1.2.5. Global Server Load Balancing
Global
server load balancing (GSLB), or wide-area load balancing, is a more
sophisticated version of DNS round robin available from some hardware
load balancer vendors. This solution is typically deployed as a
hardware device or even as a feature of a hardware load balancer. This
type of load balancing uses DNS to load-balance client connectivity
between sites based on a number of factors such as location of the
client, response time of the servers, availability of the servers,
custom weights, and more. GSLB
is typically used in multiple site configurations to provide load
balancing between sites. To provide full site redundancy the GSLB
device should be located outside of either of the load-balanced sites
or deployed in multiple sites. One way to use the GSLB is to
load-balance Autodiscover to ensure that it is available even during a
single site outage. In Figure 1,
Autodiscover.constoso.com is set up for GSLB—all traffic will be sent
to the IP address for the Denver Autodiscover service. In the event of
a failure of Denver, the GSLB device can send all traffic for
Autodiscover.contoso.com to the second site.
The GSLB device will
accept DNS requests from the client and then return the appropriate IP
address based on the rules defined. The TTL for the returned IP address
is set low to ensure that changes are received by the client as quickly
as possible. As with DNS round robin, because GSLB relies on DNS client
resolution, its functionality is limited when the client DNS resolution
is uncontrolled.
1.2.6. Load Balancing Summary
As you can see, you have a variety of solutions to choose from, depending on business requirements and budget. Table 1 combines affinity, load balancing, and other considerations when choosing a solution for load balancing.
Table 1. Load Balancer Comparison
TYPE | COST | SCALE | AFFINITY | BENEFITS | DRAWBACKS |
---|
Hardware Load Balancing | High | High | All Types | | |
Application (Intelligent) Firewall | Medium | Medium | Source IP Cookie | SSL Bridging Enhanced Security AD Authentication Service Health Checking
| |
Software Load Balancing | Low | Low | Source IP | Inexpensive Easy to configure
| |
DNS Round Robin | Low | Low | Random | | Manual failover Unpredictable traffic Long failover time
|
Table 2 summarizes the configuration needed to support all of the Client
Access Server protocols. If the load balancer is used to terminate the
SSL certificates, the traffic between the load balancer and the Client
Access server will be unencrypted; thus, the unencrypted port is used.
Each of the services can be provided with separate load-balanced IP
addresses to apply different load-balancing policies to each.
Table 2. Load-Balancing Client Access Services
CLIENT ACCESS SERVICE | PROTOCOL | TCP PORT(S) | NOTES |
---|
Exchange ActiveSync | HTTP | 80/443 | Persistence: Source IP |
IMAP4 | IMAP4 | 143/993 |
|
Outlook Anywhere | HTTP | 80/443 | Persistence: Source IP |
Outlook Web App | HTTP | 80/443 | Persistence: Cookie or Source IP |
POP3 | POP3 | 110/994 |
|
RPC Client Access | RPC | RPC Ports | Persistence: Source IP |
By default the Outlook
client will make a connection to the RPC Endpoint Mapping Service on
TCP/IP port 135 on the server to negotiate a dynamic RPC port above TCP
1024 for usage. If no firewalls or load balancers are between the
clients and servers this is usually not an issue. You can reduce the
number ports that need to be load balanced by modifying the Client Access servers to scope down the ports that are required. You must make three modifications:
Modify the registry to statically set the MAPI TCP/IP port on all of the Client Access servers.
Open the Registry editor and then select HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeRpc\ParametersSystem.
Add a DWORD named TCP/IP Port.
Set the value of TCP/IP port to selected port number.
Close the Registry editor.
Modify X:\Program Files\Microsoft\Exchange Server\V14\Bin Microsoft.Exchange.Addressbook.Service.exe.config file to statically assign the Address Book (NSPI) and Referral Service (RFR) TCP/IP port on all of the Client Access servers.
Open X:\Program Files\Microsoft\Exchange Server\V14\Bin Microsoft.Exchange.Addressbook.Service.exe.config in Notepad or another text editor.
In the <appSettings> section locate the line that has <add key="RpcTcpPort" value="0" /> and then change the 0 to the selected TCP/IP port.
Save the file and close Notepad.
Restart the Client Access server.
Modify the registry to statically set the MAPI TCP/IP port on all of the Mailbox servers hosting public folders.
Open the Registry editor and then select HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeRPC\ParametersSystem.
Add a DWORD named TCP/IP Port.
Set the value of TCP/IP port to selected port.
Close the Registry editor.
Restart the Mailbox server.
After the load balancer is
configured, certificates need to be applied and the internal and
external URLs need to be set on each of the Client Access servers.