Microsoft Exchange 2013 Load Balancing with HAProxy

Microsoft Exchange 2013 Load Balancing With HAProxy

December 17th, 2012

6 min read

I’ll introduce exchange from a load-balancing point of view. Exchange is the name of Microsoft software that provides a business-class mail/calendar/contact platform. It’s an old software, starting with version 4.0 back in 1996. Each new version of the Exchange Server brings in new features, both expanding the Exchange perimeter and making it easier to deploy and administrate.

Exchange 2007

Introduction of Outlook Anywhere, AKA RPC over HTTP: allows remote users to get connected on Exchange 2007 platform using HTTPS protocol.

Exchange 2010

For example, Exchange 2010 introduced CAS arrays, making client-side services high-available and scalable. DAG also brings a mail database with high availability. All the client access services required persistence: a user must stick to a single CAS server. Exchange 2010 introduced as well a “layer” between the MAPI RPC clients and the mailbox servers (through the CAS servers), making the failover of a database transparent.

Exchange 2013

Exchange 2013 improved again the changes brought by Exchange 2010: the CAS servers are now stateless and independent from each other (no arrays anymore): and no persistence is required anymore. In exchange 2013, raw TCP MAPI RPC services have disappeared and have definitively been replaced by Outlook Anywhere (RPC over HTTP).
Last but not least, SSL offloading does not seem to be allowed for now.

Load Balancing Microsoft Exchange 2013

First of all, I’m pleased to announce that HAProxy and the ALOHA load balancer are both able to load-balance Exchange 2013 (as well as 2010).

Exchange 2013 Services

As explained in the introduction, the table below summarizes the TCP ports and services involved in an Exchange 2013 platform:

TCP Port	Protocol	CAS Service name (abbreviation)
443	HTTPS	– Autodiscover (AS) – Exchange ActiveSync (EAS) – Exchange Control Panel (ECP) – Offline Address Book (OAB) – Outlook Anywhere (OA) – Outlook Web App (OWA)
110 and 995	POP3 / POP3s	POP3
143 and 993	IMAP4 / IMAP4s	IMAP4

Diagram

There are two main types of architecture doable:

All the services are hosted on a single hostname
Each service owns its own hostname

Exchange 2013 and the single hostname diagram

Exchange 2013 and the multiple hostname diagram

Configuration

There are two types of configuration with the ALOHA:

Layer 4 mode: the LB act as a router, infrastructure intrusive, ability to manage millions of connections.
Layer 7 mode: the LB act as a reverse proxy, non-intrusive implementation (source NAT), ability to manage thousands of connections, perform SSL offloading, DDoS protection, advanced persistence, etc…

The present article describes tlayer 7 configuration, even if we’re going to use it at layer 4 (mode tcp).

Note that it’s up to you to update your DNS configuration to make the hostname point to your Load-Balancer service Virtual IP.

Template:
Use the configuration below as templates and just change the IP addresses:

bind line to your client facing service IPs
server line IPs to match your CAS servers (and add as many line as you need)

Once updated, just copy/paste the whole configuration, including the default section to the bottom of your ALOHA Layer 7 configuration.

Load Balancing Exchange 2013 services hosted on a single hostname

######## Default values for all entries till next defaults section
defaults
  option  dontlognull             # Do not log connections with no requests
  option  redispatch              # Try another server in case of connection failure
  option  contstats               # Enable continuous traffic statistics updates
  retries 3                       # Try to connect up to 3 times in case of failure 
  timeout connect 5s              # 5 seconds max to connect or to stay in queue
  timeout http-keep-alive 1s      # 1 second max for the client to post next request
  timeout http-request 15s        # 15 seconds max for the client to send a request
  timeout queue 30s               # 30 seconds max queued on load balancer
  timeout tarpit 1m               # tarpit hold tim
  backlog 10000                   # Size of SYN backlog queue

  balance roundrobin                      #alctl: load balancing algorithm
  mode tcp                                #alctl: protocol analyser
  option tcplog                           #alctl: log format
  log global                              #alctl: log activation
  timeout client 300s                     #alctl: client inactivity timeout
  timeout server 300s                     #alctl: server inactivity timeout
  default-server inter 3s rise 2 fall 3   #alctl: default check parameters

frontend ft_exchange_tcp
  bind 10.0.0.9:443 name https          #alctl: listener https configuration.
  maxconn 10000                         #alctl: connection max (depends on capacity)
  default_backend bk_exchange_tcp       #alctl: default farm to use

backend bk_exchange_tcp
  server cas1 10.0.0.15:443 maxconn 10000 check    #alctl: server cas1 configuration.
  server cas2 10.0.0.16:443 maxconn 10000 check    #alctl: server cas2 configuration.

And the result (LB Admin tab):

Virtual Service:

Server Farm:

Load Balancing Exchange 2013 services hosted on multiple hostnames

######## Default values for all entries till next defaults section
defaults
  option  dontlognull             # Do not log connections with no requests
  option  redispatch              # Try another server in case of connection failure
  option  contstats               # Enable continuous traffic statistics updates
  retries 3                       # Try to connect up to 3 times in case of failure 
  timeout connect 5s              # 5 seconds max to connect or to stay in queue
  timeout http-keep-alive 1s      # 1 second max for the client to post next request
  timeout http-request 15s        # 15 seconds max for the client to send a request
  timeout queue 30s               # 30 seconds max queued on load balancer
  timeout tarpit 1m               # tarpit hold tim
  backlog 10000                   # Size of SYN backlog queue

  balance roundrobin                      #alctl: load balancing algorithm
  mode tcp                                #alctl: protocol analyser
  option tcplog                           #alctl: log format
  log global                              #alctl: log activation
  timeout client 300s                     #alctl: client inactivity timeout
  timeout server 300s                     #alctl: server inactivity timeout
  default-server inter 3s rise 2 fall 3   #alctl: default check parameters

frontend ft_exchange_tcp
  bind 10.0.0.5:443  name as        #alctl: listener: autodiscover service
  bind 10.0.0.6:443  name eas       #alctl: listener: Exchange ActiveSync service
  bind 10.0.0.7:443  name ecp       #alctl: listener: Exchange Control Panel service
  bind 10.0.0.8:443  name ews       #alctl: listener: Exchange Web Service service
  bind 10.0.0.8:443  name oa        #alctl: listener: Outlook Anywhere service
  maxconn 10000                     #alctl: connection max (depends on capacity)
  default_backend bk_exchange_tcp   #alctl: default farm to use

backend bk_exchange_tcp
  server cas1 10.0.0.15:443 maxconn 10000 check   #alctl: server cas1 configuration.
  server cas2 10.0.0.16:443 maxconn 10000 check   #alctl: server cas2 configuration.

And the result (LB Admin tab):

Virtual Service:

Server Farm:

Conclusion

This is a very basic and straightforward configuration. We could make it much more complete and improve timeouts per service, better health checking, DDoS protection, etc…
I may write later articles about Exchange 2013 Load-Balancing with our products.

Subscribe to our blog. Get the latest release updates, tutorials, and deep-dives from HAProxy experts.