ucguy
asked on
Exchange 2013 DNS Round Robin with IIS ARR
Hi all,
We have exchange 2013 configured with DNS Round robin, problem is when i configure firewall, how to configure IP to point services of exchange ?
If we have Load balancer, we will give VIP address to the firewall, so with DNS RR situation, how can we manage ?
regards
We have exchange 2013 configured with DNS Round robin, problem is when i configure firewall, how to configure IP to point services of exchange ?
If we have Load balancer, we will give VIP address to the firewall, so with DNS RR situation, how can we manage ?
regards
ASKER
why do we need it ?
External can we have one IP like this.
Mail.contoso.com 123.123.123.123 pointing to the firewall. firewall can be configure if traffic hits, forwared to either CAS1 or CAS2 ?
External can we have one IP like this.
Mail.contoso.com 123.123.123.123 pointing to the firewall. firewall can be configure if traffic hits, forwared to either CAS1 or CAS2 ?
No, that won't work. You would need a load balancer to do that. You can only tell your firewall to send traffic to one IP.
-JJ
-JJ
ASKER
If we have WNLB, should we install it on cas servers ?
You can use WNLB as log as you have dedicated CAS servers with no mailbox role.
-JJ
-JJ
WNLB is seriously brain dead and will start accepting requests way before any of your other network services have started, thereby causing service outage. You are much better off using a load balancer from Kemp that understands server health and only distributes traffic to working servers. They are pretty reasonably priced.
ASKER
Can we configure Kemp Load Balancer to handle only External traffic, Internal clients talk to both CAS servers via DNS Round Robin.
Potentially yes. But why would you want to do that?
DNS round robin is not real load balancing. A KEMP hardware load balancer is.
DNS round robin is not real load balancing. A KEMP hardware load balancer is.
ASKER
yeah, but problem is we cannot do that because current VLM-100 load balancer cannot handle the 200 users internally and externally both.
With Exchange 2013, DNS RR is a real load balancing solution. It is not as good as a hardware load balancer, but it will work just fine. The main difference you will see is that a HLB will detect a failure of a CAS node fairly quickly and take that node out of the pool. DNS RR depends on the TTL of the DNS record, so it will be at least a couple of minutes before the client reconnects.
You can use the HLB for external and DNS RR internally. You just point a single external DNS entry to the public IP of the HLB VIP and internally your create RR DNS entries that point directly as your CAS servers.
-JJ
You can use the HLB for external and DNS RR internally. You just point a single external DNS entry to the public IP of the HLB VIP and internally your create RR DNS entries that point directly as your CAS servers.
-JJ
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Each of your Exchange servers will need to be NAT'ed out on their own dedicated public IPs. You then configure your firewall to allow port 443 from the internet to the internal IP of each Exchange server. You also need to setup DNS records for each public IP.
-JJ