Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op...
Transcript of Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op...
![Page 1: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/1.jpg)
Load Balancing Lync 2013
Jaap Wesselius
![Page 2: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/2.jpg)
Agenda
• Introductie
• Interne Load Balancing
• Externe Load Balancing
• Reverse Proxy
• Samenvatting & Best Practices
![Page 3: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/3.jpg)
Introductie
![Page 4: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/4.jpg)
Load Balancing Lync 2013
• Waarom Load Balancing?
• Wat zijn belangrijke items bij load balancing?
• VIP & Real Server• Extern adres vs Intern adres
• Affinity of Persistence• Source IP, Cookie
• Scheduling• Round Robin, Least Connections
![Page 5: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/5.jpg)
Load Balancing Lync 2013
• Welke workload wil je op de load balancer?• Server to server verkeer?
• Dat is ‘topology aware’ dus geen load balancer nodig
• Client to server verkeer?• DNS load balancing voor front-end verkeer (SIP)
• DNS load balancing voor Edge verkeer (SIP)
• DNS load balancing werkt NIET voor web services
• Port translation nodig voor extern web verkeer
![Page 6: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/6.jpg)
Load Balancing Lync 2013
ROLE HIGH AVAILABILITY LOAD BALANCER
DNS LOAD BALANCING
Standard Edition Server Not Available N/A N/AEnterprise Edition Server Deploy Multiple Servers in a Pool and use Load
BalancingYes Yes
Back End Server SQL Server uses Windows Clustering for High Availability
No No
A/V Conferencing Server Deploy Multiple Servers in a Pool and Use Load Balancing
N/A N/A
Edge Server Deploy Multiple Servers in a Pool and Use Load Balancing
Yes Yes
Mediation Server Deploy Multiple Servers in a Pool and Use Load Balancing
Yes Yes
Monitoring Standby Server (MSMQ on the Front-End queues messages in the event of the failure)
No No
Archiving Standby Server (MSMQ on the Front-End queues messages in the event of the failure)
No No
Director Deploy Multiple Servers in a Pool and Use Load Balancing
Yes Yes
File Server Use Windows Clustering or Distributed File System No No
![Page 7: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/7.jpg)
Interne Load Balancing
![Page 8: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/8.jpg)
Lync 2013 Front-End & Director Pool
Lync 2013 Mobile Client
Windows 8 Lync App
Lync 2013 Desktop client
Load Balancer
Internet DMZ Internal Network
Active Directory
Lync 2013 Mobile Client Lync 2013 Desktop client
Lync Front-End Pool
Mirrored Back-End Servers
Office Web Apps Server
Load Balancer
Lync Edge Pool
Reverse Proxy
![Page 9: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/9.jpg)
Lync 2013 Front-End & Director Pool
• Microsoft aanbevelingen:• DNS load balancing voor SIP verkeer
• Web services override FQDN voor interne web services
• Load balancen TCP poorten 80, 8080, 443 en 4443
• Tevens TCP poort 444 bij gebruik Director Pool
![Page 10: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/10.jpg)
Lync 2013 Front-End & Director Pool
• Source IP persistence kan worden gebruikt maar erzijn wat beperkingen:
• Achter NAT 1 enkel source IP
• Onevenredige distributie van connecties
• Health check op TCP/5061 or gebruik van hardware load balancer monitoring port (vinkje in Topology Builder)
• Eventueel /meet/blank.htm ipv TCP/5061 om tebepalen of IIS goed werkt
![Page 11: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/11.jpg)
Lync 2013 Front-End & Director Pool
• Gebruik van cookie is ook mogelijk:• Moet MS-WSMAN heten
• Geen ‘expiration’
• Niet ‘httpOnly’
• Geen gebruik cookie optimalisatie
• Er is geen negatieve impact bij gebruik cookie
• TCP sessie time-out: 20 minuten
• TCP idle time-out: 1800 seconden
![Page 12: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/12.jpg)
Lync 2013 Front-End & Director Pool
• Zonder DNS RR, dus een load balancer only omgeving:• Load balance de volgende TCP poorten
• 5061, 444, 135, 80, 8080, 443, 4443, 448, 5070-5073, 5075, 5076, 5080
• Aantal poorten neemt aanzienlijk toe ivm SIP verkeerwat door LB gaat
• Meer info op http://bit.ly/LyncPorts
![Page 13: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/13.jpg)
Lync 2013 Mediaton pool
• DNS load balancing is voldoende
• Bij gebruik load balancer, alleen TCP poorten 5067, 5068 en 5070 door de load balancer
![Page 14: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/14.jpg)
Externe Load Balancing
![Page 15: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/15.jpg)
Load balancing Edge Pool
Lync 2013 Mobile Client
Windows 8 Lync App
Lync 2013 Desktop client
Load Balancer
Internet DMZ Internal Network
Active Directory
Lync 2013 Mobile Client Lync 2013 Desktop client
Lync Front-End Pool
Mirrored Back-End Servers
Office Web Apps Server
Load Balancer
Lync Edge Pool
Reverse Proxy
![Page 16: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/16.jpg)
DNS load balancing Edge Pools
• DNS is beperkt bruikbaar ivm verlies bij fail-over• Federation met oudere OCS omgeving
• PIM connectivity met Skype, Windows Live, AOL, Yahoo and XMPP partners
• UM Play on Phone
• Call transfer van UM Auto Attendant
![Page 17: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/17.jpg)
(Hardware) Load balancer Edge Pool
• Externe interfaces• Access Edge Interface
• SIP (Externe client): TCP/443• SIP (Federation): TCP/5061• XMPP: TCP/5269
• Web Conferencing Interface• Source NAT kan gebruikt worden• PSOM: TCP/443
• AV Edge Interface• NAT kan *niet* gebruikt worden• STUN/MSTURN: TCP/443• STUN/MSTRUN: UDP/3478
![Page 18: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/18.jpg)
(hardware) Load balancer Edge Pool
• Externe Interfaces:• Gebruik Access VIP als default gateway op alle Edge
Interfaces
• AV Edge Interface:• Disable TCP nagling voor TCP/443 voor alle interface
• Disable TCP nagling voor poorten 50000-59999
• Gebruik publiek routeerbaar IP zonder NAT of port translation
![Page 19: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/19.jpg)
(hardware) Load balancer Edge Pool
• Interne Interfaces• Access SIP: TCP/5061
• Gebruikt door Director & Front-End
• AV authentication SIP: TCP/5062• Gebruikt door Front-End pool & SBA
• AV Media Transfer: UDP/3478• Preferred path voor AV media transfer
• AV Media Transfer: TCP/443• Fallback voor AV Media transfer
• File Sharing
• Desktop Sharing
![Page 20: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/20.jpg)
Reverse Proxy
![Page 21: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/21.jpg)
Reverse Proxy (Web Services)
Lync 2013 Mobile Client
Windows 8 Lync App
Lync 2013 Desktop client
Load Balancer
Internet DMZ Internal Network
Active Directory
Lync 2013 Mobile Client Lync 2013 Desktop client
Lync Front-End Pool
Mirrored Back-End Servers
Office Web Apps Server
Load Balancer
Lync Edge Pool
Reverse Proxy
![Page 22: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/22.jpg)
Reverse Proxy?
• Device tussen servers en clients (vaak in DMZ) die server services publiceert
• Wordt vaak gebruik als ‘load balancing’ device
• Schermt interne servers af voor externe invloeden
• Full reverse proxy Layer 7• SSL acceleration, content inspection, intruder
detection…
![Page 23: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/23.jpg)
Reverse Proxy
• Reverse proxy = 2e VIP op de load balancer
• Load balance op poort 80 en 443
• Publiceert poort 8080 en 4443
• Persistence is niet noodzakelijk
• Pre-authentication niet mogelijk
• Health check op poort 5061 of hardware load balancer port (in Topology Builder)
• of /meet/blank.htm ipv poort 5061
![Page 24: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/24.jpg)
Testen Reverse Proxy
• https://meet.exchangelabs.nl/Reach/Client/WebPages/ReachClient.aspx (Silverlight client!)
• https://dialin.exchangelabs.nl/dialin/conference.aspx
• https://lyncweb.exchangelabs.nl/Scheduler/Default.aspx
![Page 25: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/25.jpg)
Office Web Apps server
• Load balance poort 443
• Reencrypt van verkeer
• SSL Offloading is ook mogelijk
• Source IP voor persistence met 30 minuten time-out
• Healthcheck op /hosting/discovery middelsHTTP/GET
• Web Apps blog: http://bit.ly/13uQqXe
![Page 26: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/26.jpg)
Samenvatting en Best Practices
![Page 27: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/27.jpg)
DNS Load Balancing of Hardware?
HLB Pros HLB Cons DNS LB Pros DNS LB Cons
App Awareness Extra step for server draining
Simpler Server Draining Some 3rd party apps don’t understand DNS LB
Easy to take partially working server offline
Additional setup work required
Less overall complexity Many PBXs can’t talk to pool of DNS LB mediation Servers
Supports all level clients
Adds significantly to deployment (myth)
Minimal LB expertise required
Down level clients don’t support DNS LB
HA for PIC/XMPP and legacy federation
Adds substantial latency (myth)
Over-complicatestroubleshooting (myth)
![Page 28: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/28.jpg)
Best Practices
• Use same load balancing method forinternal/external Edge interfaces
• Don’t leave timeout at default: TCP idle timeoutshould be set to 1800 sec
• Turn off TCP Nagling for AV Edge ports 50k-59,999 and internal/external 443
• Use SNAT for general services, DNAT for AV Edge
• Ensure load balancer and Lync failover scenariosare tested… BEFORE you need it
• Avoid using DSR – not supported
![Page 29: Load Balancing Lync 2013 - · PDF fileLoad Balancing Lync 2013 •Welke workload wil je op de load balancer? •Server to server verkeer? •Dat is ‘topology aware’ dus geen load](https://reader030.fdocuments.net/reader030/viewer/2022021510/5aad9b8f7f8b9a2e088e75ff/html5/thumbnails/29.jpg)
Best Practices
• Create an independent virtual service for each edge service (access/webconf/AV)
• User cookie-based persistence for external Lync web services and source-address persistence for internal Lync web services
• Cookie-based persistence required for Lync Mobility services - Marked http Only, named MS-WSMAN and no expiration
• Always use a HLB if HA for XMPP/PIC/legacy Federation is important
• Edge internal interface must be on different network than Edge external interface with routing between them disabled
• Edge Server External interface running A/V must use routable IP – no NAT/PAT