Windows Server 2012 NLB

Does anyone know if the Windows Server 2012 Network Load Balancer can (successfully) be installed on a VMware VM, placed in the DMZ, and just allow routing thru to the Exchange 2013 servers (CAS role only). I know most advise against this but I'm still waiting on the budget and MGMT approval and need a way to NLB in the meantime. Since it's in the DMZ it would be placed in a different subnet, assigned a VIP, Internal IP and public facing IP. If I can do that in can also buy just one cert and apply it to the NLB, the two CAS servers along with the SAN names. Then apply the same very to the hardware NLB once receive and maintain the IP and firewall configs.

Thanks,
Christian HansAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Amit KumarCommented:
Putting CAS role in DMZ is not supported by Microsoft, even if you will put it in DMZ then you will have to open almost all ports so there is no benefit to put CAS role in DMZ.

In Exchange 2003 it was supported when the architecture was Back end and Front End. but onward 2007 Microsoft does not support DMZ architecture for CAS roles.

Also if you can buy hardware load balancer then it is good else configure NLB but not to put in DMZ.

If you want to understand architectural diff. then please go through with this article. This article has all details about architectural changes from Exchange 2003 to Exchange 2013

One more thing, you can configure two hardware load balancers, one is in internal network and another one is in DMZ that will help you for sure.
0
Christian HansAuthor Commented:
Thank you Amit. The Exchange 2013 Hybrid CAS servers would not go in the DMZ, just the Windows NLB would.

I'm just wondering if the option exists, if anyone has done it, with the Windows Server 2012 NLB in the DMZ then pass the traffic through to the internal CAS Hybrid Servers.
0
F PCommented:
Have you ever used network aggregation on the VMware side using trunk ports back to your switch and a port channel?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

F PCommented:
I've done that before many times over, then use something like the Broadcom Management Utility (doesn't have to have broadcom NIC to work) to manage the virtual NLB, but the Windows NLB new in 2012, I haven't used. I don't see how it's different though.
0
F PCommented:
.... lastly, the entire point of a CAS is to distribute the load, and in my opinion, shouldn't ever have a need to handle that much traffic with another CAS box on the same VMware hypervisor host.
0
Amit KumarCommented:
Yes! you can configure NLB in DMZ as both/more servers will be in same VLAN.

Rest you can follow this article for Windows NLB.

For VMWare- Multicasting

For VMWare-Unicasting
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.