Solved

Exchange 2013 DNS Round Robin with IIS ARR

Posted on 2014-11-05
12
548 Views
Last Modified: 2014-11-24
Hi all,

We have exchange 2013 configured with DNS Round robin, problem is when i configure firewall, how to configure IP to point services of exchange ?

If we have Load balancer, we will give VIP address to the firewall, so with DNS RR situation, how can we manage ?

regards
0
Comment
Question by:ucguy
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 40426008
Hello,

Each of your Exchange servers will need to be NAT'ed out on their own dedicated public IPs. You then configure your firewall to allow port 443 from the internet to the internal IP of each Exchange server. You also need to setup DNS records for each public IP.

-JJ
0
 

Author Comment

by:ucguy
ID: 40426067
why do we need it ?
 External can we have one IP  like this.

Mail.contoso.com 123.123.123.123 pointing to the firewall. firewall can be configure if traffic hits, forwared to either CAS1 or CAS2 ?
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 40426122
No, that won't work. You would need a load balancer to do that. You can only tell your firewall to send traffic to one IP.

-JJ
0
 

Author Comment

by:ucguy
ID: 40426134
If we have WNLB, should we install it on cas servers ?
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 40426144
You can use WNLB as log as you have dedicated CAS servers with no mailbox role.

-JJ
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 40426301
WNLB is seriously brain dead and will start accepting requests way before any of your other network services have started, thereby causing service outage. You are much better off using a load balancer from Kemp that understands server health and only distributes traffic to working servers. They are pretty reasonably priced.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:ucguy
ID: 40431938
Can we configure Kemp Load Balancer to handle only External traffic, Internal clients talk to both CAS servers via DNS Round Robin.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40431973
Potentially yes. But why would you want to do that?

DNS round robin is not real load balancing. A KEMP hardware load balancer is.
0
 

Author Comment

by:ucguy
ID: 40431983
yeah, but problem is we cannot do that because current VLM-100 load balancer cannot handle the 200 users internally and externally both.
0
 
LVL 37

Expert Comment

by:Jamie McKillop
ID: 40432650
With Exchange 2013, DNS RR is a real load balancing solution. It is not as good as a hardware load balancer, but it will work just fine. The main difference you will see is that a HLB will detect a failure of a CAS node fairly quickly and take that node out of the pool. DNS RR depends on the TTL of the DNS record, so it will be at least a couple of minutes before the client reconnects.

You can use the HLB for external and DNS RR internally. You just point a single external DNS entry to the public IP of the HLB VIP and internally your create RR DNS entries that point directly as your CAS servers.

-JJ
0
 
LVL 31

Assisted Solution

by:Gareth Gudger
Gareth Gudger earned 250 total points
ID: 40434091
I have to disagree with Jamie on DNS RR. It does not perform health checks so it has no idea if a component of Exchange goes down. Or if Exchange is down entirely. The server could be up and responding to IP but Exchange could be down. DNS RR will keep sending requests to that server and cause unnecessary outages for your users.

If you need a free hardware load balancer (that can do health checks) then you should go with IIS ARR. Its a free add-in from Microsoft.

I highly recommend checking this video from the Microsoft Exchange Conference on using ARR for Exchange 2013 as a free load balancer.
http://channel9.msdn.com/Events/MEC/2014/USX305

More info here for its use with Exchange 2013
http://blogs.technet.com/b/exchange/archive/2013/07/19/reverse-proxy-for-exchange-server-2013-using-iis-arr-part-1.aspx

Microsoft's download link:
http://www.iis.net/downloads/microsoft/application-request-routing
0
 
LVL 37

Accepted Solution

by:
Jamie McKillop earned 250 total points
ID: 40437336
Watch this video (https://www.youtube.com/watch?v=35l2lQ0LIZU) from TechEd 2013 (start at about 50 minutes) and you will understand how DNS RR works for redundancy in Exchange 2013. The client will load up all the A records. If the client fails to connect, it will wait about 20 seconds then try the next A record. It doesn't matter if the IP responds, the client must be able to successfully connect or it moves on. DNS RR is now how Microsoft recommends you implement site resiliency.

An HLB is still recommended in front of each CAS array because it has the advantage of being able to automatically or manually pull a CAS server out of the pool for near completely transparency to the client. With DNS RR, you have the 20 second wait and some clients will continue to try connecting to a failed IP when they start up. an HLB has other advantages as well, such as the ability to truly balance the load.

The ideal infrastructure includes an HLB. If you can't afford an HLB, DNS RR is a viable alternative. You can use IIS AAR but you have a single point of failure, unless you use NLB to create an IIS cluster. If you are going to use NLB, you might as well just use it directly on your CAS servers. IIS AAR is intended more as alternative to TMG. It is a security layer to proxy requests from the Internet so that client connections don't hit Exchange before being authenticated.

-JJ
0

Featured Post

Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
The viewer will learn how to simulate a series of sales calls dependent on a single skill level and learn how to simulate a series of sales calls dependent on two skill levels. Simulating Independent Sales Calls: Enter .75 into cell C2 – “skill leve…
The view will learn how to download and install SIMTOOLS and FORMLIST into Excel, how to use SIMTOOLS to generate a Monte Carlo simulation of 30 sales calls, and how to calculate the conditional probability based on the results of the Monte Carlo …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now