Tag Archives: LoadMaster

Configuring LoadMaster Global Balancing for Exchange 2013 – Part 3

Exchange 2013, Exchange 2016Leave a comment

In Part 1 and Part 2 of the article series, we deployed Exchange 2013 servers in each AD site, deployed Kemp LoadMaster and configure it for Exchange services in each AD site.

In this final part of the article series, we will configure LoadMaster with Global Balancing, where if Dallas AD site goes down then client request (internal and external) will route to Exchange 2013 servers in the Pittsburg AD site and vice versa. Global Balancing provide redundancy for both Exchange and LoadMaster itself. Below is the figure 3.1 is the current diagram for the Exchange 2013 lab using Kemp Free LoadMaster

Figure 3.1 Exchange 2013 and Kemp LoadMaster LAB configuration.

Configure Static Routes on Kemp LoadMaster

From the above Figure 3.1, Dallas LoadMaster Eth0 interface is configured with network 192.168.1.0/24 network and LAB router with DHCP have assigned DNS and Default gateway for this interface. Using DNS and default gateway, Eth0 interface can reach any external network including Pittsburg Eth0 interface.

Figure 3.2 DNS Name Server IP address

But, Dallas LoadMaster Eth1 interface is on 10.10.10.0/24 and it does not configured with DNS and default gateway. Since, two network interface (NIC) on the same machine cannot be configured with two different DNS and Gateway. Hence Eth1 interface has no information on how to reach Eth1 network (20.20.20.0/24) of Pittsburg LoadMaster or any other network internally. To archive this, we need to add manual static routes on the Dallas LoadMaster. Below is the steps to configure the same.

1. Connect to Dallas LoadMaster using Internet Explorer

2. Expand System Configuration -> Additional Routes

3. Add route to reach 20.20.20.0/24 network using gateway 10.10.10.101 (It is the default gateway for 10.10.10.0/24 network to reach Pittsburg network). Below Figure 3.2 is the reference image.

Figure 3.3 Adding new Fixed Static Routes on Dallas LoadMaster

Similarly, Pittsburg LoadMaster Eth1 interface is on 20.20.20.0/24 and it is not configured with DNS and default gateway. It has no information on how to reach Eth1 10.10.10.0/24 Dallas network or any other network. Hence we need to add static routes on the Pittsburg LoadMaster to reach Dallas Eth1. Below is the steps to configure the same.

1. Connect to Pittsburg Loadmaster using Internet Explorer

2. From the Left menu , expand System Configuration -> Additional Routes

3. Add route to reach 10.10.10.0/24 network using gateway 20.20.20.101 (It is the default gateway for 10.10.10.0/24 network). Below is the reference image.

Figure 3.4 Adding new Fixed Static Routes on Pittsburg LoadMaster

Configuring LoadMaster to Synchronize Configuration each other:

Synchronization lets to replicate the configuration changes or additions done one LoadMaster to another. Below are the steps to synchronize two LoadMaster on Dallas and Pittsburg network.

1. Connect to Dallas LoadMaster from the browser using the IP Address https://192.168.1.100

2. From the main menu ,expand System configuration -> remote Access

3. Under GEO Settings, specify GEO LoadMaster Partners IP Address and click on set Geo LoadMaster Partners. In our case it is Pittsburg LoadMaster Eth0 interface IP address – 192.168.1.101

Figure 3.5 Configuring GEO LoadMaster Partner Settings at Dallas

4. Now, connect to Pittsburg LoadMaster from the browser using the IP address https://192.168.1.101

5. From the main menu ,expand System configuration -> remote Access

6. Under GEO Settings, specify GEO LoadMaster Partners IP Address – 192.168.1.100 and click on Set Geo LoadMaster Partners. In our case it is Dallas LoadMaster Eth0 interface IP address

Figure 3.6 Configuring GEO LoadMaster Partner Settings at Pittsburg

7. Now we have configured the synchronization between Dallas and Pittsburg LoadMaster, we just make configuration on any one LoadMaster and it gets replicated to other.

Configuring Global Balancing for FQDN – mail.happy.com

1. Connect to Dallas LoadMaster and from the main menu Expand Global Balancing -> Manage FQDNs

2. Input the new FQDN name – mail.happy.com and click on Add FQDN

Figure 3.7 Configure Mail.happy.com FQDN at LoadMaster

3. Enter the LoadMaster Dallas External Virtual IP Address – 192.168.1.90 and click on Add Address

Figure 3.8 Configure Mail.happy.com FQDN with Dallas External Virtual IP Address

4. Similarly add Pittsburg Loadmaster External Virtual IP address – 192.168.1.91 and click on Add Address

Figure 3.9 Configure Mail.happy.com FQDN with Pittsburg External Virtual IP Address

5. Then finally, add Dallas LoadMaster internal Virtual IP – 10.10.10.90 and then Pittsburg LoadMaster Virtual IP – 20.20.20.91

Figure 3.10 Mail.happy.com FQDN updated with Dallas and Pittsburg External and Internal Virtual IP Address

6. To provide better health check for the HTTPS services, change the checker from ICPM Ping to TCP Connect for the Virtual IP Address on port 443 and then click on Set Addr

Figure 3.11 Configure Mail.happy.com FQDN with Health settings to determine the availability of the services.

7. We could now see that all the Servers are Available and healthy and ready to take connection for mail.happy.com

Configuring Global Balancing for FQDN – autodiscover.happy.com

Since, we have one Virtual IP for all the Exchange HTTPS services on each LoadMaster, we would need to create another FQDN name autodiscover.happy.com and follow the same instruction provided for same IP address and port number used for FQDN name mail.happy.com.

Figure 3.12 Configure autodiscover.happy.com FQDN with Pittsburg External and internal Virtual IP Address

Configuring Global Balancing for FQDN – smtp.happy.com

1. Connect to Dallas LoadMaster using Internet Explore

2. Expand Global Balancing -> Manage FQDN

3. Add a FQDN name smtp.happy.com’ and click Add FQDN

Figure 3.13 Creating new FQDN smtp.happy.com

4. Input each of the internal and external Virtual IP (VIP) address of both Dallas and Pittsburg LoadMaster and click Add Address. Then, make sure that checker is to set TCP connect for port 25.

Figure 3.14 Adding External VIPs for smtp.happy.com FQDN

Since Dallas and Pittsburg is configured to sync with each other, we should be able see the configuration synced from Dallas LoadMaster to Pittsburg LoadMaster in real-time. To validate the same, connect to Pittsburg LoadMaster and Navigate to Global Balancing -> Manage FQDNs.

Figure 3.15 Validation Global Balancing synchronization at Pittsburg LoadMaster.

DNS Configuration:

We are almost done with the LoadMaster configuration at both Dallas and Pittsburg AD site. Now we need to configure Internal and External DNS with delegated subdomain for mail.happy.com and autodiscover.happy.com pointing to LoadMaster Virtual IP Address defined in the below table.

To accept SMTP emails from internet for happy.com, configure MX records on the external DNS to point to the external DNS VIP of both Dallas and Pittsburg LoadMaster and below are the details.

Configure Exchange send connector with option ‘Route mail through smart host’ and specify the LoadMaster SMTP Internal VIP Address – 10.10.10.103 and 20.20.20.104.

This configuration will help clients to connect to all the HTTPS service and also mail flow between internal and internet.

Below is the final diagram with complete IP Address, DNS, LoadMaster and Exchange server details.

Figure 3.15: Final LAB diagram

Finally, we are at the end of the articles series, completely installed, configured Kemp Free LoadMaster in both the AD sites and also configured Global balancing between the sites. Same steps can be followed to implement LoadMaster in production environment, but we need public IP address NATed to the DMZ VIPs to communicate with other external domains.

Configure LoadMaster for Exchange 2013 Services in LAB – Part 2

Exchange 2013, Exchange 2016Leave a comment

In part 1 of the article series, we got Exchange 2013 configured, Hyper-V networks configured and installed LoadMaster in both the AD site and finally configure with Two-Arm networks. In this part of the article series we will configure LoadMaster for Exchange HTTPS and SMTP services. Below Figure 2.1 is the current lab setup with IP address configuration.

Figure 2.1 Current lab setup with IP address configuration.

Importing Exchange Kemp Templates into the LoadMaster

Kemp offers free templates for Exchange 2013 with preconfigured settings. These preconfigured templates are based on the Microsoft best practice and helps us to keep our configuration simpler and quicker. These configurations can further tweaked to suites the complex environment and business requirements.

1. Download Exchange 2013 Core Services template from Kemp LoadMaster documentation page on the Hyper-v host machine

https://kemptechnologies.com/loadmaster-documentation/.

Figure 2.2 Downloading Exchange 2013 Core Services template.

2. Core services template helps administrator to configure all the Exchange 2013 HTTPS, SMTP and MAPI protocols easily with minimum configuration steps.

3. Connect to the Dallas LoadMaster from the host machine browser using the IP Address – https://192.168.1.100

4. Click on Virtual services -> Manage Templates

5. Click on Browse button to select the template file ‘Exchange2013Core.tmpl’ from the local machine and click on Add New Template button to import the same.

Figure 2.3 Importing Exchange 2013 Template

6. Once imported, it will display the details of all the templates imported

Figure 2.4 Exchange 2013 Templates after importing the downloaded template file

Perform the above steps 1-5 to import the Exchange 2013 Core Services template on Pittsburg LoadMaster.

Creating and Configuring HTTPS Virtual Services

In this part, we will configure one Virtual IP for all the Exchange 2013 HTTPS virtual services. HTTPS virtual services include OWA, EAC, Active sync, Outlook anywhere and EWS. We can also configure one virtual IP for each Exchange services. It is complex to configure but provides better redundancy for each of the Exchange services.

Follow the below steps to configure Dallas LoadMaster with one Virtual IP address for all the Exchange HTTPS services.

1. Connect to the Dallas LoadMaster from the browser using the IP Address – https://192.168.1.100

2. Expand Virtual Services -> click Add new

3. To allow external clients to connect to Exchange, sepcify VIP – 192.168.1.90 on port 443, then select use template Exchange 2013 HTTPS and click on Add this virtual service.

Figure 2.5 Adding Virtual IP Address for Exchange 2013 HTTPS

4. It then redirects to the properties page of Virtual IP(VIP) address

5. Under Basic Properties, specify the Alternative Address as 10.10.10.90 from which is from Dallas internal network segment.

Figure 2.6 Exchange 2013 HTTPS Basic properties configuration.

6. Keep the Standard Options, SSL Properties, Advanced Properties, and ESP Options as default.

Figure 2.7 Exchange 2013 HTTPS Standard Options, SSL Properties, Advanced Properties, and ESP configuration.

7. Under Real Servers properties, click on Add New button to add the Dallas Exchange 2013 server

Figure 2.8 Exchange 2013 Real Servers Properties

8. Specify the Dallas Exchange 2013 IP Address -10.10.10.2 and click Add This Real Servers

Figure 2.9 Specifying Exchange 2013 Server Address for Real Servers options.

9. Validate the addition of Exchange 2013 server under real servers.

Figure 2.10 Validating Addition of new Exchange 2013 Real Servers Properties

10. Finally, click on View/Modify services from the main menu to confirm the new HTTPS Virtual IP Addresses and services status is UP.

Figure 2.11 Validating HTTPS Virtual IP Addresses and services status

Perform the above operation from step 1 – 11 on Pittsburg LoadMaster to configure External Virtual IP Address 192.168.1.91 and internal alternative Virtual IP as 20.20.20.91. Make sure to add the internal Pittsburg Exchange 2013 server IP address 20.20.20.2 under Real Servers.

Creating and Configuring SMTP Virtual Services

SMTP Virtual services help to route email between internal and external network. Internet MX records must be configured to these external Virtual Address so internet emails are delivered to it. LoadMaster process the Internet email and forwards to the internal Exchange servers. Similarly Internet email from internal are accepted by the LoadMaster and it will be process delivered to external. Below are the steps to configure the same:

1. Connect to the Dallas LoadMaster using browser – https://192.168.1.100

2. From the main menu, expand Virtual Services -> select Add new

3. Input the Virtual Address 192.168.1.103 , select use template Exchange 2013 SMTP and click on Add This Virtual Service

Figure 2.12 creating new Virtual IP Address for Exchange 2013 SMTP services.

4. It then redirects the advance properties page

5. Specify the Alternative Address – 10.10.10.103 from Internal network subnet

Figure 2.13 Configuring Exchange 2013 SMTP basic properties.

6. Keep Standard Options, SSL Properties, Advanced Properties and ESP Options as default

7. Click on Add New button from Real Serves options to add the Dallas Exchange 2013 server.

Figure 2.14 Configuring Real Servers properties.

8. Specify the Exchange 2013 IP Address -10.10.10.2 and click on Add this Real Servers

Figure 2.15 Adding Exchange 2013 Server under Real Server.

11. Validate the Exchange 2013 server IP address and port under Real Servers.

Figure 2.16 Validating Exchange 2013 Server under Real Server.

12. Click on View/Modify Services to confirm the new SMTP Virtual IP Addresses and services status is UP

Figure 2.17 Validating new Exchange SMTP Virtual Service.

Perform the above operation from step 1 to 13 on Pittsburg LoadMaster to configure External SMTP Virtual IP Address 192.168.1.104 and internal alternative Virtual IP as 20.20.20.104. Finally, make sure to add internal Exchange server IP Address – 20.20.20.104 under Real Servers and validate the same.

We have almost done with the configuration of LoadMaster in the lab and below Figure 2.18 is the final Exchange 2013 LAB using Kemp Free LoadMaster. It has all the necessary VIP address for client connection.

Figure 2.18 Exchange 2013 LAB using Kemp Free LoadMaster

Importing Exchange 2013 Certificate into the LoadMaster

Currently LoadMaster is not configured with SSL Offloading. SSL Offloading terminates the client SSL connection at the LoadMaster and generate the new connection to the Exchange server in the backend. This improve the security and performance for client connection. This is an optional settings and below are the steps to perform the same:

1. Export the SAN Certificate from the Exchange server 2013 with private key in PFX format and password.

2. Connect to the Dallas LoadMaster through internet Explorer

3. Click on Mail Menu -> Certificate -> SSL certificate and click on Import Certificate

Figure 2.19 SSL Certificate Import option on LoadMaster.

4. Specify the Exchange Certificate file path, Pass Phrase (password applied during the export) and Certificate Identifier. Click on Save to import the certificate into the LoadMaster

Figure 2.20 Importing SSL Certificate into the LoadMaster

5. Modify the Exchange HTTPS virtual Service and expand SSL Properties

6. Enable SSL Acceleration and Reencrypt option. Then set the available Exchange certificate and move it to assigned certificates. Lastly select Best Practices under Cipher set and click on Modify Cipher Set.

Figure 2.21 Configuring SSL Offloading and assigning Exchange certificate on the LoadMaster

Follow the above instruction from step 1-6 on the Pittsburg LoadMaster to import the Exchange certificates and configure SSL offloading.

We are almost at the end of the Part 2 article series and configured with LoadMaster for Exchange 2013 HTTPS and SMTP Services. In the next and final part of the article series, we will configure Geo Redundancy. Which allows clients to connect to the available Exchange servers, if any of the Exchange servers/services /AD sites goes down.