  9. Click OK in response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers that have been added, select the Virtual Services > View/Modify Services menu option.

The HTTP redirect Virtual Service needs to be configured. Refer to Section 4.5.1 for instructions on how to do this.

4.6.2Control Panel (ECP)

4.6.2.1Configuring a Virtual Service for ECP (with SSL Offload)

When you choose to offload SSL for ECP, please follow the recommendations set by Microsoft. KEMP Technologies understands these recommendations to be; disable “Require SSL” on IIS: http://technet.microsoft.com/en-us/library/cc732341(WS.10).aspx.

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑49: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 443 as the Port.
  3. Enter a recognisable Service Name, for example Exchange 2010 ECP.
  4. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the SSL Properties section.

Figure 4‑50: SSL Properties

  1. Select the Enabled check box.
  2. By default, a self-signed certificate is used. Click OK when a message displays indicating that there is no SSL certificate currently available.
  1. Optional: You can export the appropriate certificate and key from Exchange 2010 using the Microsoft export information found at http://technet.microsoft.com/en-us/library/bb310778.aspx. Ensure to export the certificate and private key as a Personal Information File (PFX). An SSL certificate can also be obtained from any certificate authority. When prompted by a third party certificate authority to specify a server type, indicate “Apache”. The format of Apache server type certificates is recognized by the LoadMaster.
  2. Optional: Import the appropriate PFX certificate and key file into the LoadMaster. For instructions on how to do this, refer to Section 4.6.10.
  3. Expand the Standard Options section.

Figure 4‑51: Standard Options

  1. Remove the tick from the Transparencycheck box.
  2. For Persistence Options, select Super HTTP as the Mode.
  3. Select 1 Hour as the Timeout value.
  4. Enter 900 in the Idle Connection Timeout text box and click Set Idle Timeout.
  5. Expand the Advanced Properties section.

Figure 4‑52: Advanced Properties

  1. In the Add Header to Request text boxes, enter FRONT-END-HTTP in the first text box and enter ON in the second text box. Click Set Header.
  2. Click Add HTTP Redirector.
  3. Expand the Real Servers section.

Figure 4‑53: Real Servers section

  1. For Real Server Check Parameters, ensurethat HTTP Protocol is selected.
  2. Enter 80 as the Checked Port and click Set Check Port.
  3. Enter /ecp in the URL text box and click Set URL.
  4. Click the Add New… button.
  5. Enter the Real Server Address.
  6. Enter 80 as the Port.
  7. Click Add This Real Server.
  8. Click OK in response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers, select Virtual Services > View/Modify Services in the main menu of the LoadMaster WUI.

The HTTP redirect Virtual Service needs to be configured. Refer to Section 4.5.1 for instructions on how to do this.

4.6.2.2Configuring a Virtual Service for ECP (without SSL Offload)

To configure a Virtual Service for ECP, without SSL offload, follow the steps below:

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑54: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 443 as the Port.
  3. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the Standard Options section.

Figure 4‑55: Standard Options

  1. Ensure the Force L4 check box is clear.
  2. Ensure the Transparencycheck box is clear.
  3. For Persistence Options, select Source IP Address as the Mode.
  4. Select 1 Hour as the Timeout value.
  5. Select round robin as the Scheduling Method.
  6. Expand the Real Servers section.

Figure 4‑56: Real Servers section

  1. Ensure thatHTTPS Protocol is selected.
  2. Enter 443 as the Checked Port and click Set Check Port.
  3. Enter /ecp in the URL text box.
  4. Click Set URL.

Click the Add New… button.

Figure 4‑57: Real Server Parameters

  1. Enter the Real Server Address.
  2. Enter 443 as the Port.
  3. Click Add This Real Server.
  4. Click OKin response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers, select Virtual Services > View/Modify Services in the main menu of the LoadMaster WUI.

The HTTP redirect Virtual Service needs to be configured. Refer to Section 4.5.1 for instructions on how to do this.

4.6.3 ActiveSync (EAS)

4.6.3.1Configuring a Virtual Service for EAS (with SSL Offload)

When offloading SSL for EAS, follow the recommendations set by Microsoft. KEMP Technologies understands the recommendation to be; removing the “Require SSL” flag in IIS Manager on the Microsoft-Server-ActiveSync virtual directory or via the Set-ActiveSyncVirtualDirectory cmdlet: http://technet.microsoft.com/en-us/library/aa998363.aspx.

SSL offloading for ActiveSync is only supported at the Internet ingress point. It’s not supported in CAS-CAS proxy scenarios between Active Directory sites.

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑58: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 443 as the Port.
  3. Enter a recognisable Service Name, for example Exchange 2010 EAS.
  4. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the SSL Properties section.

Figure 4‑59: SSL Properties section

  1. Select the Enabled check box.
  2. By default, a self-signed certificate is used. Click OK when a message displays indicating that there is no SSL certificate currently available.
  3. Optional: You can export the appropriate certificate and key from Exchange 2010 using the Microsoft export information found at http://technet.microsoft.com/en-us/library/bb310778.aspx. Ensure to export the certificate and private key as a Personal Information File (PFX). You can also obtain an SSL certificate from any certificate authority. When prompted by a third party certificate authority to specify a server type, indicate “Apache”. The format of Apache server type certificates is recognized by LoadMaster.
  4. Optional:Import the appropriate PFX certificate and key file into the LoadMaster. For instructions on how to do this, refer to Section 4.6.10.
  5. Expand the Standard Options section.

Figure 4‑60: Standard Options

  1. Ensure the Transparencycheck box is clear.
  2. For Persistence Options, select Super HTTP as the Mode.
  3. Select 1 Hour as the Timeout value.
  4. Enter 900 in the Idle Connection Timeout text box and click Set Idle Timeout.
  5. Expand the Real Servers section.

Figure 4‑61: Real Servers section

  1. Enter 80 as the Checked Port and click Set Check Port.
  2. Enter /Microsoft-server-activesync in the URL text box.
  3. Click Set URL.
  4. Click the Add New… button.

Figure 4‑62: Real Server parameters

  1. Enter theReal Server Address.
  2. Enter 80 as the Port.
  3. Click Add This Real Server.
  4. Click OKin response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers, select the Virtual Services > View/Modify Services option in the main menu of the LoadMaster WUI.

The HTTP redirect Virtual Service needs to be configured. Refer to Section 4.5.1 for instructions on how to do this.

4.6.3.2Configuring a Virtual Service for EAS (without SSL Offload)

To configure a Virtual Service for EAS, without SSL offload, follow the steps below:

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑63: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 443 as the Port.
  3. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the Standard Options section.

Figure 4‑64: Standard Options section

  1. Ensure the Force L4 check box is clear.
  2. Ensure the Transparencycheck box is clear.
  3. For Persistence Options, select Source IP Address as the Mode.
  4. Select 1 Hour as the Timeout value.
  5. Select round robin as the Scheduling Method.
  6. Enter 900 as the Idle Connection Timeout. Click Set Idle Timeout.
  7. Expand the Real Servers section.

Figure 4‑65: Real Servers section

  1. Ensure thatHTTPS Protocol is selected in the drop-down list.
  2. Enter 443 in the Checked Port text box and click Set Check Port.
  3. Enter /Microsoft-Server-ActiveSync in the URL text box.
  4. Click Set URL.
  5. Click the Add New… button.

Figure 4‑66: Real Server parameters

  1. Enter the Real Server Address.
  2. Enter 443 as the Port.
  3. Click Add This Real Server.
  4. Click OKin response to the confirmation that the Real Server was added.
  5. To view, modify, or delete any Virtual Services or Real Servers that have been added, select the Virtual Services > View/Modify Services option in the main menu of the LoadMaster WUI.

The HTTP redirect Virtual Service needs to be configured. Refer to Section 4.5.1 for instructions on how to do this.

4.6.4Outlook Anywhere (OA)

4.6.4.1Configuring a Virtual Service for OA (with SSL Offload)

When SSL offloading OA, you should follow the recommendations set by Microsoft. KEMP Technologies understands the recommendations to be; configuring SSL Offloading for OW per: http://technet.microsoft.com/en-us/library/aa998346.aspx.

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑67: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 443 as the Port.
  3. Enter a recognisable Service Name, for example Exchange 2010 OA.
  4. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the SSL Properties section.

Figure 4‑68: SSL Properties section

  1. Select the Enabled check box.
  2. By default, a self-signed certificate is used. Click OK when a message displays indicating that there is no SSL certificate currently available.
  3. Optional: You can export the appropriate certificate and key from Exchange 2010 using the Microsoft export information found at http://technet.microsoft.com/en-us/library/bb310778.aspx. Ensure to export the certificate and private key as a Personal Information File (PFX). You can also obtain an SSL certificate from any certificate authority. When prompted by a third party certificate authority to specify a server type, indicate “Apache”. The format of Apache server type certificates is recognized by LoadMaster.
  4. Optional:Import the appropriate PFX certificate and key file into the LoadMaster. For instructions on how to do this, refer to Section 4.6.10.

Figure 4‑69: Standard Options section

  1. Expand the Standard Options section.
  2. Remove the tick from the Transparencycheck box.
  3. For Persistence Options, select Super HTTP as the Mode.
  4. Select 1 Hour as the Timeout value.
  5. Enter 900 as the Idle Connection Timeout. Click Set Idle Timeout.
  6. Expand the Advanced Properties section.

Figure 4‑70: Advanced Properties

  1. In the Add Header to Request, enter FRONT-END-HTTP in the first text box and ON in the second. Click Set Header.
  2. Click Add HTTP Redirector.
  3. Expand the Real Servers section.

Figure 4‑71: Real Servers section

  1. For Real Server Check Parameters, ensure that HTTP Protocol is selected.
  2. Enter 80 as the Checked Port and click Set Check Port.
  3. Enter /rpc/rpcproxy.dll in the URL text box.
  4. Click Set URL.
  5. Click the Add New… button.

Figure 4‑72: Real Server parameters

  1. Enter the Real Server Address.
  2. Enter80 as the Port.
  3. Click Add This Real Server.
  4. Click OKin response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers that have been added, select the Virtual Services > View/Modify Services option in the main menu of the LoadMaster WUI.

The HTTP redirect Virtual Service needs to be configured. Refer to Section 4.5.1 for instructions on how to do this.

4.6.4.2Configuring a Virtual Service for OA (without SSL Offload)

To configure a Virtual Service for OA, without SSL offload, follow the steps below:

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑73: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 443 as the Port.
  3. Enter a recognizable Service Name, for example Exchange 2010 OA-WOSSL.
  4. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the Standard Options section.

Figure 4‑74: Standard Options section

  1. Ensure that the Force L4 check box is clear.
  2. Ensure the Transparencycheck box is clear.
  3. For Persistence Options, select Source IP Address as the Mode.
  4. Select 1 Hour as the Timeout value.
  5. Ensure that round robin is selected as the Scheduling Method.
  6. Enter 900 in the Idle Connection Timeout text box and click Set Idle Timeout.
  7. Expand the Real Servers section.

Figure 4‑75: Real Servers section

  1. Ensure thatHTTPS Protocol is selected in the drop-down list.
  2. Enter 443 in the Set Check Port text box. Click Set Check Port.
  3. Enter /rpc/rpcproxy.dll in the URL text box.
  4. Click Set URL.
  5. Click the Add New… button.

Figure 4‑76: Real Server parameters

  1. Enter the Real Server Address.
  2. Enter 443 as the Port.
  3. Click Add This Real Server.
  4. Click OKin response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers that have been added, select the Virtual Services > View/Modify Services option in the LoadMaster WUI.

The HTTP redirect Virtual Service needs to be configured. Refer to Section 4.5.1 for instructions on how to do this.

4.6.5Web Services (EWS)

4.6.5.1Configuring a Virtual Service for EWS (with SSL Offload)

When offloading SSL for EWS, follow the recommendations set by Microsoft. KEMP Technologies understands the recommendations to be; Enable or Disable SSL on the EWS Virtual Directory: http://technet.microsoft.com/en-us/library/ee633481.aspx.

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑77: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 443 as the Port.
  3. Enter a recognizable Service Name, for example Exchange 2010 EWS.
  4. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the SSL Properties section.

Figure 4‑78: SSL Properties section

  1. Select the Enabled check box. By default, a self-signed certificate is used. Click OK when a message displays indicating that there is no SSL certificate currently available.
  2. Optional: You can export the appropriate certificate and key from Exchange 2010 using the Microsoft export information found at http://technet.microsoft.com/en-us/library/bb310778.aspx. Ensure to export the certificate and private key as a Personal Information File (PFX). You can also obtain an SSL certificate that you desire from any certificate authority. When prompted by a third party certificate authority to specify a server type, indicate “Apache”. The format of Apache server type certificates is recognized by LoadMaster.
  3. Optional:Import the appropriate PFX certificate and key file into the LoadMaster. For instructions on how to do this, refer to Section 4.6.10.
  4. Expand the Standard Options section.
  5. Expand the Advanced Properties section.

Figure 4‑79: Advanced Properties

  1. In the Add Header to Request text boxes, enter FRONT-END-HTTP in the first box and ON in the second box.
  2. Click Add HTTP Redirector.

Figure 4‑80: Standard Options

  1. Remove the tick from the Transparencycheck box.
  2. For Persistence Options, select Super HTTPas the Mode.
  3. Select 1 Hour as the Timeout value.
  4. Select round robin as the Scheduling Method.
  5. Enter 900 in the Idle Connection Timeout text box and click Set Idle Timeout.
  6. Expand the Real Servers section.

Figure 4‑81: Real Servers section

  1. For Real Server Check Parameters, ensure that HTTP Protocol is selected.
  2. Enter /ews/exchange.asmx in the URL text box.
  3. Click Set URL.
  4. Click the Show Headers button.
  5. Enter FRONT-END-HTTP in the first text box.
  6. Enter ON in the second text box.
  7. Click Set Header.

Header injection is a legacy option and is not required as per Microsoft.

  1. Click the Add New… button.

Figure 4‑82: Real Server parameters

  1. Enter the Real Server Address.
  2. Enter80 as the Port.
  3. Click Add This Real Server.
  4. Click OKin response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers, select Virtual Services > View/Modify Services from the main menu of the LoadMaster WUI.

The HTTP redirect Virtual Service needs to be configured. Refer to Section 4.5.1 for instructions on how to do this.

4.6.5.2Configuring a Virtual Service for EWS (without SSL Offload)

To configure a Virtual Service for EWS, without SSL offload, follow the steps below:

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑83: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 443 as the Port.
  3. Enter a recognizable Service Name, for example Exchange 2010 EWS HTTPS.
  4. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the Standard Options section.

Figure 4‑84: Standard Options

  1. Ensure the Force L4 check box is clear.
  2. Ensure the Transparencycheck box is clear.
  3. For Persistence Options, select Source IP Address as the Mode.
  4. Select 1 Hour as the Timeout value.
  5. Select round robin as the Scheduling Method.
  6. Enter 900 in the Idle Connection Timeout text box and click Set Idle Timeout.
  7. Expand the Advanced Properties section.

Figure 4‑85: Advanced Properties

  1. Click Add HTTP Redirector.
  2. Expand the Real Servers section.

Figure 4‑86: Real Servers

  1. For Real Server Check Parametersensure thatHTTPS Protocol is selected.
  2. Enter 443 in the Checked Port text box and click Set Check Port.
  3. Enter /ews/exchange.asmx in the URL text box.
  4. Click Set URL.
  5. Click the Add New… button.

Figure 4‑87: Real Server parameters

  1. Enter the Real Server Address.
  2. Enter443 as the Port.
  3. Click Add This Real Server.
  4. Click OKin response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers, select the Virtual Services > View/Modify Services option in the main menu of the LoadMaster WUI.

The HTTP redirect Virtual Service needs to be configured. Refer to Section 4.5.1 for instructions on how to do this.

4.6.6Autodiscover Service (AS)

4.6.6.1Configuring a Virtual Service for AS (with SSL Offload)

When you choose to offload SSL for AS, you should follow the recommendations set by Microsoft. KEMP Technologies understands the recommendations to be; Enable or Disable SSL on the AS Virtual Directory (http://technet.microsoft.com/en-us/library/ee633481.aspx).

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑88: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 443 as the Port.
  3. Enter a recognizable Service Name, for example Exchange 2010 AS.
  4. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the SSL Properties section.

Figure 4‑89: SSL Properties section

  1. Select the Enabled check box. By default, a self-signed certificate is used. Click OK when a message displays indicating that there is no SSL certificate currently available.
  2. Optional: If you have not already done so, export the appropriate certificate and key from Exchange 2010 using the Microsoft export information found at http://technet.microsoft.com/en-us/library/bb310778.aspx. Ensure to export the certificate and private key as a Personal Information File (PFX). An SSL certificate can be obtained from any certificate authority. When prompted by a third party certificate authority to specify a server type, indicate “Apache”. The format of Apache server type certificates is recognized by LoadMaster.
  3. Optional:Import the appropriate PFX certificate and key file into the LoadMaster. For instructions on how to do this, refer to Section 4.6.10.
  4. Expand the Real Servers section.

Figure 4‑90: Real Servers section

  1. Enter 80 in the Checked Port text box. Click Set Check Port.
  2. Enter /autodiscover/autodiscover.xml in the URL text box.
  3. Click Set URL.
  4. Click the Add New… button.

Figure 4‑91: Real Server parameters

  1. Enter the Real Server Address.
  2. Enter 80 as the Port.
  3. Click Add This Real Server.
  4. Click OKin response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers, click Virtual Services > View/Modify Services in the LoadMaster main menu.

4.6.6.2Configuring a Virtual Service for AS (without SSL Offload)

To configure a Virtual Service for AS, without SSL offload, follow the steps below:

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑92: Virtual Service Parameters

  1. Enter a valid Virtual Address.
  2. Enter 443 as the Port.
  3. Enter a recognizable Service Name, for example Exchange 2010 AS.
  4. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the Standard Options section.

Figure 4‑93: Standard Options section

  1. Ensure the Force L4 check box is clear.
  2. Ensure the Transparencycheck box is clear.
  3. Enter 900 in the Idle Connection Timeout text box and click Set Idle Timeout.
  4. Expand the Advanced Properties section.

Figure 4‑94: Advanced Properties

  1. Click Add HTTP Redirector.
  2. Expand the Real Servers section.

Figure 4‑95: Real Servers section

  1. Enter 443 as the Checked Port and click Set Check Port.
  2. Enter /autodiscover/autodiscover.xml in the URL text box.
  3. Click Set URL
  4. Click the Add New… button.

Figure 4‑96: Real Server parameters

  1. Enter the Real Server Address.
  2. Enter 443 as the Port.
  3. Click Add This Real Server.
  4. Click OKin response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers that have been added, select Virtual Services > View/Modify Services from the main menu of the LoadMaster WUI.

The HTTP redirect Virtual Service needs to be configured. Refer to Section 4.5.1 for instructions on how to do this.

4.6.7Internet Message Access Protocol (IMAP4)

4.6.7.1Configuring a Virtual Service for IMAPS (with SSL Offload)

In general, SSL offload for IMAP represents a trade-off. When servers are running near capacity, offloading SSL can allow you to accommodate additional traffic with a given set of servers, at a cost of some diminished security checks. When you choose to SSL offload you should follow the recommendations set by Microsoft. KEMP Technologies understands the recommendations to be; Disabling Secure Login Authentication using instructions found at http://technet.microsoft.com/en-us/library/bb691401.aspx.

  • When using the IMAP or POP3 service, TLS must be turned off on the Exchange server. If TLS is on, the server will attempt to force TLS and this may break the connection.

Figure 4‑97: IMAP4 Properties

When configuring the IMAP4 Properties, ensure to select one of the first 2 options because TLS should not be enabled.

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑98: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 993 as the Port.
  3. Enter a recognizable Service Name, for example Exchange 2010 IMAPS Offloaded.
  4. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the SSL Properties section.

Figure 4‑99: SSL Properties section

  1. Select the Enabled check box. By default, a self-signed certificate is used. Click OK when a message displays indicating that there is no SSL certificate currently available.
  2. Optional: Export the appropriate certificate and key from Exchange 2010 using the Microsoft export information found at http://technet.microsoft.com/en-us/library/bb310778.aspx. Ensure to export the certificate and private key as a Personal Information File (PFX). An SSL certificate can be obtained from any certificate authority. When prompted by a third party certificate authority to specify a server type, indicate “Apache”. The format of Apache server type certificates is recognized by the LoadMaster.
  3. Optional:Import the appropriate PFX certificate and key file into the LoadMaster. For instructions on how to do this, refer to Section 4.6.10.
  4. Expand the Standard Options section.

Figure 4‑100: Standard Options

  1. Remove the tick from the Transparency check box.
  2. Select IMAP4 from the Server Initiating Protocols drop-down list.
  3. Enter 3600 in the Idle Connection Timeout text box and click Set Idle Timeout.
  4. Expand the Real Servers section.

Figure 4‑101: Real Servers section

  1. SelectMailbox (IMAP) Protocol from the drop-down list provided.
  2. Enter 143 as the Checked Port and click Set Check Port.
  3. Click the Add New… button.
  4. Enter the Real Server Address.
  5. Enter 143 as the Port.
  6. Click Add This Real Server.
  7. Click OKin response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers that have been added, select Virtual Services and View/Modify Services in the main menu of the LoadMaster WUI.

4.6.7.2Configuring a Virtual Service for IMAP (without SSL Offload)

To configure a Virtual Service for IMAP, without SSL offload, follow the steps below:

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑102: Virtual Service Parameters

  1. Enter a valid Virtual Address.
  2. Enter 143 as the Port.
  3. Enter a valid Service Name, for example Exchange 2010 IMAP.
  4. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.

Figure 4‑103: Standard Options section

  1. Expand the Standard Options section.
  2. Ensure the Force L4 check box is clear.
  3. Ensure the Transparencycheck box is clear.
  4. Enter 3600 in the Idle Connection Timeout text box and click Set Idle Timeout.
  5. Expand the Real Servers section.

Figure 4‑104: Real Servers section

  1. SelectMailbox (IMAP) Protocol from the drop-down list provided.
  2. Enter 143 in the Checked Port text box and click Set Check Port.
  3. Click the Add New… button.

Figure: Real Server Parameters

  1. Enter the Real Server Address.
  2. Enter 143 as the Port.
  3. Click Add This Real Server.
  4. Click OKin response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers that have been added, select the Virtual Services > View/Modify Services option from the main menu of the LoadMaster WUI.

4.6.7.3Configuring a Virtual Service for IMAP (without SSL Offload and with STARTTLS)

To configure a Virtual Service for IMAP (without SSL offload and with STARTTLS), follow the steps below in the LoadMaster WUI:

  1. In the main menu, select Virtual Services > Add New.

Figure 4‑105: Virtual Service parameters

  1. Enter a valid IP address in the Virtual Address text box.
  2. Enter 143 as the Port.
  3. Enter a recognizable Service Name, for example Exchange 2010 IMAP with STARTTLS.
  4. Click Add this Virtual Service.

Figure 4‑106: Basic Properties

  1. Select STARTTLS protocols as the Service Type.
  2. Expand the Standard Options section.

Figure 4‑107: Standard Options

  1. Remove the tick from the Transparency check box.
  2. Enter 3600 as the Idle Connection Timeout and click Set Idle Timeout.
  3. Expand the Real Servers section.

Figure 4‑108: Real Servers

  1. Enter 143 as the Checked Port and click Set Check Port.
  2. Add any Real Servers as needed.
4.6.7.4Configuring a Virtual Service for IMAPS

To configure a Virtual Service for IMAPS, follow the steps below.

  1. In the main menu, select Virtual Services > Add New.

Figure 4‑109: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 993 as the Port.
  3. Enter a recognizable Service Name, for example Exchange 2010 IMAPS.
  4. Click Add this Virtual Service.
  5. Expand the Standard Options section.

Figure 4‑110: Standard Options

  1. Remove the tick from the Transparency check box.
  2. Select IMAP4 as the Server Initiating Protocols.
  3. Enter 3600 in the Idle Connection Timeout text box and click Set Idle Timeout.
  4. Expand the Real Servers section.

Figure 4‑111: Real Servers section

  1. Enter 993 as the Checked Port and click Set Check Port.
  2. Add any Real Servers as needed.

4.6.8Post Office Protocol (POP3)

4.6.8.1Configuring a Virtual Service for POP3 (with SSL Offload)

In general, SSL offloading for POP3 represents a trade-off. When servers are running at near capacity, offloading SSL can allow you to accommodate additional traffic with a given set of servers, at a cost of some diminished security checks. When using SSL offload with POP3, follow the recommendations set by Microsoft. KEMP Technologies understands the recommendations to be; Disable Secure Login as the Authentication method by following the instructions at: http://technet.microsoft.com/en-us/library/bb676455.aspx.

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑112: Virtual Service Parameters

  1. Enter a valid Virtual Address.
  2. Enter 995 as the Port.
  3. Enter a recognizable Service Name, for example Exchange 2010 POPS Offloaded.
  4. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the SSL Properties section.

Figure 4‑113: SSL Properties section

  1. Select the Enabled check box. By default, a self-signed certificate is used. Click OK when a message displays indicating that there is no SSL certificate currently available.
  1. Optional: You can export the appropriate certificate and key from Exchange 2010 using the Microsoft export information found at http://technet.microsoft.com/en-us/library/bb310778.aspx. Ensure to export the certificate and private key as a Personal Information File (PFX). An SSL certificate can be obtained from any certificate authority. When prompted by a third party certificate authority to specify a server type, indicate “Apache”. The format of Apache server type certificates is recognized by the LoadMaster.
  2. Optional:Import the appropriate PFX certificate and key file into the LoadMaster. For instructions on how to do this, refer to Section 4.6.10.
  3. Expand the Standard Options section.

Figure 4‑114: Standard Options

  1. Remove the tick from the Transparency check box.
  2. Select POP3 as the Server Initiating Protocols.
  3. Enter 3600 as the Idle Connection Timeout and click Set Idle Timeout.
  4. Expand the Real Servers section.

Figure 4‑115: Real Servers section

  1. For Real Server Check ParametersselectMailbox (POP3) Protocol from the drop-down list provided.
  2. Enter 110 as the Checked Port and click Set Check Port.
  3. Click the Add New… button.

Figure 4‑116: Real Server Parameters

  1. Enter the Real Server Address.
  2. Click Add This Real Server.
  3. Click OKin response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers that have been added, select the Virtual Services > View/Modify Services option from the main menu of the LoadMaster WUI.

4.6.8.2Configuring a Virtual Service for POP (without SSL Offload)

To configure a Virtual Service for POP3, without SSL offload, follow the steps bellow:

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑117: Virtual Service Parameters

  1. Enter the Virtual Address.
  2. Enter 110 as the Port.
  3. Enter a recognizable Service Name, for example CAS-POP3-WOSSL.
  4. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the Standard Options section.

Figure 4‑118: Standard Options section

  1. Ensure the Force L4 check box is clear.
  2. Ensure the Transparencycheck box is clear.
  3. Enter 3600 in the Idle Connection Timeout text box and click Set Idle Timeout.
  4. Expand the Real Servers section.

Figure 4‑119: Real Servers section

  1. Enter 110 in the Checked Port text box and click Set Check Port.
  2. Click the Add New… button.

Figure 4‑120: Real Server Parameters

  1. Enter the Real Server Address.
  2. Enter 110 as the Port.
  3. Click Add This Real Server.
  4. Click OK in response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers, select Virtual Services > View/Modify Services from the main menu of the LoadMaster WUI.

4.6.8.3Configuring a Virtual Service for POP with STARTTLS

To configure a Virtual Service for POP with STARTTLS, follow the steps below:

  1. Select Virtual Services > Add New.

Figure 4‑121: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 110 as the Port.
  3. Enter a recognizable Service Name, for example Exchange 2010 POP with STARTTLS.

Figure 4‑122: Basic Properties

  1. Select STARTTLS protocols as the Service Type.
  2. Expand the Standard Options section.

Figure 4‑123: Standard Options

  1. Remove the tick from the Transparency check box.
  2. Enter 3600 in the Idle Connection Timeout text box and click Set Idle Timeout.
  3. Expand the Real Servers section.

Figure 4‑124: Real Servers

  1. Enter 110 as the Checked Port and click Set Check Port.
  2. Add any Real Servers as needed.
4.6.8.4Configuring a Virtual Service for POPS

To configure a Virtual Service for POPS, follow the steps below:

  1. In the main menu, select Virtual Services > Add New.

Figure 4‑125: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 995 as the Port.
  3. Enter a recognizable Service Name, for example Exchange 2010 POPS.
  4. Click Add this Virtual Service.
  5. Expand the Standard Options section.

Figure 4‑126: Standard Options

  1. Remove the tick from the Transparency check box.
  2. Select POP3 as the Server Initiating Protocols.
  3. Enter 3600 as the Idle Connection Timeout and click Set Idle Timeout.
  4. Expand the Real Servers section.

Figure 4‑127: Real Servers

  1. Enter 995 as the Checked Port and click Set Check Port.
  2. Add any Real Servers as needed.

4.6.9Simple Mail Transfer Protocol (SMTP)

4.6.9.1Edge Transport Servers - Configuring KEMP LoadMaster for SMTP

In Microsoft Server 2010, the Edge Transport server role is deployed in an organization's perimeter network. Designed to minimize the attack surface, the Edge Transport server handles all Internet-facing mail flow, which provides SMTP relay and smart host services for the organization. Additional layers of message protection and security are provided by a series of agents that run on the Edge Transport server and act on messages as they are processed by the message transport components. These agents support the features that provide protection against viruses and spam and apply transport rules to control message flow.

The computer that has the Edge Transport server role installed does not have access to Active Directory. All configuration and recipient information is stored in Active Directory Lightweight Directory Services (AD LDS). To perform recipient lookup tasks, the Edge Transport server requires data that resides in Active Directory. This data is synchronized to the Edge Transport server using EdgeSync.

EdgeSync is a collection of processes that are run on a computer that has the Hub Transport server role installed to establish one-way replication of recipient and configuration information from Active Directory to the AD LDS instance on an Edge Transport server. The Microsoft EdgeSync service copies only the information that's required for the Edge Transport server to perform anti-spam configuration tasks and the information about the connector configuration that's required to enable end-to-end mail flow. The Microsoft EdgeSync service performs scheduled updates so that the information in AD LDS remains current.

You can install more than one Edge Transport server in the perimeter network. Deploying more than one Edge Transport server provides redundancy and failover capabilities for your inbound message flow. You can load-balance SMTP traffic to your organization between Edge Transport servers by defining more than one mail exchange (MX) resource record with the same priority in the Domain Name System (DNS) database for your mail domain. You can achieve consistency in configuration between multiple Edge Transport servers by using cloned configuration scripts.

If you need geographical load balancing support, please contact the KEMP Technologies, Inc. sales team at http://www.kemptechnologies.com.

4.6.9.2Configuring a Virtual Service for SMTPS (with SSL Offload but without ESP)

To configure a Virtual Service for SMTP, with SSL offload, follow the steps below:

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑128: Virtual Service Parameters

  1. Enter a valid Virtual Address.
  2. Enter 587 as the Port.
  3. Enter a recognizable Service Name, for example Exchange 2010 SMTPS Offloaded.
  4. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the SSL Properties section.

Figure 4‑129: SSL Properties

  1. Select the Enabled check box. By default, a self-signed certificate is used. Click OK when a message displays indicating that there is no SSL certificate currently available.
  2. Optional: If you have not already done so, export the appropriate certificate and key from Exchange 2010 using the Microsoft export information found at http://technet.microsoft.com/en-us/library/bb310778.aspx. Ensure you export the certificate and private key as a Personal Information File (PFX). An SSL certificate can be obtained from any certificate authority. When prompted by a third party certificate authority to specify a server type, indicate “Apache”. The format of Apache server type certificates is recognized by the LoadMaster.
  3. Optional:Import the appropriate PFX certificate and key file into the LoadMaster. For instructions on how to do this, refer to Section 4.6.10.
  4. Expand the Standard Options section.

Figure 4‑130: Standard Options section

  1. Remove the tick from the Transparencycheck box.
  2. Select SMTP from the Server Initiating Protocols drop-down list.
  3. Select Source IP Address as the Persistence Mode.
  4. Select 1 Hour as the Timeout value.
  5. Enter 120 as the Idle Connection Timeout and click Set Idle Timeout.
  6. Expand the Real Servers section.

Figure 4‑131: Real Servers section

  1. SelectMail (SMTP) Protocol from the drop-down list provided.
  2. Enter 25 as the Checked Port and click Set Check Port.
  3. Click the Add New… button.

Figure 4‑132: Real Server parameters

  1. Enter the Real Server Address.
  2. Enter25 as the Port.
  3. Click Add This Real Server.
  4. Click OKin response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers that have been added, select Virtual Services > View/Modify Services in the main menu of the LoadMaster WUI.

4.6.9.3Configuring a Virtual Service for SMTP (with ESP)

To configure a Virtual Service for SMTP, with ESP enabled, follow the steps below in the LoadMaster WUI:

  1. In the main menu, select Virtual Services > Add New.

Figure 4‑133: Virtual Service

  1. Enter a valid IP address in the Virtual Address text box.
  2. Enter 25 as the Port.
  3. Enter a recognizable Service Name, for example Exchange 2010 SMTP with ESP.
  4. Click Add this Virtual Service.
  5. Expand the Standard Options section.
  6. Remove the tick from the Transparency check box.
  7. Select Source IP Address as the Persistence Mode.
  8. Set the Timeout value to 1 Hour.
  9. Enter 120 in the Idle Connection Timeout text box and click Set Idle Timeout.

Figure 4‑134: Standard Options

  1. Expand the ESP Options section.

Figure 4‑135: ESP Options

  1. Select Enable ESP.
  2. Enter any Permitted Domains and click Set Permitted Domains.

Figure 4‑136: Real Servers section

  1. Expand the Real Servers section.
  2. Enter 25 as the Checked Port and click Set Check Port.
  3. Add any Real Servers as needed.
4.6.9.4Configuring a Virtual Service for SMTP (without SSL Offload)

To configure a Virtual Service for SMTP, without SSL offload, follow the steps below:

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  1. Select Add New.

Figure 4‑137: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 25 as the Port.
  3. Enter a recognizable Service Name, for example Exchange 2010 SMTP.
  4. Select tcp as the Protocol.

The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.

  1. Click Add this Virtual Service.
  2. Expand the Standard Options section.

Figure 4‑138: Standard Options section

  1. Ensure the Force L4 check box is clear.
  2. Ensure the Transparencycheck box is clear.
  3. Select SMTP from the Server Initiating Protocols drop-down list.
  4. Select Source IP Address as the Persistence Mode.
  5. Select 1 Hour as the Timeout value.
  6. Enter 120 as the Idle Connection Timeout and click Set Idle Timeout.
  7. Expand the Real Servers section.

Figure 4‑139: Real Servers section

  1. For Real Server Check ParametersselectMail (SMTP) Protocol.
  2. Enter 25 as the Checked Port and click Set Check Port.
  3. Click the Add New… button.

Figure 4‑140: Real Server parameters

  1. Enter the Real Server Address.
  2. Enter25 as the Port.
  3. Click Add This Real Server.
  4. Click OKin response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers that have been added, select Virtual Services > View/Modify Services in the LoadMaster WUI.

4.6.9.5Configuring a Virtual Service for SMTP (with STARTTLS)

To configure a Virtual Service for SMTP with STARTTLS, follow the steps below:

  1. In the main menu of the LoadMaster WUI, select Virtual Services > Add New.

Figure 4‑141: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 25 as the Port.
  3. Enter a recognizable name in the Service Name text box, for example Exchange 2010 SMTP with STARTTLS.
  4. Click Add this Virtual Service.

Figure 4‑142: Basic Properties

  1. Select STARTTLS protocols as the Service Type.
  2. Expand the Standard Options section.

Figure 4‑143: Standard Options

  1. Remove the tick from the Transparency check box.
  2. Select Source IP Address as the Persistence Mode.
  3. Select 1 Hour as the Timeout value.
  4. Enter 120 in the Idle Connection Timeout text box and click Set Idle Timeout.
  5. Expand the Real Servers section.

Figure 4‑144: Real Servers section

  1. Enter 25 as the Checked Port and click Set Check Port.
  2. Add any Real Servers as needed.
4.6.9.6Configuring a Virtual Service for SMTPS

To configure a Virtual Service for SMTPS, follow the steps below:

  1. In the main menu of the LoadMaster WUI, select Virtual Services > Add New.

Figure 4‑145: Virtual Service parameters

  1. Enter a valid Virtual Address.
  2. Enter 587 as the Port.
  3. Enter a recognizable Service Name, for example Exchange 2010 SMTPS.
  4. Click Add this Virtual Service.
  5. Expand the Standard Options section.

Figure 4‑146: Standard Options

  1. Remove the tick from the Transparency check box.
  2. Select SMTP as the Server Initiating Protocols.
  3. Select Source IP Address as the Persistence Mode.
  4. Select 1 Hour as the Timeout value.
  5. Enter 120 as the Idle Connection Timeout and click Set Idle Timeout.
  6. Enter 587 as the Checked Port and click Set Check Port.
  7. Add any Real Servers as needed.

4.6.10Importing and Assigning an SSL Certificate

To import an SSL certificate from within the Virtual Services modify screen, in the SSL Properties section;

Figure 4‑147: SSL Properties

  1. Click the Manage Certificates button.
  1. Click the Import Certificate button.

Figure 4‑148: Choose File

  1. Click the Choose File button next to Certificate File.
  2. Locate and open the PFX file.
  3. Import a Key File if needed.
  4. Enter the Pass Phrase.
  5. Enter a name in the Certificate Identifier text box.
  6. Click the Save button.

Figure 4‑149: Select the Virtual Service

  1. Select the relevant Virtual Service(s) on the left.

Figure 4‑150: Assign the Virtual Service

  1. Click the right arrow to assign the certificate to the Virtual Service.
  2. Click Save Changes.

You are brought back to the Virtual Service modify screen.

For more information about certificates, refer to the SSL Accelerated Services, Feature Description.

5Exchange 2010 Site Resiliency and KEMP GEO LoadMaster

The term “site resiliency” refers to the recovery process used to activate an alternate or standby datacenter when the primary datacenter is no longer able to provide a sufficient level of service to meet the needs of the organization.

The term includes the process of re-activating a primary datacenter that has been recovered, restored or recreated. You can configure your messaging solution to enable site resilience using the KEMP GEO LoadMaster in conjunction with the built-in features and functionality in Exchange 2010.

5.1Exchange 2010 Data Center Failover

To better understand the concept of site resiliency, it's helpful to understand the basic operation of an Exchange 2010 data center failover.

  1. Typically a site-resilient deployment will contain a stretched Database Availability Group (DAG), that is, a DAG that has members in both data centers. Within a stretched DAG, the majority of the DAG members should be located in the primary data center or, when each data center has the same number of members, the primary data center hosts the witness server. This design guarantees that service will provided in the primary data center, as it will have ‘quorum’, even if network connectivity between the two data centers fails.

However, it also means that when the primary data center fails the quorum is lost for the members in the second data center.

  1. From the point-of-view of site resiliency, the GEO LoadMaster provides automatic site failover options for disaster recovery.

The GEO LoadMaster also offers DNS load balancing for all active data centers. The GEO LoadMaster can be deployed in a distributed (Active/Active) high availability configuration, with both GEO LoadMaster appliances securely synchronizing information.

Introducing GEO LoadMaster in your existing Authoritative Domain Name Services (DNS) requires minimal integration work and risk, allowing you to fully leverage your existing DNS investment.

  1. The LoadMaster server load balancers located within the datacenter provide highly-available, high-performance load balancing functionality within the individual datacenters. They can also provide a single point for consolidated health checking and provide the GEO LoadMaster with real-time health check information for the datacenter.

Figure 5‑1: Exchange Site Resiliency

With the configuration as described in Figure 51, when a data center fails, a second data center can be rapidly activated to serve the failed data center's clients. However, a data center or site failure is managed differently from the types of failures that can cause a server or database failover. In a high availability configuration, automatic recovery is initiated by the system, and the failure typically leaves the messaging system in a fully functional state. By contrast, a data center failure is considered to be a disaster recovery event. For recovery to occur, a combination of automatic and manual steps must be performed and completed for the client service to be restored, and for the outage to end. The process followed is referred to as a data center failover.

When a data center or site failure occurs, a number of automatic and manual steps occur. The GEO LoadMaster detects the site failure and automatically switches all traffic from the servers in the failed data center, with the exception of the Mailbox servers, to the servers in the second data center.

Because implementing a data center failover is not a trivial event, it can be useful to avoid such a failover for only transient failures of the primary data center. Upon detection of a site failure, the GEO LoadMaster can be configured to delay initiating the site failover for an administratively-specified period of time. If after the delay the site has recovered, the failover is not initiated. If the site has not recovered, the failover is initiated as per normal. This option ensures that site failovers do not occur because of temporary issues within a site.

The Exchange deployment administrators must now perform a number of steps to complete the data center failover:

  1. Terminate services within the failed data center. All Mailbox and Unified Messaging services still running within the failed data center must be terminated.
  2. Validate the health of the second data center. The health of the second data center must be determined to ensure that it is capable of providing adequate service.
  3. Activate the Mailbox servers. This involves a process of marking the failed servers from the primary data center as unavailable followed by activation of the servers in the secondary data center.

How Step 3 is managed depends on whether the DAG is in Database Activation Coordination (DAC) mode or not. If it is, activating the Mailbox servers can be completed using Exchange site resilience cmdlets. If not, the Windows Failover Cluster tools must be used.

The Failure Delay option can also be useful to ensure that the Exchange deployment administrators have sufficient time to perform the required manual steps as described below. This enables the mailboxes to be correctly configured before the clients begin to attempt access to the secondary data center.

As can be seen from the previous description, a data center failover is not a fully automated process and may take some time to complete. If the failed data center recovers then issues may arise if an attempt to restore services to the recovered data center is initiated (a failback) before the initial failover process is complete and/or until the recovered data center is deemed to be healthy and the mailbox databases are ready for use. It's important that a failback not be performed until the infrastructure dependencies for Exchange have been reactivated, are functioning and stable, and have been validated. If these dependencies are not available or healthy, it's likely that the failback process will cause a longer than necessary outage, and it is possible the process could fail altogether.

To ensure that this cannot occur, the GEO LoadMaster can be configured to administratively disable the failed data center upon the initiation of a failover. This ensures that, even if the failed data center recovers, administrator intervention is required before the data center is available for a failback to occur.

For further information on how to configure the GEO LoadMaster to provide Exchange 2010 site resiliency, please refer to the GEO LoadMaster documentation.

For further information on how to configure Exchange 2010 site resiliency, please refer to Exchange 2010 documentation.

Appendix A: Connection Scaling For Large Scale Deployments

Execution of this procedure is optional and should be used only in cases where network traffic is expected to be greater than 64,000 server connections at any one particular time.

You must disable L7 Transparency to use connection scaling.

To use connection scaling, follow the steps below:

  1. In the main menu of the LoadMaster WUI, select System Configuration.
  2. Select Miscellaneous Options.
  1. Select L7 Configuration.

Figure 0‑1: Allow connection scaling

  1. Select the Allow connection scaling over 64K Connections check box.
  2. In the main menu of the LoadMaster WUI, select Virtual Services.
  3. Select View/Modify Services.
  4. Click the Modify button of the appropriate Virtual Service.
  5. Expand the Advanced Properties section.
  6. Enter a list of Alternate Source Addresses.

Multiple IPV4 addresses must be separated with a space, each must be unallocated and allow 64K connections.

  1. Click the Set Alternate Source Addresses button.

Appendix B: Persistence Methods Supported by Each CAS Service

 

Workload

Preferred Persistence Method

HTTP-Based Workloads

Outlook Web App (OWA)

1. Super HTTP2. Source IP

Exchange Control Panel (ECP)

1. Super HTTP2. Source IP

Exchange ActiveSync (EAS)

1. Super HTTP2. Source IP

Exchange Web Services (EWS)

1. Super HTTP2. Source IP

Outlook Anywhere (OA)

1. Super HTTP2. Source IP

Autodiscover Service (AS)

No affinity/persistence

TCP Socket Oriented Workloads

RPC Client Access Service (RPC CA)

1. Source IP

RPC Endpoint Mapper

1. Source IP

Post Office Protocol version 3 (POP3)

No affinity/persistence

Internet Message Access Protocol version 4 (IMAP4)

No affinity/persistence

Simple Mail Transfer Protocol (SMTP)

Source IP

Appendix C: Configuration Table

The following table indicates which values to use when configuring your LoadMaster for Exchange 2010.

Service

Port

Protocol

Server Init

Persist Mode

Persist Timeout

Scheduler

Idle

SSL

Rewrite

Checker

Checker port/URL

HTTPS offloaded

443

TCP

None

Super

1 Hour

Round Robin

900

Y

None

HTTP

80 /owa

HTTPS

443

TCP

None

Source

1 Hour

Round Robin

900

N

 

HTTPS

443 /owa

SMTP

25

TCP

SMTP

Source

1 Hour

Round Robin

120

N

 

SMTP

25

MAPI

*

TCP

Other

Source

1 Hour

Round Robin

86400

N

 

TCP

135

HTTPS AS offloaded

443

TCP

None

None

 

Round Robin

900

Y

None

HTTP

80 /autodiscover/autodiscover.xml

HTTPS AS

443

TCP

None

None

 

Round Robin

900

N

 

HTTPS

443 /autodiscover/autodiscover.xml

HTTPS EAS offloaded

443

TCP

None

Super or Source

1 Hour

Round Robin

900

Y

None

HTTP

80 /Microsoft-Server-Activesync

HTTPS EAS

443

TCP

None

Source

1 Hour

Round Robin

900

N

 

HTTPS

443 /Microsoft-Server-Activesync

HTTPS ECP offloaded

443

TCP

None

Super or Source

1 Hour

Round Robin

900

Y

None

HTTP

80 /ecp

HTTPS ECP

443

TCP

None

Source

1 Hour

Round Robin

900

N

 

HTTPS

443 /ecp

HTTPS EWS offloaded

443

TCP

None

Super

1 Hour

Round Robin

900

Y

None

HTTP

80 /ews/exchange.asmx

HTTPS EWS

443

TCP

None

Source

1 Hour

Round Robin

900

N

 

HTTPS

443 /ews/exchange.asmx

HTTPS OA offloaded

443

TCP

None

Super or Source

1 Hour

Round Robin

900

Y

None

HTTP

80 /rpc/rpcproxy.dll

HTTPS OA

443

TCP

None

Source

1 Hour

Round Robin

900

N

 

HTTPS

443 /rpc/rpcproxy.dll

HTTPS OWA offloaded

443

TCP

None

Super or Source

1 Hour

Round Robin

900

Y

None

HTTP

80 /owa

HTTPS OWA

443

TCP

None

Source

1 Hour

Round Robin

900

N

 

HTTPS

443 /owa

IMAP

143

TCP

IMAP4

None

 

Round Robin

3600

N

 

IMAP

143

IMAP with STARTTLS

143

STARTTLS

 

None

 

Round Robin

3600

Y

 

IMAP

143

IMAPS

993

TCP

IMAP4

None

 

Round Robin

3600

N

 

TCP

993

IMAPS Offloaded

993

TCP

IMAP4

 

None

 

Round Robin

3600

Y

 

IMAP

143

POP

110

TCP

POP3

None

 

Round Robin

3600

N

 

POP3

110

POP with STARTTLS

110

STARTTLS

POP3

None

 

Round Robin

3600

Y

 

POP3

110

POPS

995

TCP

POP3

None

 

Round Robin

3600

N

 

TCP

995

POPS Offloaded

995

TCP

POP3

None

 

Round Robin

3600

Y

 

POP3

110

SMTP

25

TCP

SMTP

Source IP

1 Hour

Round Robin

120

N

 

SMTP

25

SMTP with STARTTLS

25

STARTTLS

 

Source IP

1 Hour

Round Robin

120

Y

 

SMTP

25

SMTPS

587

TCP

SMTP

Source IP

1 Hour

Round Robin

120

N

 

TCP

587

SMTP Offloaded

587

 

TCP

SMTP

Source IP

1 Hour

Round Robin

120

Y

 

SMTP

587

The high number port is for use with SSL; however, Health Checking is unencrypted. In this configuration regular TCP Health Checking should be used.

Glossary

The following table lists the meanings of acronyms used throughout this manual.

Acronym

Meaning

AD LDS

Active Directory Lightweight Directory Services

AutoD

AutoDiscover

CAS

Client Access Server

DNS

Domain Name System

EAS

ActiveSync

ECP

Exchange Control Panel

EWS

Exchange Web Services

FQDN

Fully Qualified Domain Name

IMAP4

Internet Message Access Protocol

MAPI

Messaging Application Program Interface

MX

Mail

NAT

Network Address Translation

OA

Outlook Anywhere. Previously known as RPC over HTTP.

OAB

Offline Address Book

OWA

Outlook Web App. Previously known as Outlook Web Access.

PFX

Personal Information File

POP3

Post Office Protocol

RPC

RPC Client Access Service. A windows proxy service component.

SLB

Server Load Balancer

SMTP

Simple Mail Transfer Protocol

SSL

Secure Socket Layer

TCP

Transmission Control Protocol

VIP

Virtual IP

VS

Virtual Service

WNLB

Windows Network Server Load Balancing

     

References

Unless otherwise specified, the below documents can be found at:

http://www.kemptechnologies.com/documentation

SSL Accelerated Services, Feature Description Web User Interface (WUI), Configuration Guide Content Rules, Feature Description Virtual Services and Templates, Feature Description

Document History

Date

Change

Reason for Change

Ver.

Resp.

Sep 2014

Updates made

Updates to settings

2.10

LB

Oct 2014

Minor update

Defect fixed

2.11

LB

Nov 2014

Minor update

Defect fixed

2.12

LB

Oct 2015

Screenshot updates

LoadMaster WUI reskin

4.0

KG

Dec 2015

Release updates

Updates for 7.1-32

5.0

LB

Jan 2016

Minor update

Updated

6.0

LB

Mar 2016

Minor update

Enhancements made

7.0

LB

July 2016

Release updates

Updates for 7.1.35

8.0

LB

Oct 2016

Release updates

Updates for 7.2.36

9.0

POC

Jan 2017

Minor update

Enhancements made

10.0

LB

Was this article helpful?

0 out of 0 found this helpful

Comments