Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How to deliver secure,highly available Microsoft applications


Published on

Deliver secure, highly available Microsoft Applications with 3 key Load Balancer services with Alex Lewis (Lync MVP, Modality Systems), Jon Braunhut (Chief Scientist at and Bhargav Shukla (Exchange MVP, Director of Product Research and Innovation at

Published in: Software, Technology
  • Be the first to comment

  • Be the first to like this

How to deliver secure,highly available Microsoft applications

  1. 1. Deliver Secure, Highly Available Microsoft Applications with 3 Key Load Balancer Services
  2. 2. Alex Lewis ! Principal Consultant and VP at Modality Systems and Author of Lync 2010/2013 Unleashed ! Lync MVP
 Jon Braunhut ! Chief Scientist at KEMP Technologies Bhargav Shukla ! Director of Product Research and Innovation at KEMP Technologies ! Exchange MVP
  3. 3. Exchange 2013 Load Balancing Exchange 2013 Reverse Proxy and KEMP Edge Security Pack Q&A Lync 2013 Web Services… and other Services Load Balancing Lync 2013 Reverse Proxy Office Web Apps Publishing Agenda
  4. 4. Why Load Balance Lync?
  5. 5. Even with DNS LB, web services must be load balanced using an external load balancer Often simplifies PBX integration with multiple mediation servers External applications often don’t understand DNS LB or treat it as DNS RR HA for Lync edge services including legacy, PIC and XMPP federation 1 2 3 4
  6. 6. Load Balancer Requirements
  7. 7. Role High 
 Availability Load
 Balancer DNS
 Balancing Standard edition server Not available N/A N/A Enterprise edition front end server Deploy multiple server in a pool and use load balancing Yes Yes Back end server SQL server uses windows clustering for high availability No No A/V conferencing server Deploy multiple servers in a pool. Load balancing not required N/A N/A Edge Server Deploy multiple servers in a pool and use load balancing Yes Yes Mediation server Deploy multiple servers in a pool and use load balancing Yes Yes Monitoring Standby server (MSMQ) on the front-end queues messages in the event of a failure No No Archiving Standby server (MSMQ) on the front-end queues messages in the event of a failure No No Director Deploy multiple servers in a pool and use load balancing Yes Yes File sever Use Windows cluster or distributed file system Yes Yes
  8. 8. Basic HTTPS Load Balancing No more cookie insertion for mobile! Lync 2013 Web Services Be sure to turn on HTTP->HTTPS Redirection Separate Virtual IPs for Internal & External Web Services
  9. 9. Create a virtual service on port 443 for Lync Edge External Conferencing Set HTTP 302 Redirect with redirect URL set to https://%h%s In the virtual service status menu you will see “Redirect”
 HTTP to HTTPS Redirection
  10. 10. Load Balancing Mediation Pools Required for most ITSPs for direct connectivity without an SBC Required for IP PBXs that don’t support DNS-LB – and that’s almost all of them Ensure equal load balancing Easier maintenance and testing 1 2 3 4
  11. 11. SNAT Load Balancing (Full- NAT) for gateway/PBX side of Mediation Server Pool Use if Gateway doesn’t support DNS LB to simplify Gateway/PBX configuration Best Practices for LB Mediation
  12. 12. Lync  2013  Mobile   Client Windows  8  Lync  App Lync  2013  Desktop  client Load  Balancer Internet DMZ Internal  Network Active   Directory Lync  2013  Mobile   Client Lync  2013  Desktop  client Lync  Front-­‐End   Pool Mirrored  Back-­‐End   Servers Office  Web   Apps  Server Load  Balancer Lync  Edge   Pool Reverse   Proxy Lync 2013 Reverse Proxy
  13. 13. Device deployed between clients and servers, usually in the DMZ, and interacts with servers and services on behalf of the client Commonly used to provide load balancing for availability
 and scalability Terminates TCP traffic Protects internal HTTP servers by providing a single point of access to the internal network Full reverse proxies provide advanced Layer 7 features such as SSL acceleration, traffic management, intrusion prevention, content acceleration, etc. More than NAT Reverse Proxy – What is it? 1 2 3 4 5 6
  14. 14. Reverse Proxy – What is it? ="
  15. 15. Load balance port 80 and 443 Translate to server ports 8080 and 4443 Can not use pre-authentication No persistence is required Alternatively check /meet/blank.html instead of 5061 to ensure IIS is working Use 20 minute TCP session timeout Use 1800 seconds TCP idle timeout Health check on port 5061, or use hardware load balancer monitoring port from topology if defined Lync 2013 Web Services Reverse Proxy 1 2 3 4 5 6 7 8
  16. 16. Enable and Reencrypt SSL Load balance port TCP/443 Office Web Apps Publishing Use Source IP for persistence with 30 minute timeout, use other methods if NAT or concentrators are involved Perform healthcheck on /hosting/discovery, using HTTP GET 1 Use 1800 seconds Idle timeout 2 3 4 5
  17. 17. • CAS Array is no more! • Client Access is stateless proxy • Load balancing requirements are simplified • SSL Termination at load balancer isn’t required • Session affinity isn’t required enabling even distribution of connections • Service Pack 1 • SSL Offloading is now possible • MAPI/HTTP is new transport mechanism What’s new in Exchange 2013
  18. 18. Exchange 2013 Publishing/Load Balancing/Security • Provide high availability for client connections • Pre-authenticate external clients • Layered security with vDir filtering and IP filtering • Single Sign-on with other applications (i.e. SharePoint) • Relay SMTP for external apps w/ domain filtering • Content switching for publishing on shared public IP address
  19. 19. Managed Availability • Monitors end user Experience • Provides health state of Exchange components • Each component has dynamic healthcheck.htm Load Balancing at Layer 4 • No SSL termination on Load Balancer • No advanced configuration (i.e. cookie affinity) Load Balancing at Layer 7 • More advanced configuration • Requires SSL termination at Load Balancer • More granular health checks with single namespace • Granular control over failures Load Balancing in Exchange 2013
  20. 20. DMZ Internal Network Edge Security and Reverse
 Proxy for Exchange Load Balancer /
 Reverse Proxy Exchange CAS Exchange CAS Exchange CAS
  21. 21. Recap of Key Load Balancer Services Awareness
 (Application & Resource) Reverse Proxy Replacement Security Services
  22. 22. About Kemp KEMP Designs & Develops Load Balancer and ADC Software Enabling our customers to achieve optimal application performance w/: • High Availability • Scalability • Acceleration • Security KEMP – Fastest Growing ADC Vendor, #3 WW Units Shipped Cloud ADCs Bare Metal ADCs Virtual ADC Appliances ADC H/W Appliances Price/Performance leader with ubiquitous platform deployments : • 20,000+ WW customer deployments • Microsoft Gold Certified Partner – Messaging and Communications • Pricing starts at $1,990 • Free Trial - (case sensitive)
  23. 23. More info on KEMP at ! Follow KEMP at: @KEMPtech 
 More on Modality Systems at @modalitysystems @alexlewis
  24. 24. Watch our other webinars here: balancing-webinars-and-videos