Exchange Server 2013 series 6: Overview of high availability of Client Access Server roles

The high availability of the Client Access Server role is often referred to as the Server Load balancer technology. The two main purposes of Server Load balancer are as follows: when a client access server in an active directory site fails, server Load balancer can reduce the impact of the fault. In addition, Server Load balancer ensures that the load distribution on each client access server is even.

Compared with earlier versions, the Exchange Server 2013 Server Load balancer system has changed, and exchange 2010 Protocol requirements are related, for example, Outlook running on a client computer, Microsoft Exchange ActiveSync running on a mobile device, Microsoft Office Outlook Web app, exchange web service, or other client applications. Relevance ensures that all requests from the client are sent to the same client to access the server. Therefore, a layer-7 Server Load balancer device, also known as the application layer Server Load balancer, needs to use complex rules to ensure that all requests of a client reach the same CAS role, if all the requests of a client cannot reach the same CAS role because of the relevant protocol, the user experience will be affected. That is, functions similar to identity authentication, proxy, redirection, client protocol, and API interfaces are applied to CAS and hub roles.

However, in exchange 2013, the Client Access Server role is a lightweight stateless proxy server, and the front-end client access server role is only responsible for identity authentication, proxy, and redirection, some other functions are assumed by the backend email server, so that the front-end CAS becomes very simple. That is to say, because all the mailbox processing is performed on the mailbox server, it does not matter which client access server in the client access server array receives the client request, acts as a proxy for the connection between the client and the mailbox server. The mailbox server processes all connections between the client and the active mailbox database. This change means that session relevance is no longer required at the Server Load balancer level. This allows the use of simple techniques provided by Server Load balancer technology (such as DNS round robin) to balance inbound connections to client access servers. It also allows the Hardware load balancing device to significantly support more concurrent connections.

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/1/382644_1404223019BJjZ.png "width =" 528 "Height =" 271 "/>

In this figure, we can see that the front-end only directs the corresponding protocol (proxy) to the backend for processing by the backend server.

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/1/382644_1404223019SqGc.png "width =" 666 "Height =" 291 "/>

High Availability solution for client access server role:

Exchange 2010 Protocol requires relevance, either using the Source IP-related Windows network load balancing technology or using hardware to balance the device,

Wnlb restrictions:

1. It cannot be used with the Dag server because NLB and Failover cluster cannot exist on one computer at the same time.

2. wnlb only supports Source IP relevance. When the source IP address pool is small, this is not an effective solution. This situation may occur when the source IP address pool is from a remote network subnet or an organization uses network address translation.

3. In terms of performance, we do not recommend more than 8 NLB nodes.

4. wnlb does not detect service interruptions. Wnlb only detects server interruptions by IP address. This means that if a specific web service (such as Outlook Web app) Fails but the server is still running, wnlb will not detect the fault, and still route the request to the client to access the server. Manual intervention is required to delete the interrupted client access server from the Server Load balancer pool.

The performance of the hardware Load Balancing Device is higher than that of wnlb. The hardware Load balancer supports high Communication Throughput and can be configured to balance the load in multiple ways. Most hardware Load balancer vendors have detailed documentation on how their products run along with exchange 2010. The simplest way to configure a hardware Server Load balancer is to create a list of the Server Load balancer rollback methods that will be applied. For example, the Server Load balancer first tries the cookie-based correlation, then tries the SSL session ID, and then tries the Source IP correlation.

PS: COOKIE: when a user browses a website, the cookie is recorded based on the text or some choices entered by the user. When a user accesses the service again next time, the server will first check whether there is any cookie information left by the user. If yes, the server will judge the user based on the content in the cookie. The cookie mechanism adopts the client-side persistence scheme, while the session mechanism adopts the server-side persistence scheme.

Using existing cookies or HTTP headers is the most reliable way to identify a client and associate it with a specific client access server. These cookies and HTTP headers are created by the client or server as part of the communication protocol. This option does not require the Server Load balancer to modify communications, which helps optimize performance. The second reliable way to associate a client session with the client access server is to use the cookie created by the Server Load balancer. The server Load balancer adds the HTTP cookie to the client/server protocol session, and then uses this cookie to determine which client should access the server to process incoming requests. The Load Balancing Based on the SSL session ID is more detailed than the content provided by the Source IP relevance, and enables you to split communications from different clients, even if these clients come from the same IP address. Another advantage of SSL session ID load balancing is that you can achieve Load Balancing without Decrypting SSL communication. When the client certificate is used for authentication and the SSL connection from the client to the server is terminated, this advantage plays a role. The most common method to provide relevance between the client and the client access server is to use source IP relevance. The server Load balancer checks the client's IP address and sends all communications from a specific source IP address to a specific client to access the server. This is the only correlation type supported by wnlb. The last correlation is non-relevance. When no correlation is used, each request from the client is randomly allocated to a client to access the server. We do not recommend this option for protocols that require relevance or relevance to help improve their performance. The following table compares some load balancing technologies:

650) This. width = 650; "Title =" image "style =" border-right-width: 0px; Background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; padding-Right: 0px; border-top-width: 0px; "Border =" 0 "alt =" image "src =" http://img1.51cto.com/attachment/201407/1/382644_1404223019KqlW.png "width =" 740 "Height =" 457 "/>

Exchange 2013 still supports the use of hardware Load balancer. Unlike exchange 2010, you do not need to configure session relevance for each Exchange Protocol. if conditions permit, we recommend that you use hardware devices, it can detect when a specific client accesses the server and delete it from a group of servers that want to process inbound connections. If there are no ready-made hardware devices in the enterprise, wnlb is also a good choice. To use wnlb, We need to tolerate some of its limitations.

This article is from the "du Fei" blog, please be sure to keep this source http://dufei.blog.51cto.com/382644/1433273