Array Networks Enables Highly Optimized Microsoft
Exchange Server 2010 Services.
Array Networks has worked closely with
Microsoft to create a joint solution which
accelerates, secures and optimizes the
delivery of Exchange services. This joint
solution enables organizations to gain
the greatest value from their Exchange
investment and to deliver business critical
Exchange services. The Array solution also
addresses the problem of securely accessing
Exchange email from anywhere on any
device.
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Array Networks & Microsoft Exchange Server 2010
1. Array Networks
& Microsoft Exchange Server 2010
At Array Networks, we empower
our customers to deliver better
application services without
compromising simplicity, security or
value.
Our solution with Microsoft
optimizes Exchange services
delivery while maximizing value:
Intelligent load balancing of•
Exchange services.
Secure access to Exchange•
services from any device.
Accelerated performance and•
globally availability.
s o l u t i o n B r ie f
Solution Highlights:
Microsoft® Exchange® Server is the industry
leading messaging platform for businesses
today. With Exchange Server 2010, Microsoft
has extended this platform to enable users
to access e-mail, voice mail and instant
messaging from any device anywhere,
mobile or fixed, using industry standard
protocols.
Microsoft also made a major architecture
change requiring that all user access must
go through Client Access Servers (CAS)
and recommends the use of hardware load
balancers. Application Delivery Controllers
(ADC) with their core load balancing, SSL
offloading and other service optimizing
capabilities, are now an integral component
of any enterprise Exchange deployment.
These ADCs are used to intelligently load
balance and optimize Exchange traffic
across CAS servers for the best local and
global user experience.
Array Networks has worked closely with
Microsoft to create a joint solution which
accelerates, secures and optimizes the
delivery of Exchange services. This joint
solution enables organizations to gain
the greatest value from their Exchange
investment and to deliver business critical
Exchange services. The Array solution also
addresses the problem of securely accessing
Exchange email from anywhere on any
device.
To help customers quickly realize the
benefits of our joint solution, Array has
created a detailed step-by-step deployment
guide which can be downloaded from our
website at: http://www.arraynetworks.com/
exchange-server-2010-qualification.html
Array Networks Enables Highly Optimized Microsoft
Exchange Server 2010 Services
Remote
Users
Remote
Users
Other App
Servers
Client Access
Servers
Edge Transport
Servers
External
Internal
SPX
APV
Users
Global Load
Balancing
Server Load
Balancing
Server Load
Balancing
Improve Exchange User•
Experience
Always-On Exchange Services•
Stop Network Attacks Before It•
Stops Exchange Services
Scale Exchange Services•
Without
Adding Servers
Secure Access Anywhere From•
Any Device
Built for Simplicity, Scale and•
Performance
Better Economics•
Internet
What’s inside:
2. Array Networks and Microsoft Exchange Server 2010
s o l u t i o n B r ie f
Improve Exchange User Experience
• Ensures employees always have access
to Exchange services while in the office,
on-the-go, from hotels, at home or from
remote locations.
• Improve user response time and
experience by intelligently load balancing
requests across Exchange servers, caching
frequently accessed files and compressing
network data.
• Automatically direct external users to
the best global site for Exchange services
by intelligently making use of proximity,
latency, site availability, and performance
statistics.
Always-On Exchange Services
• Local availability of Exchange services so
that a server failure does not interrupt
Exchange services.
• Global availability of Exchange services
so that a site or ISP link failure does not
interrupt Exchange services.
• Automatically checks the health of
Exchange services and directs users to the
best server or site.
Stop DDoS Attacks Before It Stops
Exchange Services
• Improve security by protecting your
Exchange environment from malicious
network and server attacks, e.g. Distributed
Denial of Service (DDoS) attacks, SYN
floods, TCP port scans, UDP floods and
UDP port scans, etc.
• The full reverse proxy core feature of
ADCs helps mitigate Exchange and other
applications vulnerabilities.
Scale Exchange Services Without
Adding Servers
• Intelligently load balances Exchange
traffic and offloads non-core application
tasks such as compute intensive SSL
processing, network connection handling
and compression from application servers
– increasing server utilization and freeing-
up server capacity to do as much as 50%
more.
Universal Secure Access Anywhere
From Any Device
• Enforce security policies at the edge of the
network so only legitimate remote users
can access Exchange and other corporate
services. Security features include access
controls, two factor authentication, device
integrity checks prior to start of the session,
and device cache cleaning at the end of the
session.
Built for Simplicity, Scale and
Performance
• Simplify administration and optimize
performance with these tightly integrated
hardware and software purpose built
appliances. Enables scaling from 10 to tens
of thousands concurrent users on a single
appliance, with the ability to cluster from 2
to 32 appliances for massive scalability.
• Simplify SSL certificate management and
offloading of this function from Exchange
CAS servers.
Better Economics
• Better CapEx and OpEx by reducing server
footprint, software licensing, bandwidth
and energy costs through better utilization
of Exchange servers and by off-loading
compute intensive tasks from servers, e.g.
SSL encryption/decryption, compression,
caching, etc.
Key Solution Benefits
2
Cost-effective,
secure, scalable and
highly available
Exchange 2010
services
3. Array Networks and Microsoft Exchange Server 2010
s o l u t i o n B r ie f
Benefits and Value of Array Networks’ Solution for
Exchange Server 2010
Array Networks solution for Microsoft Exchange Server 2010 enables a cost-effective,
secure, scalable and highly available deployment.
In this section we expand on how IT architects, managers and administrators can provide
the following important benefits to their organizations and end-users.
Improving Exchange User Experience
One of the primary benefits of the Array Networks Solution for Microsoft Exchange Server
2010 is the improvement in both on-site and remote user experience with Exchange
services.
The following are some examples of the built-in features of Array’s Application Delivery
Controllers and how they improve the user experience:
Server Load Balancing - Improve end-user experience by intelligently load
balancing requests across Exchange servers. This helps to intelligent distribute
requests across available resources to deliver the best performance. Several load
balancing methods can be deployed from the simple round robin to more complex
methods which check latency, CPU utilization and more.
User Session Persistence - User session persistence is maintained to ensure that
requests are directed to the same server for the duration of the session. This
ensures a consistent seamless experience especially when users are connecting
remotely using different device types and over networks which may have poor or
inconsistent quality.
Content Caching - Frequently access data is cached in the Array ADC appliance so
requests for the same content are served directly from the cache without incurring
the round trip delay to setup connections and fetch data from back-end servers.
This results in better response times to end-users while reducing the load on both
backend network and servers.
3
Improved end-user
experience by
intelligently load
balancing requests
across Exchange
servers
4. Array Networks and Microsoft Exchange Server 2010
s o l u t i o n B r ie f
Always-On Exchange Services
Always-on Exchange services are critical to the modern organization; any disruption
in Exchange services can significantly impact productivity and slow down the pace of
business. This is especially true for businesses with a globally distributed workforce and
partners where an always-on email services is probably the most important requirement
from both the business and end-user perspective.
Knowing the importance of always-on Exchange services, Array worked with Microsoft to
ensure that no single server or site failure would result in lost services. After availability,
response time is one of the most important requirements for end-users. With this in mind,
Array built intelligence into the solution to detect slow or overload servers (or sites) and
to automatically reroute users to the least loaded server or site.
Data Compression - With both software and hardware assisted compression
features, the Array ADC appliance can be configured to automatically compress
email messages and attachments so less LAN and WAN bandwidth is consumed.
This improves end-user response times since fewer bits have to be transferred
across the network. This is especially beneficial for mobile and remote user
accessing Exchange services over low quality or congested networks.
Local Availability of Exchange Services - With Array’s ADC advanced server load
balancing capability, end-users can benefit from 99.999% availability of Exchange
services. The Array ADC automatically detect failed or overloaded servers, and
automatically and transparently routes user requests to healthy servers or the least
loaded server to deliver the best performance.
In addition, health checks are routinely performed on the Exchange application
itself to determine if a component of the service is slow or just not responding. For
example, health check of CAS servers can detect a hung or poor performing CAS
server and automatically route users to active or better performing servers.
Global Service Resiliency - Because email service is business critical, users must be
able to access these services in the event of a site failure caused by human error,
natural events, or acts of war. To meet these requirements enterprises typically
deployed multisite Exchange environments.
4
Always-on
Exchange services
so your employees
stay productive
regardless of where
they are
5. Array Networks and Microsoft Exchange Server 2010
s o l u t i o n B r ie f
connections.
Stop DDoS Attacks before It Stops Exchange Services
Since email is such a ubiquitous communication tool, it is constantly exploited by
attackers to disrupt email and other services. If Distributed Denial of Service (DDoS)
attacks are not handled correctly they can bring the corporate network and services
to their knees by clogging the network and overloading application servers. This can
have a direct negative impact to the flow of legitimate business email, access to general
application services, employee productivity and user experience.
5
The Array ADC solution for Exchange enables the deployment of a highly to resilient
email service by leveraging the ADC global load balancing feature provide real-
time access to the best globally available site. With this feature, failed sites,or just
congested sites are automatically detected and users are transparently redirected
to active sites or to better performing sites. Array has built-in probes (health checks)
which make intelligent routing decisions based on proximity, language, capacity,
load and response times to take users to the best site base on their profile.
In addition, in times of disasters or unplanned outages, users can gain secure
access from remote locations using Outlook Web App email services. With Array’s
Universal Access Security appliance, the device can instantaneously support huge
spikes in concurrent users (tens of thousands) without the need to make a phone
call to activate licenses or perform hardware/software upgrades.
ISP Link Availability and Cost Optimization - Since an ISP link or network failure
can cripple Exchange services to and from a site, multiple links and ISPs are often
used to ensure service availability. In addition, there are often cost and performance
differences between ISPs which can be exploited for cost optimizations.
The Array ADC link load balancing feature, with advanced link failover and
bandwidth management capabilities, can help businesses optimize availability,
security, cost and performance of Exchange services across multiple WAN
Intelligent cost
and performance
optimization across
multiple WAN
connections
6. Array Networks and Microsoft Exchange Server 2010
s o l u t i o n B r ie f
In our joint solution, the Array Networks ADC sits in front of the email servers and only lets
through emails from legitimate sources while blocking email from non-trusted sources.
This feature limits or blocks malicious DDoS attacks (SYN floods, TCP port scans, UDP
floods and UDP port scans), ensuring that only legitimate business emails gets onto the
corporate network and to the backend email servers.
In addition, the ADC walls-off backend servers and networks since all incoming network
traffic is terminated on the ADC. For legitimate traffic, the ADC opens new connections
to the backend servers so it can be processed. By protecting both backend servers and
network, these resources can be used efficiently for legitimate business traffic and
application services.
Scale Exchange Services without Adding Servers
One of the main benefits of Array’s ADC appliances is offloading of non-application
specific compute intensive tasks from servers. This offloading capability means that
Exchange services can be scaled and/or accelerated by simply adding a pair of these
purpose-built appliances in front of Exchange Client Access (CAS) servers.
This capability, along with the architecture changes Microsoft made with Exchange
2010 requiring that all traffic must go through CAS servers, makes ADCs a fundamental
requirement for enterprise customers upgrading to Exchange 2010 or having to deal
with increased service demands due to growth or datacenter consolidation. Adding
Array’s ADCs to these environments can defer or eliminate expensive server upgrade and
licenses cost – enabling businesses to do more with their existing resources.
Better Utilization of CAS Servers - Intelligent load balancing of Exchange traffic
enables IT to make the best use of existing Client Access Server capacity and to
increased server utilization.
A variety of load balancing methods are supported by Array’s advanced ADCs,
from simple round robin to more sophisticated shortest response time or server
CPU utilization methods. This ensures that users are automatically directed to the
best server to handle their request.
SSL Offloading - SSL processing is one of the most compute intensive tasks
servers do, consuming up to 30% of server compute capacity. Since most email
6
Scale your services
without scaling your
budget
7. Array Networks and Microsoft Exchange Server 2010
s o l u t i o n B r ie f
communication is encrypted for security and regulatory compliance, this can
place a heavy burden on application servers. ADCs are often used to off-load SSL
processing from application servers, freeing-up valuable capacity for them to do
what they do best – application processing.
Array’s ADC appliances are purpose built with SSL hardware processing engines
which offloads both 1024-bit and 2048-bit SSL encryption/decryption from
application servers. This result in improved Exchange service performance and a
reduction in the number of Exchange 2010 servers required.
SSL Certificate Consolidation & Centralized Management - SSL certificates can
be consolidated and managed on the ADC, eliminating the need for SSL software
and certificates for each application server. This significantly simplifies certificate
administration and cost.
TCP Connection Off-load and Multiplexing - Setting up and tearing down TCP
connections is a very common compute intensive task which servers are not
optimized for; and since this has nothing to do the core functioning of most
applications it can be readily offloaded.
Since Array’s ADCs front-ends the Exchange servers, it can offload the compute
intensive task of setting up and tearing down TCP connections for these servers
– freeing up capacity for Exchange services. In addition, the ADC appliances uses
a technique called TCP multiplexing which reduces the number of connections
established with the back-end Exchange servers – so application servers have to
manage fewer connections.
The net benefit of TCP connections off-load and multiplexing is increased
Exchange throughput and performance.
Compression Offload & Bandwidth Reduction - Compressing data has the benefit
of reducing the network bandwidth required to move information between the
Exchange server and the users consuming this information. However, like SSL
encryption/decryption compression is another very compute intensive task which
is best off-loaded to ADCs.
7
Offload compute
intensive functions
from Exchange
servers
8. Array Networks and Microsoft Exchange Server 2010
s o l u t i o n B r ie f
Depending on the Array ADC model deployed, customers can benefit from
software compression, or from hardware assisted compression when performance
is important. Offloading compression to Array’s ADCs can free-up up to 20% of an
application server capacity.
Caching for Faster Response - Caching eliminates the repeated application server
processing and round trip delays incurred for each user request, i.e. opening
connections to application servers, fetching the data from backend storage
devices, and terminating these connections.
Cachingsignificantlyreducestheloadonserversandnetworkbandwidthconsumed.
From a end-user perspective, caching results in significant improvements in
response time when accessing cacheable data, e.g. PowerPoint presentations,
Excel files, images, etc.
Universal Secure Access
In business today, mobile access to corporate resources is no longer a luxury available
for a select few. Mobility has become a fundamental method by which we all stay
connected and communicate -- by voice, messaging and email. In addition, we are doing
so increasingly from our own personal devices -- be it a smart phone, tablet or laptop.
These trends in mobility and IT consumerization creates unprecedented security
challenge which goes beyond tradition user access controls – end-user devices must be
authenticated, data on the wire must be encrypted and data leakage must be prevented.
In the wrong hands these smart powerful devices can be very destructive tools which
can be used to exploit corporate vulnerabilities which can significantly increase business
risks.
Array’s Access Security appliances have been designed to meet this challenge, providing
edge security for Exchange, other application services, and access to corporate networks.
These purpose-built appliances enforce security policies at the edge of the network so
only legitimate users can access corporate resources.
8
Secure access
from any device,
anywhere
9. Array Networks and Microsoft Exchange Server 2010
s o l u t i o n B r ie f
Securing Access for Remote Users - Since security attacks are most likely to
come for the outside, enforcing strict security policies on who can access valuable
corporate assets, end-point integrity checks to only allow trusted device access,
and ensuring that nothing is left behind on these end-user devices are important
requirements for the enterprise.
Array’sUniversalAccessSecurityappliancesestablishthiscriticalfirstlineofdefense
for the modern enterprise. Secure features includes access controls, integration
with AAA servers, two factor authentication for higher levels of security, single
sign-on for simplicity, device verification so only authorized devices are allowed
access, device integrity checks prior at the start of each session so an infected
device does not contaminate the corporate network and device cache cleaning at
the end of each session so no data is left behind -- browser history, forms, cookies,
auto-complete information and more.
For additional security, users and their devices must log-on and be authenticated
for each session, and sessions are automatically terminated during periods of
inactivity. This limits the attack window available to potential attackers.
Network Security Using Virtual LANs & SSL Encryption - Security can also be
enhanced at the network level by creating and assigning a virtual LAN (VLAN)
to specific services and users. This allows administrators, users, partners or even
departments to have their own sandbox to work within and to be confident that
sensitive data remains within their secure sandbox.
Network traffic can be securely encrypted as it leaves the corporate network or
traverse the corporate network using either 1024-bit or 2048-bit keys so data in
transit is always protected.
Enhancing User Experience & Productivity - To improve the user experience and
to make them instantly productive, Array’s single sign-on feature provides fast
hassle-free access to the corporate network and approved services.
9
Encrypt network
traffic for security
and regulatory
compliance
10. Array Networks and Microsoft Exchange Server 2010
s o l u t i o n B r ie f
Our application publishing service enables administrators to publish specific
applications to individual users and block other applications. For example, a user
can gain access to Microsoft Outlook Web App for secure access to their email from
a browser but not to financial applications.
Centralize Access Control for Cloud, Datacenter and Hybrid Datacenters - Array’s
Universal Access Security appliances acts as gateways to datacenter and cloud
assets regardless of how these assets are deployed – traditional, private cloud,
public cloud or hybrid.
These appliances are designed for performance and scale, with built-in SSL
hardware assisted SSL processing and the ability to managing from 10 to tens of
thousands of concurrent connections per a single appliance; and to massively scale
horizontally by clustering up to 32 appliances.
Having a single product with the scale, performance and administrative controls
to seamlessly support small to large enterprise, cloud and hybrid environments
simplifies both the design decision for IT architects and investment decision for
management.
Custom Administrative Portals - To simplify administration and enforce
administrative privileges, individual administrators or groups of administrators can
be assigned their own dedicated portal for the service or group of services they
manage. Up to 256 unique portals can be created for each appliance.
Logging for Compliance and Troubleshooting - Array’s Universal Access Security
appliances maintain detail logs which can be invaluable when debugging issues
and verifying compliance. Logs are maintained with timestamps of all user
and administrative activities, e.g. successful logins/failure, logouts, idle session
timeouts, appliance configurations changes, etc.
This information can be accessed directly from the appliance or extracted
using SNMP and integrated with more comprehensive security and compliance
management tools.
10
Custom
administrative
portals so
administrators have
their own sandbox
11. Array Networks and Microsoft Exchange Server 2010
s o l u t i o n B r ie f
Offloading of Non-Core Application Functions - Depending on which ADC
functions are enabled, up to 80% of application server workloads can be off-load
to Array’s ADCs, e.g. SSL encryption/decryption, SSL certificate management,
compression, caching, and TCP connection management.
Intelligent Traffic Management - By intelligently managing traffic between
the users and backend Exchange environment, servers and bandwidth can be
efficiently utilized. Server and network attacks can be minimized, legitimate traffic
can be directed to the best server to process use requests, and outbound traffic
can be routed to the most cost effective WAN/ISP link.
Better Utilization of IT Resources - Since non-core application workloads are
offloaded to the ADCs, business can scale and meet user expectations with
the most efficient application backend. This has a direct cost impact due to the
reduced number and size of application servers, software licenses, datacenter
footprint, and energy consumed.
Centralize Access Control for Cloud, Datacenter and Hybrid Datacenters -
Array’s Universal Access Security appliances provides the scale, performance and
administrative controls to seamlessly support small to large enterprise, cloud
and hybrid environments. This eliminates the need for multiple point products,
simplifies datacenter design for architects, and reduces both CapEx and OpEx.
11
Gain economic
leverage while
optimizing
Exchange services
Better Economics
While the ability to deliver accelerated, always-on, scalable and secure Exchange
services are important IT design and operations considerations, the economics of the
solution is also important. This is especially true when there are competing IT projects
and budget constraints.
Array’s ADCs and Universal Access Security appliances creates economic leverage which
optimizes TCO of the Exchange solution by reducing or limiting IT spends on servers,
software license and network bandwidth.
These savings are a direct result of the following:
12. Array Networks and Microsoft Exchange Server 2010
s o l u t i o n B r ie f
Corporate
Headquarters
info@arraynetworks.com
408-240-8700
1 866 MY-ARRAY
www.arraynetworks.com
Belgium
+32 2 6336382
China
support@arraynetworks.com.cn
+010-84446688
France
infosfrance@arraynetworks.com
+33 (0) 180 886 086
India
isales@arraynetworks.com
+91-080-41329296
Japan
sales-japan@arraynetworks.com
+81-45-664-6116
Korea
array-sales@arraynetwork.co.kr
+82(2)3461-8124
Taiwan
support.taiwan@arraynetworks.com
886-2-7718-2750
UK
infoseurope@arraynetworks.com
+44 (0) 7717 153 159
To purchase Array Networks Solutions, please
contact your Array Networks representative
at 1-866 MY-ARRAY (692-7729) or authorized
reseller.
Copyright 2011 Array Networks, Inc. All rights reserved. Array Networks, the Array Networks logo, AppVelocity, NetVelocity, and SpeedCore are all trademarks of Array
Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their
respective owners. Array Networks assumes no responsibility for any inaccuracies in this document. Array Networks reserves the right to change, modify, transfer, or
otherwise revise this publication without notice.
Oct-2011 rev. a
Summary
Array has facilitated the deployment of our joint solutions with Microsoft for Exchange
2010 by providing a Microsoft qualified step-by-step deployment guide which was fully
tested and verified by our engineers at Array Networks. This guide will significantly
reduce the time and effort required for customers to deploy or upgrade their Exchange
environment and start experiencing the benefits of this solution.
Planning for and integrating Array’s ADCs and Universal Access Security appliances for
Exchange deployments creates economic leverage and enables customers to get the
most out of their Exchange investments while delivering excellent service.
More Information
Learn more about Array Networks and Array’s solution for Microsoft Exchange Server
2010 at www.arraynetworks.com
Web Page: Array Networks Solution for Microsoft Exchange 2010
http://www.arraynetworks.com/exchange-server-2010-qualification.html
Deployment Guide: Array Networks Solution for Microsoft Exchange 2010
http://www.arraynetworks.com/compliance/DG-APV-Exchange2010-Sept-2011-Rev-I.pdf
About Array Networks
Array Networks is a global leader in application, desktop and cloud service delivery with
over 5000 worldwide customer deployments. Powered by award-winning SpeedCore™
software, Array solutions are recognized by leading enterprise, service provider and
public sector organizations for unmatched performance and total value of ownership.
Array is headquartered in Silicon Valley, is backed by over 300 employees worldwide
and is a profitable company with strong investors, management and revenue growth.
Poised to capitalize on explosive growth in the areas of mobile and cloud computing,
analysts and thought leaders including Deloitte, Red Herring and Frost & Sullivan have
recognized Array Networks for its technical innovation, operational excellence and market
opportunity.