Topic: Load balancing OWA and Outlook Anywhere (Read 2988 times)

ian_moore · « **on:** January 05, 2012, 06:15:28 AM »

Hi, Can anyone help with a Exchange 2010 load balancing query please. I am following the Citrix Netscaler Deployment Guide for MS Exchange 2010 and would like to configure OWA and Outlook Anywhere load balancing. I have successfully created a vserver for OWA connections using the SSL protocol however I can't add an additional vserver using the SSL protocol for Outlook Anywhere. I presume there is a one verver per protocol rule so was wondering if someone can confirm this is the case?

Also does anyone have any experience of creating a combined vserver for OWA and OA? I have a rewrite policy for OWA that I do not want applied to OA connections in my vserver so I can't see how this can work.

Thanks
Ian

ian_moore · « **Reply #1 on:** January 05, 2012, 06:29:50 AM »

I was trying to use the same vserver IP. I suspect an additional SSL vserver with a new IP will resolve the problem.

Thanks
Ian

thazelaar · « **Reply #2 on:** January 08, 2012, 06:05:39 AM »

Hello,

Yes, that will solve your problem

Regards,

Timco

cript2000 · « **Reply #3 on:** January 10, 2012, 06:17:13 PM »

So we can't use a policy to have OWA & Outlook Anywhere on single host name?!

HennyLouwers · « **Reply #4 on:** January 31, 2012, 06:09:41 AM »

Quote from: cript2000 on January 10, 2012, 06:17:13 PM

So we can't use a policy to have OWA & Outlook Anywhere on single host name?!

That's correct, the Citrix Netscaler Deployment Guide for MS Exchange 2010 does not mention this clearly. But you will have to split Exchange publications in to more NetScaler (VIP) IP-Addresses and DNS Names.

Paul B · « **Reply #5 on:** February 17, 2012, 02:24:51 AM »

Two thoughts...

a) It *might* be possible to front the two SSL Load Balancers with a Content switch, and switch content based upon the hostname used to access. However, this would need a wildcard SSL certificate or a SAN SSL certificate (the latter is not suitable if using certain mobile devices).

b) Both bits of traffic *might* work on the SAME LB Vserver, just use a fancy policy to apply the rewrite to traffic to the relevant hostname. Again, you’ll need a wildcard or SAN certificate.

HennyLouwers · « **Reply #6 on:** February 17, 2012, 02:49:05 AM »

Paul,

I've tried this but did not succeed. The problem is the different types of authentication that are being used by Exchange. OWA you can cover with AAA Authentication or Forms-Based by Exchange but you cannot add ActiveSync to that mix since it uses NTLM/Basic authentication.

If you do find a way to be able to process all the load balancing by a single virtual server I would love to see the article about it

.

ian_moore · « **Reply #7 on:** February 19, 2012, 03:12:45 AM »

Thanks for the responses guy's. Your input is really appreciated.

Has anyone had good experiences with using NetScaler to load balance Exchange 2010 CAS servers by using the multiple VIP method?

The exchange engineer working on this project with me is really reluctanct to do this and suggests this will increase the configuration required on the Exchange back end to the point whereby load balancing the CAS traffic using the NetScaler is no longer an option.

Thanks
Ian

carlb · « **Reply #8 on:** February 20, 2012, 06:27:31 AM »

So is your exchange admin telling you what additional configs he needs to do on his end? I would think that a properly constructed SSL certificates that has SANs configured for both target virtual servers, that there should be little additional config on the exchange server end.

Thanks,

Carl B
**Shameless plug - single URL/FQDN/Virtual IP for exchange services is done with a built in TCL script on a competitive platform.

Paul B · « **Reply #9 on:** February 20, 2012, 07:21:10 AM »

We recently set up so0me very simple LB for Exchange 2010, but we didn't do any ssl offload (therefore just used SSL Bridge) .

Anyway, it worked fine.

jason.poyner · « **Reply #10 on:** April 03, 2012, 10:10:27 PM »

Hi Paul B,

I am looking to configure Exchange OWA, OA & EAS load balancing without SSL offload, so am planning on using SSL Bridge.
Can you tell me if you had to create separate vServer for each type of Exchange traffic, or was a single vServer ok? From reading the Citrix NetScaler Deployment Guide for Microsoft Exchange 2010 it seems different persistence methods are required.

Any help is appreciated.

Thanks,
Jason

Tapankar · « **Reply #11 on:** April 14, 2012, 08:55:01 AM »

Ian,

we can achieve this through Content Switching.we donot need to create separate virtual server for each exchange service ( OA,OWA,EAS etc).Just need to create a content switch virtual server , create CS policies and bind it to their respective LB virtual servers.let me know if you need more informations in this.

cript2000 · « **Reply #12 on:** April 27, 2012, 10:53:08 AM »

Tapankar - How would the multiple auth types work with this?

the0duke0 · « **Reply #13 on:** May 17, 2012, 08:11:34 PM »

You can set up the content switch policy to use the URLs

/OWA => direct to owa load balancer configured to use Authentication with FQDN (forms based)
/RPC => direct to RPC load balancer confgiured to use 401 based authentication with VServer.

This way you don't need a wildcard cert, just a SAN cert if you are handling two or so different names such as owa.domain.com autodiscover.domain.com

If you are publishing other services you can combine all the services of like authentication.

/RPC = Outlook Anywhere
/Microsoft-Server-ActiveSync
/Autodiscover
/EWS =

My basic auth policy expression looks like this

HTTP.REQ.URL.PATH.TO_LOWER.STARTSWITH("/microsoft-server-activesync") || HTTP.REQ.URL.PATH.TO_LOWER.STARTSWITH("/rpc") || HTTP.REQ.URL.PATH.TO_LOWER.STARTSWITH("/autodiscover") || HTTP.REQ.URL.PATH.TO_LOWER.STARTSWITH("/ews") || HTTP.REQ.URL.PATH.TO_LOWER.STARTSWITH("/oab")

Then you can just make the forms based Vserver the default for that content switch.

Thanks,
Patrick

Netscaler Knowledgebase

News:

Author Topic: Load balancing OWA and Outlook Anywhere (Read 2988 times)

ian_moore

Load balancing OWA and Outlook Anywhere

ian_moore

Re: Load balancing OWA and Outlook Anywhere

thazelaar

Re: Load balancing OWA and Outlook Anywhere

cript2000

Re: Load balancing OWA and Outlook Anywhere

HennyLouwers

Re: Load balancing OWA and Outlook Anywhere

Paul B

Re: Load balancing OWA and Outlook Anywhere

HennyLouwers

Re: Load balancing OWA and Outlook Anywhere

ian_moore

Re: Load balancing OWA and Outlook Anywhere

carlb

Re: Load balancing OWA and Outlook Anywhere

Paul B

Re: Load balancing OWA and Outlook Anywhere

jason.poyner

Re: Load balancing OWA and Outlook Anywhere

Tapankar

Re: Load balancing OWA and Outlook Anywhere

cript2000

Re: Load balancing OWA and Outlook Anywhere

the0duke0

Re: Load balancing OWA and Outlook Anywhere