Walkthrough: Installing and Configuring Load Balancers for Edge Servers
Topic Last Modified: 2009-11-08
Now that the Front End Servers are functioning correctly, the next step is to install and configure your load balancer. First, confirm that your Load Balancer meets the requirements for Office Communications Server Load Balancers. For details, see Load Balancers for Office Communications Server 2007 R2 in the Technical Reference for Office Communications Server 2007 R2. Next, identify the load balancer network topology used in your environment:
- One-armed topology. In this topology, the Office Communications Server Edge Servers and load balancers all reside on the same single network. The load balancer has a single arm, connected to this network.
- Two-armed (routed) topology. In this topology, the Office Communications Server Edge Servers and clients reside on a separate network from the internal and external perimeter networks. The load balancers have two arms: one connected to the private networks and the other connected to the perimeter network.
The mechanism to configure the load balancer varies by manufacturer, but the core steps in the following section are required no matter which model you use.
Connect and Configure Reverse Proxy Load Balancer
If your environment uses a one-armed topology, connect the load balancer to the perimeter external network and configure a virtual IP (VIP). This static IP address is used by Office Communications Server clients on the Internet to access the Office Communications Server Web components. In our sample one-armed topology, 128.95.0.20 is the VIP.
If your environment uses a two-armed topology, the load balancer should already be connected to the perimeter external network and the proxy external network. Configure a VIP on the perimeter external network and assign an IP address on the proxy external network. In our sample two-armed topology, these would be 128.95.0.20 and 128.95.2.20, respectively.
After you create the VIPs, configure them to point to the newly created reverse proxy servers. In our sample topology, the 128.95.0.20 VIP would be configured to use 128.95.2.21 and 128.95.2.22. In addition to pointing to the IP addresses of the Front End Servers, you need to enable a number of additional settings in the VIP configuration to ensure proper operation.
- Ensure that the VIP supports the following Transmission Control Protocol (TCP) port: 443.
- Configure the VIP to use a weighted least connections algorithm in choosing how to load balance incoming connection requests against the server array.
- Configure the VIP with a heart beat monitor which polls each reverse proxy server on port 443. This enables the load balancer to detect when one of the reverse proxy servers goes down and take that server out of the array.
- Configure the VIP to use Destination Network Address Translation (DNAT) mode. This means the load balancer uses the destination IP address of the client as the source IP when sending the connection to one of the reverse proxy servers.
Connect and Configure External Edge Load Balancer
If your environment uses a one-armed topology, connect the load balancer to the perimeter external network and configure the appropriate VIPs. These static IP addresses are used by Office Communications Server clients on the Internet to access the Edge Server. In our sample one-armed topology, the VIPs would be 128.95.0.40, 128.95.0.50, and 128.95.0.60.
If your environment uses a two-armed topology, the load balancer should already be connected to the perimeter external network and the edge external network. Configure the VIPs on the perimeter external network and assign an IP address on the edge external network. In our sample two-armed topology, these would be 128.95.0.40, 128.95.0.50, 128.95.0.60, and 128.95.1.1 respectively.
After you create the VIPs, configure them to point to the newly created Edge Servers. In our sample topology, the 128.95.0.40 Access Edge Server VIP would be configured to use 128.95.1.41 and 128.95.1.42. The 128.95.0.50 Web Conferencing Edge Server VIP would be configured to use 128.95.1.51 and 128.95.1.52. The 128.95.0.60 A/V Edge Server VIP would be configured to use 128.95.1.61 and 128.95.1.62. In addition to pointing to the IP addresses of the Edge Servers, you need to enable a number of additional settings in the VIP configuration to ensure proper operation.
- Configure the Access Edge Server VIP so that it supports the following TCP ports: 5061, 443.
- Configure the Web Conferencing Edge Server VIP so that it supports the following TCP ports: 443.
- Configure the A/V Edge Server VIP so that it supports the following ports: TCP 443 and UDP 3478.
- Configure the VIPs to use a TCP idle timeout of 30 minutes.
- Configure the VIPs with a heart beat monitor that polls each of the three Edge Server roles on port 443. This enables the load balancer to detect when one of the Edge services goes down and take that server out of the array.
- Configure the VIPs to use Destination Network Address Translation (DNAT) mode for incoming connections and Source Network Address Translation (SNAT) for outgoing connections.
Connect and Configure Internal Edge Load Balancer
If your environment uses a one-armed topology, connect the load balancer to the perimeter internal network and configure the appropriate VIP. This static IP address is used by Office Communications Server system on the corporate network to access the Edge Server. In our sample one-armed topology, the VIP would be 172.24.0.40.
If your environment uses a two-armed topology, the load balancer should already be connected to the perimeter internal network and the edge internal network. Configure the VIP on the perimeter internal network and assign an IP address on the edge internal network. In our sample two-armed topology, these would be 172.24.0.40 and 172.24.1.1, respectively.
After you create the VIPs, configure them to point to the newly created Edge Servers. In our sample topology, the 172.24.0.40 Internal Edge Server VIP would be configured to use 172.24.1.41 and 172.24.1.42. In addition to pointing to the IP addresses of the Edge Servers, you need to enable a number of additional settings in the VIP configuration to ensure proper operation.
- Ensure that the Access Edge Server VIP supports the following TCP ports: 443, 5061, 5062, and UDP port 3478.
- Configure the VIPs to use a TCP idle timeout of 30 minutes.
- Configure the VIPs with a heart beat monitor that polls each of the three Edge Server roles on ports 443 and 5061. This enables the load balancer to detect when one of the Edge services goes down and take that server out of the array.
- Configure the VIPs to use Destination Network Address Translation (DNAT) mode for connections going into the Edge Server and Source Network Address Translation (SNAT) for connections going out of the Edge Server.