1 / 22

High Availability and Web Publishing for UC Deployments Load Balancing & Reverse Proxy

High Availability and Web Publishing for UC Deployments Load Balancing & Reverse Proxy October 24, 2013. Bhargav Shukla Director – Product Research and Innovation KEMP Technologies Twitter: @ bhargavs. Load Balancing Lync 2013. What should you load balance? For Server to Server traffic

tyne
Download Presentation

High Availability and Web Publishing for UC Deployments Load Balancing & Reverse Proxy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. High Availability and Web Publishing for UC Deployments Load Balancing & Reverse Proxy October 24, 2013 Bhargav Shukla Director – Product Research and Innovation KEMP Technologies Twitter: @bhargavs

  2. Load Balancing Lync 2013 • What should you load balance? • For Server to Server traffic • Topology aware, no load balancing needed • For Client to Server traffic • DNS load balancing for pool (SIP traffic) • DNS load balancing does not work for web traffic • Port translation is required for external web services traffic

  3. Load Balancing Lync 2013 • Visual Reference

  4. Load Balancing Lync 2013 • Load Balancing Front End/Director Pools

  5. Load Balancing Lync 2013 • Load Balancing Front End/Director Pools • Microsoft recommended method • Use DNS Load Balancing for SIP traffic • Configure Web services override FQDN for internal web services • Load balance TCP port 80, 8080, 443 and 4443 • Also Load balance TCP port 444 if Director is deployed

  6. Load Balancing Lync 2013 • Load Balancing Front End/Director Pools • Source IP Persistence can be used, but should you? • Clients from behind NAT device shows up as single IP • Can result in uneven connection distribution • Health check on TCP port 5061, or use hardware load balancer monitoring port from topology if defined • Alternatively check /meet/blank.html instead of 5061 to ensure IIS is working

  7. Load Balancing Lync 2013 • Load Balancing Front End/Director Pools • There is no negative impact if you use cookie • If you use cookie, it must be named MS-WSMAN • Must not expire • Must not be marked httpOnly • Turn off cookie optimization • Use 20 minute TCP session timeout • Use 1800 seconds TCP idle timeout

  8. Load Balancing Lync 2013 • Load Balancing Front End/Director Pools • Load balancer only configuration, DNS RR not used for SIP • Load balance the following ports (all TCP) • 5061, 444, 135, 80, 8080, 443, 4443, 448, 5070-5073, 5075-5076, 5080 • Hardware Load Balancer Ports if Using Only Hardware Load Balancing - http://bit.ly/1185Yvq

  9. Load Balancing Lync 2013 • Load Balancing Mediation Pools • DNS only load balancing is sufficient • If using load balancer instead of DNS, load balance only TCP 5070

  10. Load Balancing Lync 2013 • Load Balancing Edge Pools

  11. Load Balancing Lync 2013 • Load Balancing Edge Pools using DNS • Loss of failover in following scenarios • Federation with organizations running OCS versions older than Lync 2010 • PIM connectivity with Skype, Windows Live, AOL, Yahoo! and XMPP partners • UM Play on Phone functionality • Transferring calls from UM Auto Attendant

  12. Load Balancing Lync 2013 • Load Balancing Edge Pools using Load Balancer • External Interfaces • Access Edge Interface • Source NAT can be used • SIP (External Client) – TCP 443 • SIP (Federation/PIM) – TCP 5061 • XMPP –TCP 5269 • Web Conferencing Interface • Source NAT can be used • PSOM – 443 • AV Edge Interface • NAT can’t be used here • STUN/MSTURN – TCP 443 • STUN/MSTURN – UDP 3478

  13. Load Balancing Lync 2013 • Load Balancing Edge Pools using Load Balancer • External Interfaces • Use Access VIP as default gateway on all Edge interfaces • AV Edge Interface considerations • Turn off TCP nagling for both internal and external TCP 443 VIP • Turn off TCP nagling for external port range 50000 - 59,999 • Must use publicly routable IP with no NAT or port translation

  14. Load Balancing Lync 2013 • Load Balancing Edge Pools using Load Balancer • Internal Interfaces • Access SIP – TCP 5061 • Used by Directors, FE Pools • AV Authentication SIP – TCP 5062 • Any FE Pool and SBA • AV Media Transfer – UDP 3478 • Preferred path for A/V media transfer • AV Media Transfer – TCP 443 • Fallback path for A/V media transfer • File Transfer • Desktop Sharing

  15. Load Balancing Lync 2013 • Reverse Proxy

  16. Reverse Proxy – What is It • Device deployed between clients and servers, usually in the DMZ and interacts with servers and services on behalf of the client • Commonly used to provide load balancing for availability and scalability • Terminates TCP traffic • Protects internal HTTP servers by providing a single point of access to the internal network • Full reverse proxies provide advanced Layer 7 features such as SSL acceleration, traffic management, intrusion prevention, content acceleration, etc. • More than NAT = Load Balancer Reverse Proxy

  17. Load Balancing Lync 2013 • Reverse Proxy – a separate VIP on Load Balancer • Load balance port 80 and 443 • Translate to server ports 8080 and 4443 • Can not use pre-authentication • No persistence is required • Use 20 minute TCP session timeout • Use 1800 seconds TCP idle timeout • Health check on port 5061, or use hardware load balancer monitoring port from topology if defined • Alternatively check /meet/blank.html instead of 5061 to ensure IIS is working

  18. Hardware Load Balancing - Edge • Requires N+1 Public IP addresses • Reference - http://bit.ly/164jI3m & http://bit.ly/13Hgsaw

  19. Load Balancing Lync 2013 • Load Balancing Office Web Apps Servers • Load balance port TCP/443 • Enable and Reencrypt SSL • Use Source IP for persistence with 30 minute timeout, use other methods if NAT or concentrators are involved • Use 1800 seconds Idle timeout • Perform healthcheck on /hosting/discovery, using HTTP GET

  20. DNS or Hardware?

  21. Best Practices -Create an independent virtual service for each edge service (access/webconf/AV) -User cookie-based persistence for external Lync web services and source-address persistence for internal Lync web services -Cookie-based persistence required for Lync Mobility services - Marked http Only, named MS-WSMAN and no expiration -Always use a HLB if HA for XMPP/PIC/legacy Federation is important -Edge internal interface must be on different network than Edge external interface with routing between them disabled -Edge Server External interface running A/V must use routable IP – no NAT/PAT -Use same load balancing method for internal/external Edge interfaces -Don’t leave timeout at default: TCP idle timeout should be set to 1800 sec -Turn off TCP Nagling for AV Edge ports 50k-59,999 and internal/external 443 -Use SNAT for general services, DNAT for AV Edge -Ensure load balancer and Lync failover scenarios are tested… BEFORE you need it -Avoid using DSR – not supported

  22. Thank You!

More Related