In the last post, we installed two additional frontend servers to the Lync High Availability environment that we has been creating for quite some time now.
In part 7 when we installed the first frontend server, we made the configuration on the Frontend pool dns records, so that the pointed to the first frontend server, which we had at that time. We did the same for the Office Web Servers and Directors servers.
Lets start by talking a little bit about how to load balance Lync.
Both the Lync clients and Lync Servers can be using DNS Load Balancing. This is achieved by configuring multiple records in DNS to point to the same name.
When the clients and servers query DNS for a records – it gets all results for a record returned – so if three records points to the same name, the result will include these three records.
The client and server will then contact the first server and if no response is received, it will contact the next.
The Lync servers will load balance the clients automatically between the available servers though an algorithm, which also will redirect clients to the other servers in the pool.
But there is a catch – DNS load balancing only works for Lync traffic like the sip traffic (5061/TCP), it doesn’t work for web traffic like https (443/tcp), and that is why you need a load balancer for the web traffic.
If you do not have a load balancer, you could be reaching a server that is down, and then the request will fail.
Back in the old days (in the OCS days), before we were using DNS load balancing – all traffic, including the sip traffic must be passed though a load balancer. We can still choose to do that with Lync or we can choose a combination of both DNS load balancing and hardware load balancing. This depends on the size of your load balancer box and your skills in programming the load balancer.
If you choose to load balance all Lync traffic though the load balancer you should make sure that it can handle all request. Some load balancers is sold with limitation to the traffic and sessions it can handle, like the Kemp Hardware Load balancers.
If you choose to load balance only the web traffic you could perhaps save some money by choosing a smaller model.
The Office Web Apps Server is only using web traffic so you will need the hardware load balancer for these servers.
I will over the next couple of posts show you how to load balance the different internal servers, including both methods of load balancing the lync servers.
I will use Kemp Hardware Load Balancers, which exists in both physical and virtual forms, and in different sizes (see http://kemptechnologies.com/products-solutions).
I will deploy two virtual load balancers in an active/standby setup.
The specs for the two VLM will be:
- 1 GB RAM
- 32 GB Disk Space
DMZINT LAN IP: 10.160.64.36/24
- 1 GB RAM
- 32 GB Disk Space
- LAN IP: 10.160.64.37/24
The virtual services on the VLM cluster will be using these ip addresses:
LAN HA VIP: 10.160.64.38 (used for HA checks and management)
LAN VIP1: 10.160.64.10 (Used for the frontend pool)
LAN VIP2: 10.160.64.30 (Used for the director pool)
LAN VIP3: 10.160.64.24 (Used for the Office Web Apps Farm)
You can download your own trial version here: http://kemptechnologies.com/da/server-load-balancing-appliances/virtual-loadbalancer/vlm-download, or bye it a your favorite Kemp distributor.
The download is a fully configured virtual machine, which will work for 30 days, until you get a permanent license.
When you have activated your account and downloaded the VLM, it is time to import the virtual machine in Hyper-V.
Extract the Zip file to a folder on you Hyper-V host
From Hyper-V Manager click on “Import Virtual Machine”
Browse to the folder where you extracted the files and click Select Folder
Select “Copy the virtual….” And click Next
Select the folders where you want to place the VLM
Choose a location for the virtual disk
Right Click on the LoadMaster VLM and rename it to VLM01
Right Click the VLM01 and select Settings
Edit the nics and place the first nic on the internal LAN.
I will not be using the second nic, so I just leave it as is without any virtual switch attached. You could also delete the nic.
Start the virtual machine and after a minute or so, you should have got an IP address from DHCP.
Open your browser to the address and accept the certificate warning by clicking continue
Use rest of the day by reading the EULA and if you can accept it click on Agree.
Type your Kemp ID and click license now
Right after login to the VLM with the default user name and password which is :
Type a new Password and click “Set Password”
Click Continue and login to the VLM again with the new password
Navigate to System Configuration and select eth0. Type the IP address for the VLM and click on Set Address
Click OK again
Navigate System Configuration -> Local DNS Configuration and configure the hostname for the VLM and click Set Hostname
Navigate to DNS Configuration and type your DNS Servers and the internal DNS Domains.
Type a Default Gateway
Type any additional routes
Navigate to System Administration -> Date/Time and set the NTP host (typically a domain controller)
Navigate to Miscellaneous Options -> L7 Configuration and set the below:
Under Network Options – remove SNAT
We are now done with the first VLM. The next thing is to install VLM02, with the exact same configuration (except the ip addresses of course).
When the second VLM is up and running, login in to VLM01, and navigate to Miscellaneous Options and HA Parameters
In HA mode select “First HA Node”
Type the Shared IP Address and click “Set Shared address”
Type the HA Partner IP Address
Click on Reboot Now
Login to the second VLM and set it to HA (Second Mode)
Set the Shared IP and partner address and reboot the VLM.
Under HA Parameters set the HA version to Legacy and reboot both boxes.
When they are up and running again, they should now be running in active/passive mode
Note: I think that Kemp has changed the trial licenses so that you will not be able to make them run in active/passive mode, but the rest of the post is still the same although I’m only will be running in single mode.
If you have a real license then just continue, and open internet explorer and point it to the virtual IP, and make sure you can connect to it.
Next you should create entries in the internal DNS for the load balancer boxes.
Next we will install certificates on the VLM cluster.
We will need to install a certificate from the internal CA, including the root certificates.
First of all: I have created an internal certificate, which contains the following names:
Common name: vlm-v.exchangepro.local
I have exported the certificate with the private key, from the server that I generated it from.
Now login to the virtual IP and navigate to Certificates -> SSL certificates and click on Import Certificate
Browse for the exported PFX file, and type the password for it. Give the certificate a name and click Save.
Select the new Certificate for both Administrative Access and local access.
Navigate to Intermediate Certs and click Add New
Browse to your Internal root certificate and give it a name (the certificate must be in base64 format)
The root certificate has now been installed.
If your PKI infrastructure contains other intermediate certificate, then import them now.
I have split the posts so that it will be easier to navigate. In the next posts we will continue be setting up load balancing for the Office Web Apps Servers.