SlideShare uma empresa Scribd logo
1 de 24
Baixar para ler offline
Deliver Secure, Highly
Available Microsoft
Applications with 3 Key
Load Balancer Services
Alex
Lewis
!
Principal Consultant
and VP at Modality
Systems and Author
of Lync 2010/2013
Unleashed
!
Lync MVP

Jon
Braunhut
!
Chief Scientist at
KEMP Technologies
Bhargav
Shukla
!
Director of Product
Research and
Innovation at KEMP
Technologies
!
Exchange MVP
Exchange 2013
Load Balancing
Exchange 2013
Reverse Proxy
and KEMP Edge
Security Pack
Q&A
Lync 2013 Web
Services… and
other Services
Load Balancing
Lync 2013
Reverse Proxy
Office Web
Apps
Publishing
Agenda
Why Load Balance Lync?
Even with DNS LB, web services must be load
balanced using an external load balancer
Often simplifies PBX integration with
multiple mediation servers
External applications often don’t understand
DNS LB or treat it as DNS RR
HA for Lync edge services including legacy,
PIC and XMPP federation
1
2
3
4
Load Balancer Requirements
Role
High 

Availability
Load

Balancer
DNS

Balancing
Standard edition
server
Not available N/A N/A
Enterprise edition
front end server
Deploy multiple server in a pool and use load
balancing
Yes Yes
Back end server
SQL server uses windows clustering for high
availability
No No
A/V conferencing
server
Deploy multiple servers in a pool. Load balancing
not required
N/A N/A
Edge Server
Deploy multiple servers in a pool and use load
balancing
Yes Yes
Mediation server
Deploy multiple servers in a pool and use load
balancing
Yes Yes
Monitoring
Standby server (MSMQ) on the front-end queues
messages in the event of a failure
No No
Archiving
Standby server (MSMQ) on the front-end queues
messages in the event of a failure
No No
Director
Deploy multiple servers in a pool and use load
balancing
Yes Yes
File sever Use Windows cluster or distributed file system Yes Yes
Basic HTTPS Load
Balancing
No more cookie
insertion for mobile!
Lync 2013 Web Services
Be sure to turn on
HTTP->HTTPS
Redirection
Separate Virtual IPs
for Internal &
External Web
Services
Create a virtual service
on port 443 for Lync
Edge External
Conferencing
Set HTTP 302 Redirect
with redirect URL set to
https://%h%s
In the virtual service status menu you will see “Redirect”



HTTP to HTTPS Redirection
Load Balancing Mediation Pools
Required for most ITSPs for direct connectivity
without an SBC
Required for IP PBXs that don’t support
DNS-LB – and that’s almost all of them
Ensure equal load balancing
Easier maintenance and testing
1
2
3
4
SNAT Load Balancing (Full-
NAT) for gateway/PBX side
of Mediation Server Pool
Use if Gateway doesn’t
support DNS LB to simplify
Gateway/PBX configuration
Best Practices for LB Mediation
Lync	
  2013	
  Mobile	
  
Client
Windows	
  8	
  Lync	
  App
Lync	
  2013	
  Desktop	
  client
Load	
  Balancer
Internet DMZ Internal	
  Network
Active	
  
Directory
Lync	
  2013	
  Mobile	
  
Client Lync	
  2013	
  Desktop	
  client
Lync	
  Front-­‐End	
  
Pool
Mirrored	
  Back-­‐End	
  
Servers
Office	
  Web	
  
Apps	
  Server
Load	
  Balancer
Lync	
  Edge	
  
Pool
Reverse	
  
Proxy
Lync 2013 Reverse Proxy
Device deployed between clients and servers, usually in the DMZ,
and interacts with servers and services on behalf of the client
Commonly used to provide load balancing for availability

and scalability
Terminates TCP traffic
Protects internal HTTP servers by providing a single point of
access to the internal network
Full reverse proxies provide advanced Layer 7 features such as
SSL acceleration, traffic management, intrusion prevention,
content acceleration, etc.
More than NAT
Reverse Proxy – What is it?
1
2
3
4
5
6
Reverse Proxy – What is it?
="
Load balance port 80 and 443
Translate to server ports 8080 and 4443
Can not use pre-authentication
No persistence is required
Alternatively check /meet/blank.html instead of 5061 to
ensure IIS is working
Use 20 minute TCP session timeout
Use 1800 seconds TCP idle timeout
Health check on port 5061, or use hardware load balancer
monitoring port from topology if defined
Lync 2013 Web Services Reverse Proxy
1
2
3
4
5
6
7
8
Enable and Reencrypt SSL
Load balance port TCP/443
Office Web Apps Publishing
Use Source IP for persistence with 30 minute
timeout, use other methods if NAT or
concentrators are involved
Perform healthcheck on /hosting/discovery,
using HTTP GET
1
Use 1800 seconds Idle timeout
2
3
4
5
• CAS Array is no more!
• Client Access is stateless proxy
• Load balancing requirements are simplified
• SSL Termination at load balancer isn’t required
• Session affinity isn’t required enabling even
distribution of connections
• Service Pack 1
• SSL Offloading is now possible
• MAPI/HTTP is new transport mechanism
What’s new in Exchange 2013
Exchange 2013
Publishing/Load
Balancing/Security
• Provide high availability for client
connections
• Pre-authenticate external clients
• Layered security with vDir filtering
and IP filtering
• Single Sign-on with other applications
(i.e. SharePoint)
• Relay SMTP for external apps w/
domain filtering
• Content switching for publishing on
shared public IP address
Managed Availability
• Monitors end user Experience
• Provides health state of Exchange components
• Each component has dynamic healthcheck.htm
Load Balancing at Layer 4
• No SSL termination on Load Balancer
• No advanced configuration (i.e. cookie affinity)
Load Balancing at Layer 7
• More advanced configuration
• Requires SSL termination at Load Balancer
• More granular health checks with single namespace
• Granular control over failures
Load Balancing in Exchange 2013
DMZ Internal Network
Edge Security and Reverse

Proxy for Exchange
Load Balancer /

Reverse Proxy
Exchange CAS
Exchange CAS
Exchange CAS
Recap of Key Load Balancer Services
Awareness

(Application &
Resource)
Reverse Proxy
Replacement
Security
Services
About Kemp
KEMP Designs & Develops Load
Balancer and ADC Software
Enabling our customers to achieve
optimal application performance w/:
• High Availability
• Scalability
• Acceleration
• Security
KEMP – Fastest Growing ADC
Vendor, #3 WW Units Shipped
Cloud ADCs Bare Metal ADCs Virtual ADC Appliances ADC H/W Appliances
Price/Performance leader with ubiquitous
platform deployments :
• 20,000+ WW customer deployments
• Microsoft Gold Certified Partner –
Messaging and Communications
• Pricing starts at $1,990
• Free Trial - http://bit.ly/KEMPWebinar
(case sensitive)
More info on KEMP at

http://www.KEMPTechnologies.com
!
Follow KEMP at:
@KEMPtech


More on Modality Systems at

http://www.modalitysystems.com 

alex.lewis@modalitysystems.com
@modalitysystems
@alexlewis
Watch our other webinars here:

http://kemptechnologies.com/en/load-
balancing-webinars-and-videos

Mais conteúdo relacionado

Mais procurados

Making your API behave like a big boy
Making your API behave like a big boyMaking your API behave like a big boy
Making your API behave like a big boy
Andrew Siemer
 
APIs and Services: One Platform or Two?
APIs and Services: One Platform or Two?APIs and Services: One Platform or Two?
APIs and Services: One Platform or Two?
Akana
 

Mais procurados (20)

So you think you can scale
So you think you can scaleSo you think you can scale
So you think you can scale
 
What's New with Anypoint Platform? Unified Platform Management
What's New with Anypoint Platform? Unified Platform ManagementWhat's New with Anypoint Platform? Unified Platform Management
What's New with Anypoint Platform? Unified Platform Management
 
Making your API behave like a big boy
Making your API behave like a big boyMaking your API behave like a big boy
Making your API behave like a big boy
 
Choosing The Right ESB
Choosing The Right ESBChoosing The Right ESB
Choosing The Right ESB
 
Api gateway : To be or not to be
Api gateway : To be or not to beApi gateway : To be or not to be
Api gateway : To be or not to be
 
Overview of azure microservices and the impact on integration
Overview of azure microservices and the impact on integrationOverview of azure microservices and the impact on integration
Overview of azure microservices and the impact on integration
 
Architecting Reliability and Visibility into Integrations at Airbnb
Architecting Reliability and Visibility into Integrations at Airbnb Architecting Reliability and Visibility into Integrations at Airbnb
Architecting Reliability and Visibility into Integrations at Airbnb
 
EVOLVE'15 | Enhance | Loyola Baskar | Cisco - Multi-tenancy AEM Architectur...
EVOLVE'15 |  Enhance | Loyola Baskar | Cisco -  Multi-tenancy AEM Architectur...EVOLVE'15 |  Enhance | Loyola Baskar | Cisco -  Multi-tenancy AEM Architectur...
EVOLVE'15 | Enhance | Loyola Baskar | Cisco - Multi-tenancy AEM Architectur...
 
Microservices and the Cloud based future of integration final
Microservices and the Cloud based future of integration finalMicroservices and the Cloud based future of integration final
Microservices and the Cloud based future of integration final
 
Microservices
MicroservicesMicroservices
Microservices
 
Architectural Patterns for Scaling Microservices and APIs - GlueCon 2015
Architectural Patterns for Scaling Microservices and APIs - GlueCon 2015Architectural Patterns for Scaling Microservices and APIs - GlueCon 2015
Architectural Patterns for Scaling Microservices and APIs - GlueCon 2015
 
An Intro to AS4, the Successor of AS2
An Intro to AS4, the Successor of AS2An Intro to AS4, the Successor of AS2
An Intro to AS4, the Successor of AS2
 
APIs and Services: One Platform or Two?
APIs and Services: One Platform or Two?APIs and Services: One Platform or Two?
APIs and Services: One Platform or Two?
 
The Enterprise Service Bus is Dead! Long live the Enterprise Service Bus, Rim...
The Enterprise Service Bus is Dead! Long live the Enterprise Service Bus, Rim...The Enterprise Service Bus is Dead! Long live the Enterprise Service Bus, Rim...
The Enterprise Service Bus is Dead! Long live the Enterprise Service Bus, Rim...
 
Integrating Hybrid Cloud Database-as-a-Service with Cloud Foundry’s Service​ ...
Integrating Hybrid Cloud Database-as-a-Service with Cloud Foundry’s Service​ ...Integrating Hybrid Cloud Database-as-a-Service with Cloud Foundry’s Service​ ...
Integrating Hybrid Cloud Database-as-a-Service with Cloud Foundry’s Service​ ...
 
Migrating to mule 4 - Are you ready for This.
Migrating to mule 4 - Are you ready for This.Migrating to mule 4 - Are you ready for This.
Migrating to mule 4 - Are you ready for This.
 
Designing distributed, scalable and reliable systems using NServiceBus
Designing distributed, scalable and reliable systems using NServiceBusDesigning distributed, scalable and reliable systems using NServiceBus
Designing distributed, scalable and reliable systems using NServiceBus
 
Server Monitoring from the Cloud
Server Monitoring from the CloudServer Monitoring from the Cloud
Server Monitoring from the Cloud
 
Biztalk vs mulesoft
Biztalk vs mulesoft Biztalk vs mulesoft
Biztalk vs mulesoft
 
Mule sap connector
Mule sap connectorMule sap connector
Mule sap connector
 

Destaque

Destaque (8)

Simplifying Application Delivery Infrastructure in Azure for MSP's
Simplifying Application Delivery Infrastructure in Azure for MSP'sSimplifying Application Delivery Infrastructure in Azure for MSP's
Simplifying Application Delivery Infrastructure in Azure for MSP's
 
KEMP's Web Application Firewall Pack [Español]
KEMP's Web Application Firewall Pack [Español]KEMP's Web Application Firewall Pack [Español]
KEMP's Web Application Firewall Pack [Español]
 
O Web Application Firewall Pack da KEMP
O Web Application Firewall Pack da KEMPO Web Application Firewall Pack da KEMP
O Web Application Firewall Pack da KEMP
 
Extending availability in Office365 with ADFS and KEMP ADC
Extending availability in Office365 with ADFS and KEMP ADCExtending availability in Office365 with ADFS and KEMP ADC
Extending availability in Office365 with ADFS and KEMP ADC
 
Application Availability, Performance & Security for Hybrid Cloud
Application Availability, Performance & Security for Hybrid CloudApplication Availability, Performance & Security for Hybrid Cloud
Application Availability, Performance & Security for Hybrid Cloud
 
Criando uma nuvem híbrida com Agilidade e Rapidez Utilizando Controladores de...
Criando uma nuvem híbrida com Agilidade e Rapidez Utilizando Controladores de...Criando uma nuvem híbrida com Agilidade e Rapidez Utilizando Controladores de...
Criando uma nuvem híbrida com Agilidade e Rapidez Utilizando Controladores de...
 
What to expect with Microsoft Exchange 2016?
What to expect with Microsoft Exchange 2016?What to expect with Microsoft Exchange 2016?
What to expect with Microsoft Exchange 2016?
 
Advanced Load Balancer/Traffic Manager and App Gateway for Microsoft Azure
Advanced Load Balancer/Traffic Manager and App Gateway for Microsoft AzureAdvanced Load Balancer/Traffic Manager and App Gateway for Microsoft Azure
Advanced Load Balancer/Traffic Manager and App Gateway for Microsoft Azure
 

Semelhante a How to deliver secure,highly available Microsoft applications

Presentation network design and security for your v mware view deployment w...
Presentation   network design and security for your v mware view deployment w...Presentation   network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...
solarisyourep
 
Radware bringing mission and performance critical applications to cloud sta...
Radware   bringing mission and performance critical applications to cloud sta...Radware   bringing mission and performance critical applications to cloud sta...
Radware bringing mission and performance critical applications to cloud sta...
ShapeBlue
 

Semelhante a How to deliver secure,highly available Microsoft applications (20)

Lync Certificate Planning and Assignments
Lync Certificate Planning and Assignments Lync Certificate Planning and Assignments
Lync Certificate Planning and Assignments
 
Presentation network design and security for your v mware view deployment w...
Presentation   network design and security for your v mware view deployment w...Presentation   network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...
 
12-Factor Apps
12-Factor Apps12-Factor Apps
12-Factor Apps
 
ACE - Comcore
ACE - ComcoreACE - Comcore
ACE - Comcore
 
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
 
Deploying lync evaluating costs and complexities
Deploying lync evaluating costs and complexitiesDeploying lync evaluating costs and complexities
Deploying lync evaluating costs and complexities
 
APIs, STOP Polling, lets go Streaming
APIs, STOP Polling, lets go StreamingAPIs, STOP Polling, lets go Streaming
APIs, STOP Polling, lets go Streaming
 
Server Farms and XML Web Services
Server Farms and XML Web ServicesServer Farms and XML Web Services
Server Farms and XML Web Services
 
管理向云的迁移过程
管理向云的迁移过程管理向云的迁移过程
管理向云的迁移过程
 
Jeffrey Richter
Jeffrey RichterJeffrey Richter
Jeffrey Richter
 
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the EnterpriseAdobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
 
Solution guide -load balancing with the brocade server iron platform --micros...
Solution guide -load balancing with the brocade server iron platform --micros...Solution guide -load balancing with the brocade server iron platform --micros...
Solution guide -load balancing with the brocade server iron platform --micros...
 
Radware bringing mission and performance critical applications to cloud sta...
Radware   bringing mission and performance critical applications to cloud sta...Radware   bringing mission and performance critical applications to cloud sta...
Radware bringing mission and performance critical applications to cloud sta...
 
Deep Dive on Elastic Load Balancing
Deep Dive on Elastic Load BalancingDeep Dive on Elastic Load Balancing
Deep Dive on Elastic Load Balancing
 
Lync-Skype Connectivity
Lync-Skype ConnectivityLync-Skype Connectivity
Lync-Skype Connectivity
 
AME-1936 : Enterprise Messaging for Next-Generation Core Banking
AME-1936 : Enterprise Messaging for Next-Generation Core BankingAME-1936 : Enterprise Messaging for Next-Generation Core Banking
AME-1936 : Enterprise Messaging for Next-Generation Core Banking
 
Level 3 Hybrid WAN/SDN Defined
Level 3 Hybrid WAN/SDN DefinedLevel 3 Hybrid WAN/SDN Defined
Level 3 Hybrid WAN/SDN Defined
 
Level 3 hybrid wan
Level 3 hybrid wan Level 3 hybrid wan
Level 3 hybrid wan
 
Level 3 hybrid wan
Level 3 hybrid wanLevel 3 hybrid wan
Level 3 hybrid wan
 
Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...
Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...
Cloudflare Load Balancing for Monitoring Origin Server Health and Automatic F...
 

Mais de Kemp

Mais de Kemp (16)

State of Application Experience [AX] Report 2019
State of Application Experience [AX] Report 2019 State of Application Experience [AX] Report 2019
State of Application Experience [AX] Report 2019
 
Internet of Things, OWASP & WAF
Internet of Things, OWASP & WAF Internet of Things, OWASP & WAF
Internet of Things, OWASP & WAF
 
2019 CRN Channel Chiefs – Tim Quinn
2019 CRN Channel Chiefs – Tim Quinn 2019 CRN Channel Chiefs – Tim Quinn
2019 CRN Channel Chiefs – Tim Quinn
 
Cloud Hosting for Federal, State & Local Government with GovDataHosting
Cloud Hosting for Federal, State & Local Government with GovDataHostingCloud Hosting for Federal, State & Local Government with GovDataHosting
Cloud Hosting for Federal, State & Local Government with GovDataHosting
 
Dell EMC Elastic Cloud Storage - Kemp at Network Field Day, DellTechWorld
Dell EMC Elastic Cloud Storage - Kemp at Network Field Day, DellTechWorldDell EMC Elastic Cloud Storage - Kemp at Network Field Day, DellTechWorld
Dell EMC Elastic Cloud Storage - Kemp at Network Field Day, DellTechWorld
 
TCO Calculator for Load Balancers - Private, Public and Multicloud
TCO Calculator for Load Balancers - Private, Public and MulticloudTCO Calculator for Load Balancers - Private, Public and Multicloud
TCO Calculator for Load Balancers - Private, Public and Multicloud
 
Application Delivery Fabric for Next Gen Enterprise
Application Delivery Fabric for Next Gen EnterpriseApplication Delivery Fabric for Next Gen Enterprise
Application Delivery Fabric for Next Gen Enterprise
 
Load Balancing SSTP VPN with KEMP LoadMaster
Load Balancing SSTP VPN with KEMP LoadMasterLoad Balancing SSTP VPN with KEMP LoadMaster
Load Balancing SSTP VPN with KEMP LoadMaster
 
Redundancy and Failover with Always-on-VPN and KEMP GSLB
Redundancy and Failover with Always-on-VPN and KEMP GSLBRedundancy and Failover with Always-on-VPN and KEMP GSLB
Redundancy and Failover with Always-on-VPN and KEMP GSLB
 
Advanced Application Monitoring and Management in Microsoft Azure with KEMP360
Advanced Application Monitoring and Management in Microsoft Azure with KEMP360Advanced Application Monitoring and Management in Microsoft Azure with KEMP360
Advanced Application Monitoring and Management in Microsoft Azure with KEMP360
 
Load Balancers vs IIS ARR or a Web Application Proxy (WA) for HA
Load Balancers vs IIS ARR or a Web Application Proxy (WA) for HALoad Balancers vs IIS ARR or a Web Application Proxy (WA) for HA
Load Balancers vs IIS ARR or a Web Application Proxy (WA) for HA
 
Soluciones de nube híbrida con KEMP LoadMaster y Microsoft Azure
Soluciones de nube híbrida con KEMP LoadMaster y Microsoft AzureSoluciones de nube híbrida con KEMP LoadMaster y Microsoft Azure
Soluciones de nube híbrida con KEMP LoadMaster y Microsoft Azure
 
KEMP's Web Application Firewall Pack
KEMP's Web Application Firewall PackKEMP's Web Application Firewall Pack
KEMP's Web Application Firewall Pack
 
Introducing Jeff Fisher, VP of Strategic Alliances
Introducing Jeff Fisher, VP of Strategic AlliancesIntroducing Jeff Fisher, VP of Strategic Alliances
Introducing Jeff Fisher, VP of Strategic Alliances
 
Designing an Application-Centric Network for the $1.9t Internet of Things
Designing an Application-Centric Network for the $1.9t Internet of ThingsDesigning an Application-Centric Network for the $1.9t Internet of Things
Designing an Application-Centric Network for the $1.9t Internet of Things
 
The consumption of e-mail, video and data
The consumption of e-mail, video and data The consumption of e-mail, video and data
The consumption of e-mail, video and data
 

Último

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 

Último (20)

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 

How to deliver secure,highly available Microsoft applications

  • 1. Deliver Secure, Highly Available Microsoft Applications with 3 Key Load Balancer Services
  • 2. Alex Lewis ! Principal Consultant and VP at Modality Systems and Author of Lync 2010/2013 Unleashed ! Lync MVP
 Jon Braunhut ! Chief Scientist at KEMP Technologies Bhargav Shukla ! Director of Product Research and Innovation at KEMP Technologies ! Exchange MVP
  • 3. Exchange 2013 Load Balancing Exchange 2013 Reverse Proxy and KEMP Edge Security Pack Q&A Lync 2013 Web Services… and other Services Load Balancing Lync 2013 Reverse Proxy Office Web Apps Publishing Agenda
  • 5. Even with DNS LB, web services must be load balanced using an external load balancer Often simplifies PBX integration with multiple mediation servers External applications often don’t understand DNS LB or treat it as DNS RR HA for Lync edge services including legacy, PIC and XMPP federation 1 2 3 4
  • 7. Role High 
 Availability Load
 Balancer DNS
 Balancing Standard edition server Not available N/A N/A Enterprise edition front end server Deploy multiple server in a pool and use load balancing Yes Yes Back end server SQL server uses windows clustering for high availability No No A/V conferencing server Deploy multiple servers in a pool. Load balancing not required N/A N/A Edge Server Deploy multiple servers in a pool and use load balancing Yes Yes Mediation server Deploy multiple servers in a pool and use load balancing Yes Yes Monitoring Standby server (MSMQ) on the front-end queues messages in the event of a failure No No Archiving Standby server (MSMQ) on the front-end queues messages in the event of a failure No No Director Deploy multiple servers in a pool and use load balancing Yes Yes File sever Use Windows cluster or distributed file system Yes Yes
  • 8. Basic HTTPS Load Balancing No more cookie insertion for mobile! Lync 2013 Web Services Be sure to turn on HTTP->HTTPS Redirection Separate Virtual IPs for Internal & External Web Services
  • 9. Create a virtual service on port 443 for Lync Edge External Conferencing Set HTTP 302 Redirect with redirect URL set to https://%h%s In the virtual service status menu you will see “Redirect”
 
 HTTP to HTTPS Redirection
  • 10. Load Balancing Mediation Pools Required for most ITSPs for direct connectivity without an SBC Required for IP PBXs that don’t support DNS-LB – and that’s almost all of them Ensure equal load balancing Easier maintenance and testing 1 2 3 4
  • 11. SNAT Load Balancing (Full- NAT) for gateway/PBX side of Mediation Server Pool Use if Gateway doesn’t support DNS LB to simplify Gateway/PBX configuration Best Practices for LB Mediation
  • 12. Lync  2013  Mobile   Client Windows  8  Lync  App Lync  2013  Desktop  client Load  Balancer Internet DMZ Internal  Network Active   Directory Lync  2013  Mobile   Client Lync  2013  Desktop  client Lync  Front-­‐End   Pool Mirrored  Back-­‐End   Servers Office  Web   Apps  Server Load  Balancer Lync  Edge   Pool Reverse   Proxy Lync 2013 Reverse Proxy
  • 13. Device deployed between clients and servers, usually in the DMZ, and interacts with servers and services on behalf of the client Commonly used to provide load balancing for availability
 and scalability Terminates TCP traffic Protects internal HTTP servers by providing a single point of access to the internal network Full reverse proxies provide advanced Layer 7 features such as SSL acceleration, traffic management, intrusion prevention, content acceleration, etc. More than NAT Reverse Proxy – What is it? 1 2 3 4 5 6
  • 14. Reverse Proxy – What is it? ="
  • 15. Load balance port 80 and 443 Translate to server ports 8080 and 4443 Can not use pre-authentication No persistence is required Alternatively check /meet/blank.html instead of 5061 to ensure IIS is working Use 20 minute TCP session timeout Use 1800 seconds TCP idle timeout Health check on port 5061, or use hardware load balancer monitoring port from topology if defined Lync 2013 Web Services Reverse Proxy 1 2 3 4 5 6 7 8
  • 16. Enable and Reencrypt SSL Load balance port TCP/443 Office Web Apps Publishing Use Source IP for persistence with 30 minute timeout, use other methods if NAT or concentrators are involved Perform healthcheck on /hosting/discovery, using HTTP GET 1 Use 1800 seconds Idle timeout 2 3 4 5
  • 17. • CAS Array is no more! • Client Access is stateless proxy • Load balancing requirements are simplified • SSL Termination at load balancer isn’t required • Session affinity isn’t required enabling even distribution of connections • Service Pack 1 • SSL Offloading is now possible • MAPI/HTTP is new transport mechanism What’s new in Exchange 2013
  • 18. Exchange 2013 Publishing/Load Balancing/Security • Provide high availability for client connections • Pre-authenticate external clients • Layered security with vDir filtering and IP filtering • Single Sign-on with other applications (i.e. SharePoint) • Relay SMTP for external apps w/ domain filtering • Content switching for publishing on shared public IP address
  • 19. Managed Availability • Monitors end user Experience • Provides health state of Exchange components • Each component has dynamic healthcheck.htm Load Balancing at Layer 4 • No SSL termination on Load Balancer • No advanced configuration (i.e. cookie affinity) Load Balancing at Layer 7 • More advanced configuration • Requires SSL termination at Load Balancer • More granular health checks with single namespace • Granular control over failures Load Balancing in Exchange 2013
  • 20. DMZ Internal Network Edge Security and Reverse
 Proxy for Exchange Load Balancer /
 Reverse Proxy Exchange CAS Exchange CAS Exchange CAS
  • 21. Recap of Key Load Balancer Services Awareness
 (Application & Resource) Reverse Proxy Replacement Security Services
  • 22. About Kemp KEMP Designs & Develops Load Balancer and ADC Software Enabling our customers to achieve optimal application performance w/: • High Availability • Scalability • Acceleration • Security KEMP – Fastest Growing ADC Vendor, #3 WW Units Shipped Cloud ADCs Bare Metal ADCs Virtual ADC Appliances ADC H/W Appliances Price/Performance leader with ubiquitous platform deployments : • 20,000+ WW customer deployments • Microsoft Gold Certified Partner – Messaging and Communications • Pricing starts at $1,990 • Free Trial - http://bit.ly/KEMPWebinar (case sensitive)
  • 23. More info on KEMP at
 http://www.KEMPTechnologies.com ! Follow KEMP at: @KEMPtech 
 More on Modality Systems at
 http://www.modalitysystems.com 
 alex.lewis@modalitysystems.com @modalitysystems @alexlewis
  • 24. Watch our other webinars here:
 http://kemptechnologies.com/en/load- balancing-webinars-and-videos