- Using HAProxy with MS Exchange 2010
- Using HAProxy with MS Remote Desktop
- Infrastructure Layouts Involving TLS
Using HAProxy with MS Exchange 2010
While MS Exchange 2010 provides services arrays to ensure high-availability, it lacks a load balancing mechanism to balance traffic across services hosted by Client Access Servers (CAS) and Edge Transport Servers.
Using the HAProxy load-balancer with MS Exchange 2010 brings the following benefits:
- Application aware health checks which provide the status of the service rather than a simple ping
- Granular persistence methods adapted to the Exchange service and client software and architecture
- SSL offloading to handle the SSL connection for CAS array servers so these can focus on their jobs
- Scale up: Expand an architecture vertically
- Scale out : Add more nodes to CAS array by splitting services on the load-balancer side and dedicating servers to services
You can use HAProxy with the following versions of Microsoft Exchange: 2010, 2010 SP1, 2010 SP2, 2010 SP3
MS Exchange 2010: A Quick Recap
Microsoft Exchange 2010 provides businesses with email, calendar, and contacts on PC, phone, and web.
In Microsoft Exchange 2010, you can dedicate roles to servers, and build redundant platforms with a load-balancer to allow clients to connect to services. It is also scalable.
There are 5 server roles: Mailbox, Client Access, Hub Transport, Unified Messaging, and Edge Transport Server.
HAProxy can balance services from Client Access, Hub Transport, and Edge Transport Server.
|Client Access||Front end servers where clients get connected to access their emails, contacts, and agenda|
|Edge Transport Server||Handles the internet facing mail flow, with security features (anti-virus and anti-spam)|
|Hub Transport||Exchange 2010 mail router within the organization|
|Mailbox||Servers hosting emails (in mailboxes) public folders|
Enables the ability to deliver fax and voice mail to Outlook 2010 clients
Disclaimer: The Exchange 2010 configuration tips in this section are for information only. For complete information about Microsoft Exchange 2010, refer to the Microsoft web site. This section does not show how to install and set up an Exchange 2010 cluster.
Exchange 2010 architecture
The diagram below shows how the different roles are used in a typical Exchange 2010 platform:
Client Access Services
The diagram below shows the services that the CAS host and the interactions with both Active Directory and mailbox server. It also shows the client type per service.
HAProxy stands between the clients and the CAS.
To do SMTP load-balancing, you can use either or a combination of the methods below:
- Using DNS: Set up two or more DNS MX (Mail eXchanger) entries, with each one pointing to an Exchange HUB server. An SMTP client would use first the MX record with the lowest preference, then try the next higher preference.
- Using a single MX entry pointing to the load-balancer. The load-balancer would balance requests between SMTP servers configured behind it.
Ports and protocols
The table below summarizes the different ports and protocol involved on the Client Access servers.
The static ports for both RPC Client Access and Address Book service are chosen randomly by default.
|TCP port||Protocol||CAS Service|
|80 and 443||HTTP / HTTPs||
|110 and 995||POP3 / POP3s||POP3|
|135||TCP||RPC EndPoint Mapper (EPM)|
|143 and 993||IMAP / IMAPs||IMAP4|
|60000||TCP||Static port for RPC Client Access Service|
|60001||TCP||Static port Address Book Service|
Affinity depends on the service. The table below summarizes the affinity requirements per service:
|Persistence required||Persistence recommended||No persistence required|
|Exchange Control Panel (ECP)||Address Book Service (AB)||AutoDiscover (AD)|
|Exchange Web Service (EWS)||Exchange ActiveSync (EAS)||Offline Address Book (OAB)|
|Outlook Web App (OWA)||Outlook Anywhere (OA)||POP3|
|RPC Client Access Service||Remote PowerShell||IMAP4|
Configuring MS Exchange 2010 for HAProxy
To ensure that your CAS array is compatible with the HAProxy load-balancer, follow the instructions provided by Microsoft.
You can also refer to these blogs for guidelines: