npdodge
asked on
Load balancing Exchange 2013 CAS servers using DNS Round Robin
Currently in the process of implementing Exchange 2013 to migrate from Exchange 2007. Am planning on having two multi-role 2013 servers at production and at least 1 multi-role 2013 server at DR site. Obviously I will be using DAGs to provide HA for the mailbox role, but want to have HA for the CAS role as well before I configure everything for co-existence with Exchange 2007. Eventually I plan to have a hardware load-balance like a Kemp LM-2400 or Netscaler, but for now I will have to settle for DNS Round Robin.
In reading some articles on DNS RR and Exchange 2013 CAS servers, they've only been referencing examples with Outlook Anywhere and OWA and how you need to use the same namespaces for Outlook Anywhere and OWA (e.g. mail.domain.com) on both servers, but what about the other virtual directories like ECP, EWS, Active-Sync, and OAB? Currently I have just one Exchange 2013 CAS and their namespaces all begin with mail.domain.com, should both CAS servers be identical? Do I need to change the Service Connection Point to be the same on the 2nd CAS as well?
Thanks in advance for your input.
Dave
In reading some articles on DNS RR and Exchange 2013 CAS servers, they've only been referencing examples with Outlook Anywhere and OWA and how you need to use the same namespaces for Outlook Anywhere and OWA (e.g. mail.domain.com) on both servers, but what about the other virtual directories like ECP, EWS, Active-Sync, and OAB? Currently I have just one Exchange 2013 CAS and their namespaces all begin with mail.domain.com, should both CAS servers be identical? Do I need to change the Service Connection Point to be the same on the 2nd CAS as well?
Thanks in advance for your input.
Dave
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi Simon,
Please show me where it says using an A record is best practice? I'm genuinely interested... As far as I'm aware you can use either an A, CNAME or SRV interchangeably with various pro's\con's. However using an SRV record solves a lot of issues...
In a non load balanced DNS RR solution I would most definitely use a CNAME. RR does provide some level protection as you can lose a CAS box and still keep running. Just have a low TTL and remove the failed CAS Record when it happens.
The autodiscover A record is usually (In my world) configured to the CAS ARRAY VIP. in this case there is none so a failed CAS box that the A record is pointing to means complete outage. Unless you DNS RR the autodiscover record as well which would be daft in this case.
I was unaware that Kemp have a free loadbalancer... cool... the other option, as the CAS boxes are layer 4 sessionless is you could use a windows NLB in the interim.
Please show me where it says using an A record is best practice? I'm genuinely interested... As far as I'm aware you can use either an A, CNAME or SRV interchangeably with various pro's\con's. However using an SRV record solves a lot of issues...
In a non load balanced DNS RR solution I would most definitely use a CNAME. RR does provide some level protection as you can lose a CAS box and still keep running. Just have a low TTL and remove the failed CAS Record when it happens.
The autodiscover A record is usually (In my world) configured to the CAS ARRAY VIP. in this case there is none so a failed CAS box that the A record is pointing to means complete outage. Unless you DNS RR the autodiscover record as well which would be daft in this case.
I was unaware that Kemp have a free loadbalancer... cool... the other option, as the CAS boxes are layer 4 sessionless is you could use a windows NLB in the interim.
ASKER
Very cool that they now offer a free load balancer. That must have just been offered because I didn't see it last week. Too bad it's limited to 20Mbps of throughput, not sure I really want to limit the bandwidth that much on the CAS servers. I know DNS RR isn't true HA but it does provide some automatic redundancy in the event a CAS/MBX server fails. Not an immediate failover but the client would hit the other CAS server pretty quickly from what I've read, but will need to test. I don't know how soon we would be able to purchase a hardware LB and still don't know if we're going to do Kemp or Netscaler. We want Netscaler to put some Xenapp security policies in place for the client devices connecting and found out that Netscaler can also LB Exchange and other web servers so there would be no need for a Kemp appliance. Until then, I would like to have something so DNS RR would suffice. Do you agree Simon?
Hey Guys,
For Autodiscover specifically i personally use a CNAME record for this. You can in fact use either A or CNAME does not matter, really becomes a matter of preference.
Below is the actual link from technet which references Autodiscover and appropriate ways to configure DNS. This link references Lync 2013 but the same concept applies.
https://technet.microsoft.com/en-us/library/hh690010.aspx
O365 also suggest CNAME records to be configured as well.
Will.
For Autodiscover specifically i personally use a CNAME record for this. You can in fact use either A or CNAME does not matter, really becomes a matter of preference.
Below is the actual link from technet which references Autodiscover and appropriate ways to configure DNS. This link references Lync 2013 but the same concept applies.
https://technet.microsoft.com/en-us/library/hh690010.aspx
O365 also suggest CNAME records to be configured as well.
Will.
ASKER
I've always used a CNAME for autodiscover as well.
Office365 is a completely different matter when it comes to CNAMEs, because you are pointing the record at any entry that is not under your control - which I believe is the main reason for them.
However it is an internal system, where you have complete control over everything the question I would ask is why WOULD you use a CNAME? DNS best practise in general is to avoid using them because they increase the load on the server, as it requires an additional lookup.
"Too bad it's limited to 20Mbps of throughput, not sure I really want to limit the bandwidth that much on the CAS servers. "
I am doing some testing on this, and the initial indications are that if you use the load balancer in Direct Server Return (http://kemptechnologies.com/uk/white-papers/direct-server-return-it-you/) then you use very little bandwidth. The bulk of the traffic is usually outbound. Still testing, it has only been available since Monday and I have had a busy week!
Simon.
However it is an internal system, where you have complete control over everything the question I would ask is why WOULD you use a CNAME? DNS best practise in general is to avoid using them because they increase the load on the server, as it requires an additional lookup.
"Too bad it's limited to 20Mbps of throughput, not sure I really want to limit the bandwidth that much on the CAS servers. "
I am doing some testing on this, and the initial indications are that if you use the load balancer in Direct Server Return (http://kemptechnologies.com/uk/white-papers/direct-server-return-it-you/) then you use very little bandwidth. The bulk of the traffic is usually outbound. Still testing, it has only been available since Monday and I have had a busy week!
Simon.
Need to pick up on this one...
"RR does provide some level protection as you can lose a CAS box and still keep running. Just have a low TTL and remove the failed CAS Record when it happens."
That isn't high availability. DNS has no idea the server is down. Until you notice it will keep sending traffic to a server that isn't available.
Simon.
"RR does provide some level protection as you can lose a CAS box and still keep running. Just have a low TTL and remove the failed CAS Record when it happens."
That isn't high availability. DNS has no idea the server is down. Until you notice it will keep sending traffic to a server that isn't available.
Simon.
Hi Simon, never said HA... I said "some level of protection"... There's a difference.
And your other question "why would you use a CNAME?" Because you are using DNS RR and setting a single A record in a non HA environment could cause a blackout. And using DNS RR for autodiscover as well would be daft... How about that? All in context of the question.... Outside in a different environment... By all means push your A record.
And your other question "why would you use a CNAME?" Because you are using DNS RR and setting a single A record in a non HA environment could cause a blackout. And using DNS RR for autodiscover as well would be daft... How about that? All in context of the question.... Outside in a different environment... By all means push your A record.
Waste of time.
If you are planning to implement a Kemp, then I would consider deploying their free load balancer launched at the start of this week.
http://freeloadbalancer.com/
Then when you are ready to purchase, you just put in a new key.
I am going to have to disagree with the above recommendation on using a CNAME, as that is not best practise. A records should be used, particularly for Autodiscover.
Setup a split DNS and then configure all of the virtual directories with the same host name internally as you are using externally.
http://semb.ee/hostnames2013
Simon.