Presentation is loading. Please wait.

Presentation is loading. Please wait.

User CAS DAG For any given mailbox’s connectivity, the user is always served by the server that hosts the active database copy Each CAS determines.

Published byDora Barrett Modified over 8 years ago

Similar presentations

Presentation on theme: "User CAS DAG For any given mailbox’s connectivity, the user is always served by the server that hosts the active database copy Each CAS determines."— Presentation transcript:

1

2

3

4 User CAS DAG For any given mailbox’s connectivity, the user is always served by the server that hosts the active database copy Each CAS determines the right end point for the traffic, and so all sessions – regardless of where they started – end up in the same place MBX-BMBX-A Layer 4LB

5

6 MBX CAS Load balancer HTTP proxy IIS DB Protocol head Local proxy request SITE BOUNDARY MBX CAS Load balancer IIS HTTP proxy DB Protocol head OWA cross-site redirect requestCross-site proxy request SITE BOUNDARY MBX DB Protocol head HTTP

7

8

9 Clients autodiscover.contoso.com E2010 CAS E2010 MBX E2013 CAS E2013 MBX E2010 CAS E2010 MBX DNS Internet-facing siteIntranet site CAS 2010 handles request PROXY

10 Clients autodiscover.contoso.com E2007 CAS E2007 MBX E2013 CAS E2013 MBX E2007 CAS E2007 MBX DNS Internet-facing siteIntranet site MBX 2013 handles request PROXY MBX 2013 handles request PROXY

11 Outlook clients Internal LB namespace E2010 CAS E2010 MBX E2013 CAS E2013 MBX E2010 CAS E2010 MBX Internet-facing siteIntranet site CAS 2010 handles request PROXY The triangle (AD) Lookup SCP records in AD

12 Outlook clients Internal LB namespace E2007 CAS E2007 MBX E2013 CAS E2013 MBX E2007 CAS E2007 MBX Internet-facing siteIntranet site Still a triangle Lookup SCP records in AD MBX 2013 handles request PROXY

13

14

15 mail.contoso.com E2010/ E2007 MBX Internet-facing siteIntranet site E2010/E2007 CAS Enable OA Client Auth: Basic IIS Auth: Clients E2013 MBX E2013 CAS Enable OA Client Auth: Basic IIS Auth: Basic E2010/ E2007 MBX E2010/E2007 CAS Enable OA Client Auth: Basic IIS Auth: NTLM 1.Enable Outlook Anywhere On intranet 2007/2010 servers 2.Client settings Make 2007/2010 client settings the same as 2013 Server (in this case meaning OA hostname = mail.contoso.com and client auth = Basic) 3.IIS authentication methods Must include NTLM RPC/HTTP PROXY RPC PROXY NTLM RPC

16

17 mail.contoso.com LAYER 4 LB OWA E2010 MBX Internet-facing site E2010 CAS HTTP PROXY RPC E2013 MBX E2013 CAS Intranet site E2010 MBX E2010 CAS europe.mail.contoso.com LAYER 7 LB Auth 2013 logon page Same site proxy request HTTP PROXY Cross site proxy request RPC Auth 2010 logon page single sign on (sso) redirect!! new in CU2!

18 mail.contoso.com LAYER 4 LB OWA E2007 MBX Internet-facing site E2007 CAS RPC E2013 MBX E2013 CAS Intranet site E2007 MBX E2007 CAS europe.mail.contoso.com LAYER 7 LB Auth 2013 logon page Auth 2007 logon page HTTP PROXY RPC Auth 2010 logon page Legacy.mail.contoso.com LAYER 7 LB Single sign on (SSO) redirect!! New in CU2! Single sign on (SSO) redirect!! New in CU2!

19 mail.contoso.com LAYER 4 LB OWA E2010 MBX Internet-facing site E2010 CAS E2013 MBX E2013 CAS Intranet-facing site E2013 MBX E2013 CAS europe.mail.contoso.com LAYER 4 LB Auth 2013 logon page Single sign on (SSO) redirect!! New in CU2!

20 mail.contoso.com LAYER 4 LB OWA E2010 MBX Internet-facing site E2010 CAS E2013 MBX E2013 CAS Intranet-facing site E2013 MBX E2013 CAS mail.contoso.com LAYER 4 LB Auth 2013 logon page HTTP PROXY

21

22 mail.contoso.com LAYER 4 LB EAS E2010 MBX Internet-facing site E2010 CAS HTTP PROXY E2013 MBX E2013 CAS Intranet site E2010 MBX E2010 CAS europe.mail.contoso.com LAYER 7 LB Same site proxy request HTTP PROXY Cross site proxy request

23 mail.contoso.com LAYER 4 LB EAS Internet-facing site Intranet site E2007 MBX E2007 CAS europe.mail.contoso.com LAYER 7 LB legacy.mail.contoso.com LAYER 7 LB E2007 MBX E2007 CAS E2013 MBX E2013 CAS

24

25 mail.contoso.com LAYER 4 LB EWS E2010 MBX Internet-facing site E2010 CAS HTTP PROXY E2013 MBX E2013 CAS Intranet site E2010 MBX E2010 CAS europe.mail.contoso.com LAYER 7 LB Same site proxy request HTTP PROXY Cross site proxy request

26 E2007 MBX E2007 CAS E2013 MBX E2013 CAS mail.contoso.com LAYER 4 LB EWS Europe intranet-facing site E2007 MBX E2007 CAS europe.mail.contoso.com LAYER 7 LB legacy.mail.contoso.com LAYER 7 LB Internet-facing siteIntranet site

27

28

29

30

31

32

33 User CAS DAG MBX-BMBX-A Layer 4LB For any given mailbox’s connectivity, the user is always served by the server that hosts the active database copy. Each CAS determines the right end point for the traffic, and so all sessions – regardless of where they started – end up in the same place.

34 Layer 4LB User Client makes request to FQDN: /ews/Exchange.asmx on TCP 443 LB sees: IP address/Port No SSL Termination CAS LB forwards traffic to CAS with no idea of final URL So how do we pick a CAS when there are several, or determine the health of a CAS?

35 Layer 4LB UserCAS OWA ECP EWS EAS OAB AutoD mail.contoso.com autodiscover.contoso.co m If you can test the health of a Vdir on CAS to determine overall server health – which one(s) would you pick? RPC mail.contoso.com/rpc Result: At layer four – with one namespace – health is per server, NOT per protocol

36

37 Layer 7LB UserCAS OWA ECP EWS EAS OAB AutoD mail.contoso.com autodiscover.contoso.co m SSL Termination at Load Balancer reveals full URL RPC mail.contoso.com/rpc mail.contoso.com/owa Result: At layer seven – with one namespace – health is per protocol

38 Layer 4LB UserCAS OWA ECP EWS EAS OAB AutoD mail.contoso.com autodiscover.contoso.co m The destination IP implies the full URL RPC rpc.contoso.com owa.contoso.com Result: At layer four – with multiple namespaces – health is per protocol ews.contoso.com oab.contoso.com eas.contoso.com ecp.contoso.com

39 Functionality Simplicity Target Audience Trade-offs + Simple, fast, no affinity LB + Single, unified namespace + Minimal networking skillset - Per server availability + Simple, fast, no affinity LB + Per protocol availability - One namespace per protocol + Per protocol availability + Single, unified namespace - SSL termination @ LB - Requires increase networking skillset

40

41

42

43 Layer 4LB User Client makes request LB sees: IP address/port No SSL termination CAS LB forwards traffic to CAS Is this not a packet filtering device?

44

45

46

47

48

Download ppt "User CAS DAG For any given mailbox’s connectivity, the user is always served by the server that hosts the active database copy Each CAS determines."

Similar presentations

5 server roles Tightly-coupled in terms of versioning functionality user partitioning geo-affinity Previous Server Role Architecture Internal Network.

5 server roles Tightly-coupled in terms of versioning functionality user partitioning geo-affinity Previous Server Role Architecture Internal Network.
MEC 2014 4/5/2017 1:13 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

MEC /5/2017 1:13 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Load Balancer MDB HTTP Proxy IIS Client Access RPC CA Mailbox IIS RPS OWA, EAS, EWS, ECP, OAB POP, IMAP SMTPUM POP IMAP Transpo rt UM SMTP POP,

Load Balancer MDB HTTP Proxy IIS Client Access RPC CA Mailbox IIS RPS OWA, EAS, EWS, ECP, OAB POP, IMAP SMTPUM POP IMAP Transpo rt UM SMTP POP,
Exchange Server 2010 Upgrade and Deployment Meelis Nigols koolitaja IT Koolitus.

Exchange Server 2010 Upgrade and Deployment Meelis Nigols koolitaja IT Koolitus.
Scott Schnoll Exchange Server 2013 Site Resilience.

Scott Schnoll Exchange Server 2013 Site Resilience.
Welcome to the Exchange 2013 Webcast Deployment & Coexistence.

Welcome to the Exchange 2013 Webcast Deployment & Coexistence.
F5 Solution for Microsoft Exchange 2010 James Hendergart Business Development Manager Helen Johnson Solution Engineer.

F5 Solution for Microsoft Exchange 2010 James Hendergart Business Development Manager Helen Johnson Solution Engineer.
Part 2 Transport Unified Messaging Managed Availability.

Part 2 Transport Unified Messaging Managed Availability.
Pre-Release Programs Be first in line! Exchange & SharePoint On-Premises Programs Customers get: Early access to new features Opportunity to shape features.

Pre-Release Programs Be first in line! Exchange & SharePoint On-Premises Programs Customers get: Early access to new features Opportunity to shape features.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 of 3 Open Outlook 2007. On the Tools menu, click Account Settings. 1 Enable Outlook Anywhere 2 Click your Microsoft Exchange account, and then click.

1 of 3 Open Outlook On the Tools menu, click Account Settings. 1 Enable Outlook Anywhere 2 Click your Microsoft Exchange account, and then click.
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
10.0.0.11 10.0.0.12 10.0.0.13 10.0.0.14 10.0.0.1010.0.0.51 10.0.0.1 10.1.0.51.

IMAP migration Cutover migration Staged migration 2010 Hybrid2013 Hybrid Exchange 5.5 Exchange 2000 Exchange 2003 Exchange 2007 Exchange 2010 Exchange.

IMAP migration Cutover migration Staged migration 2010 Hybrid2013 Hybrid Exchange 5.5 Exchange 2000 Exchange 2003 Exchange 2007 Exchange 2010 Exchange.
Overview of Exchange 2013 Architecture Transport components shipping with Exchange 2013 Mail Routing Scenarios Transport High Availability SMTP Client.

Overview of Exchange 2013 Architecture Transport components shipping with Exchange 2013 Mail Routing Scenarios Transport High Availability SMTP Client.
AD Web browser Outlook (remote user) Mobile phone Line of business application Outlook (local user) External SMTP servers Exchange Online Protection.

AD Web browser Outlook (remote user) Mobile phone Line of business application Outlook (local user) External SMTP servers Exchange Online Protection.
MEC 2014 4/19/2017 7:51 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

MEC /19/2017 7:51 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Exchange Deployment Planning Services

Exchange Deployment Planning Services
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
CAS Array DAG MBX-A MBX-B DB1 Load Balancer.

CAS Array DAG MBX-A MBX-B DB1 Load Balancer.

Similar presentations

Ads by Google