Presentation is loading. Please wait.

Presentation is loading. Please wait.

High Availability and Web Publishing for UC Deployments Load Balancing & Reverse Proxy October 24, 2013 Bhargav Shukla Director – Product Research and.

Published byLesley Sanders Modified over 9 years ago

Similar presentations

Presentation on theme: "High Availability and Web Publishing for UC Deployments Load Balancing & Reverse Proxy October 24, 2013 Bhargav Shukla Director – Product Research and."— Presentation transcript:

1 High Availability and Web Publishing for UC Deployments Load Balancing & Reverse Proxy October 24, 2013 Bhargav Shukla Director – Product Research and Innovation KEMP Technologies Twitter: @bhargavs

2 Load Balancing Lync 2013 What should you load balance? – For Server to Server traffic Topology aware, no load balancing needed – For Client to Server traffic DNS load balancing for pool (SIP traffic) DNS load balancing does not work for web traffic Port translation is required for external web services traffic

3 Load Balancing Lync 2013 Visual Reference ROLEHIGH AVAILABILITYLOAD BALANCER DNS LOAD BALANCING Standard Edition ServerNot AvailableN/A Enterprise Edition ServerDeploy Multiple Servers in a Pool and use Load Balancing Yes Back End ServerSQL Server uses Windows Clustering for High Availability No A/V Conferencing ServerDeploy Multiple Servers in a Pool and Use Load Balancing N/A Edge ServerDeploy Multiple Servers in a Pool and Use Load Balancing Yes Mediation ServerDeploy Multiple Servers in a Pool and Use Load Balancing Yes MonitoringStandby Server (MSMQ on the Front-End queues messages in the event of the failure) No ArchivingStandby Server (MSMQ on the Front-End queues messages in the event of the failure) No DirectorDeploy Multiple Servers in a Pool and Use Load Balancing Yes File ServerUse Windows Clustering or Distributed File SystemNo

4 Load Balancing Lync 2013 Load Balancing Front End/Director Pools

5 Load Balancing Lync 2013 Load Balancing Front End/Director Pools Microsoft recommended method – Use DNS Load Balancing for SIP traffic – Configure Web services override FQDN for internal web services – Load balance TCP port 80, 8080, 443 and 4443 – Also Load balance TCP port 444 if Director is deployed

6 Load Balancing Lync 2013 Load Balancing Front End/Director Pools – Source IP Persistence can be used, but should you? Clients from behind NAT device shows up as single IP Can result in uneven connection distribution – Health check on TCP port 5061, or use hardware load balancer monitoring port from topology if defined – Alternatively check /meet/blank.html instead of 5061 to ensure IIS is working

7 Load Balancing Lync 2013 Load Balancing Front End/Director Pools – There is no negative impact if you use cookie If you use cookie, it must be named MS-WSMAN Must not expire Must not be marked httpOnly Turn off cookie optimization – Use 20 minute TCP session timeout – Use 1800 seconds TCP idle timeout

8 Load Balancing Lync 2013 Load Balancing Front End/Director Pools – Load balancer only configuration, DNS RR not used for SIP Load balance the following ports (all TCP) 5061, 444, 135, 80, 8080, 443, 4443, 448, 5070-5073, 5075-5076, 5080 Hardware Load Balancer Ports if Using Only Hardware Load Balancing - http://bit.ly/1185Yvqhttp://bit.ly/1185Yvq

9 Load Balancing Lync 2013 Load Balancing Mediation Pools – DNS only load balancing is sufficient – If using load balancer instead of DNS, load balance only TCP 5070

10 Load Balancing Lync 2013 Load Balancing Edge Pools

11 Load Balancing Lync 2013 Load Balancing Edge Pools using DNS – Loss of failover in following scenarios Federation with organizations running OCS versions older than Lync 2010 PIM connectivity with Skype, Windows Live, AOL, Yahoo! and XMPP partners UM Play on Phone functionality Transferring calls from UM Auto Attendant

12 Load Balancing Lync 2013 Load Balancing Edge Pools using Load Balancer – External Interfaces Access Edge Interface – Source NAT can be used – SIP (External Client) – TCP 443 – SIP (Federation/PIM) – TCP 5061 – XMPP –TCP 5269 Web Conferencing Interface – Source NAT can be used – PSOM – 443 AV Edge Interface – NAT can’t be used here – STUN/MSTURN – TCP 443 – STUN/MSTURN – UDP 3478

13 Load Balancing Lync 2013 Load Balancing Edge Pools using Load Balancer – External Interfaces Use Access VIP as default gateway on all Edge interfaces AV Edge Interface considerations – Turn off TCP nagling for both internal and external TCP 443 VIP – Turn off TCP nagling for external port range 50000 - 59,999 – Must use publicly routable IP with no NAT or port translation

14 Load Balancing Lync 2013 Load Balancing Edge Pools using Load Balancer – Internal Interfaces Access SIP – TCP 5061 – Used by Directors, FE Pools AV Authentication SIP – TCP 5062 – Any FE Pool and SBA AV Media Transfer – UDP 3478 – Preferred path for A/V media transfer AV Media Transfer – TCP 443 – Fallback path for A/V media transfer – File Transfer – Desktop Sharing

15 Load Balancing Lync 2013 Reverse Proxy

16 Device deployed between clients and servers, usually in the DMZ and interacts with servers and services on behalf of the client Commonly used to provide load balancing for availability and scalability Terminates TCP traffic Protects internal HTTP servers by providing a single point of access to the internal network Full reverse proxies provide advanced Layer 7 features such as SSL acceleration, traffic management, intrusion prevention, content acceleration, etc. More than NAT Reverse Proxy – What is It Load BalancerReverse Proxy =

17 Load Balancing Lync 2013 Reverse Proxy – a separate VIP on Load Balancer – Load balance port 80 and 443 – Translate to server ports 8080 and 4443 – Can not use pre-authentication – No persistence is required – Use 20 minute TCP session timeout – Use 1800 seconds TCP idle timeout – Health check on port 5061, or use hardware load balancer monitoring port from topology if defined – Alternatively check /meet/blank.html instead of 5061 to ensure IIS is working

18 Hardware Load Balancing - Edge Requires N+1 Public IP addresses Reference - http://bit.ly/164jI3m & http://bit.ly/13Hgsawhttp://bit.ly/164jI3m http://bit.ly/13Hgsaw

19 Load Balancing Lync 2013 Load Balancing Office Web Apps Servers – Load balance port TCP/443 – Enable and Reencrypt SSL – Use Source IP for persistence with 30 minute timeout, use other methods if NAT or concentrators are involved – Use 1800 seconds Idle timeout – Perform healthcheck on /hosting/discovery, using HTTP GET

20 DNS or Hardware? HLB ProsHLB ConsDNS LB ProsDNS LB Cons App AwarenessExtra step for server draining Simpler Server DrainingSome 3 rd party apps don’t understand DNS LB Easy to take partially working server offline Additional setup work required Less overall complexityMany PBXs can’t talk to pool of DNS LB mediation Servers Supports all level clients Adds significantly to deployment (myth) Minimal LB expertise required Down level clients don’t support DNS LB HA for PIC/XMPP and legacy federation Adds substantial latency (myth) Over-complicates troubleshooting (myth)

21 Best Practices -Use same load balancing method for internal/external Edge interfaces -Don’t leave timeout at default: TCP idle timeout should be set to 1800 sec -Turn off TCP Nagling for AV Edge ports 50k- 59,999 and internal/external 443 -Use SNAT for general services, DNAT for AV Edge -Ensure load balancer and Lync failover scenarios are tested… BEFORE you need it -Avoid using DSR – not supported -Create an independent virtual service for each edge service (access/webconf/AV) -User cookie-based persistence for external Lync web services and source-address persistence for internal Lync web services -Cookie-based persistence required for Lync Mobility services - Marked http Only, named MS-WSMAN and no expiration -Always use a HLB if HA for XMPP/PIC/legacy Federation is important -Edge internal interface must be on different network than Edge external interface with routing between them disabled -Edge Server External interface running A/V must use routable IP – no NAT/PAT

22 Thank You!

Download ppt "High Availability and Web Publishing for UC Deployments Load Balancing & Reverse Proxy October 24, 2013 Bhargav Shukla Director – Product Research and."

Similar presentations

SIP, Firewalls and NATs Oh My!. www.dynamicsoft.com SIP Summit 2001 5.01.01 SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.

SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Unified communications platform Enterprise-ready.

Unified communications platform Enterprise-ready.
Unified communications platform Enterprise-ready.

Unified communications platform Enterprise-ready.
Lync 2014 4/11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Lync /11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Microsoft ® Lync Ignite Microsoft Lync 2013.

Microsoft ® Lync Ignite Microsoft Lync 2013.
Sonus SBC1000, SBC 2000 Competitive Positioning

Sonus SBC1000, SBC 2000 Competitive Positioning
©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.

©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
externalinternal SIP Proxy a w.

externalinternal SIP Proxy a w.
Key Elements to Deploying OCS. Where to Start  OCS can seem to require an awful lot of servers _ Edge, Director, Front End, SQL, Monitoring, SQL, Archiving,

Key Elements to Deploying OCS. Where to Start  OCS can seem to require an awful lot of servers _ Edge, Director, Front End, SQL, Monitoring, SQL, Archiving,
June 23rd, 2009Inflectra Proprietary InformationPage: 1 SpiraTest/Plan/Team Deployment Considerations How to deploy for high-availability and strategies.

June 23rd, 2009Inflectra Proprietary InformationPage: 1 SpiraTest/Plan/Team Deployment Considerations How to deploy for high-availability and strategies.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Firewall Configuration Strategies

Firewall Configuration Strategies

1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.

1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.
Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
(ITI310) By Eng. BASSEM ALSAID SESSIONS 8: Network Load Balancing (NLB)

(ITI310) By Eng. BASSEM ALSAID SESSIONS 8: Network Load Balancing (NLB)
Microsoft Load Balancing and Clustering. Outline Introduction Load balancing Clustering.

Microsoft Load Balancing and Clustering. Outline Introduction Load balancing Clustering.
Secure Remote Access & Lync Ilse Van Criekinge

Secure Remote Access & Lync Ilse Van Criekinge

Similar presentations

Ads by Google