My current project is a migration from Exchange 2003 to Exchange 2010. We wanted to load balance our CAS servers and do some SSL offloading. I have never worked with a load balancer before – pretty cool stuff. We have been using a couple of Kemp 2600’s in an active passive configuration. The Kemp devices have a nice price point and seem to have all the functionality that we need. Plus the support has been excellent. They have really helped us get up and running. Things I have learned while implementing these devices:
- You actually set the CAS servers IP gateways to the load balancer. I guess the device acts like a router when it receives new traffic that did not originally pass through the device.
- Clients and servers can not be in the same subnet if you want to use Layer 7 transparency. Traffic will hit the load balancer and it will pass it along to the server. The server will see that the traffic originated on the same subnet, and it will send the return straight back to the server, not through the load balancer. Timeouts result.
- The documentation repeatedly refers to “clients”. A “client” can be a workstation, but it can also be a service. Our BES server was connecting to the CAS to find the “/Autodiscover/Autodiscover.xml” info. Since it was on the same subnet as the CAS servers, they replied back directly and not through the load balancer. Timeouts again.
- I really like the idea of a drain stop. I can move all traffic to one CAS and work on the other.
- We ended up turning off Layer 7 transparency since we have all servers on the same subnet. The only other real choice would be to move the load balanced servers to their own subnet. The loss of transparency means that all connections seem to originate on the load balancer. So logs become pretty useless. Trouble shooting will occur on the Kemp. We can always ssh in and run a TCPDUMP.