Friday, January 2, 2009

Exchange Server 2007 Hub Transport and Client Access Server on the Same NLB Cluster

In order to keep the number of servers down in a high availability environment, administrators have been looking at using Network Load Balancing (NLB) for CAS and then co-locating the HT role on each node of the NLB cluster to also provide high availability for the HT role.

This configuration can work, and it really is not too difficult to configure. It is extremely important to note that using NLB to load balance the default SMTP receive connectors (using port 25) is not supported and is completely unnecessary since they are load balanced for all intra-Exchange communications like HT to HT communications. However, using NLB to provide redundancy and load balancing for connections to HTs that are hosting Client SMTP receive connectors (using port 587) is fully supported and may be desireable if you have a large number of external SMTP/POP and SMTP/IMAP clients that need to connect to this receive connector.

The steps that you need are to:

  1. Setup two servers running Windows Server 2003 with two NICs in each server
  2. Install Exchange Server2007 Hub Transport and Client Access Service (CAS) on each server
  3. Configure one NIC for the Network Load Balance cluster and setup the other NIC in a separate network so it can be managed through that IP address
  4. Configure NLB with Unicast and even load balancing
  5. Setup the port rules:
    • Port 25 to 25 for both TCP and UDP and select the radio button to disable this port range (this will exclude port 25 from being listed to using the virtual IP address of the NLB cluster, but still allow the individual server IPs to still listen to port 25)
    • Port 465 to 465 for both TCP and UDP and selected the radio button to disable this port range
    • Port 80 to 80 for both TCP and UDP and set affinity to none (I recommend "none" so you can easily test and verify that it works)
    • Port 587 to 587 for both TCP and UDP, affinity none (this is for the client SMTP receive connector)
    • Port 443 to 443 for both TCP and UDP, affinity none
    • Port 110 to 110 for both TCP and UDP, affinity none
    • Port 993 to 993 for both TCP and UDP, affinity none
    • Port 143 to 143 for both TCP and UDP, affinity none
    • Port 995 to 995 for both TCP and UDP, affinity none
  6. With affinity set to none, you can more readily test the CAS (after updating the web pages to show which server is actually responding) and verify that the load is being shared. You can also test to make sure the NLB cluster does not respond to SMTP on port 25, which it shouldn't if you set it right, and verify that each server does respond to SMTP as an individual server name.
  7. You can configure protocol logging for the other protocols and telnet to the ports using the NLB IP address to see if they are loading balancing like they should. You can also use the NLB IP for the testing by sending and receiving messages and checking the message tracking logs to see that the traffic was being balanced. It all worked.

NOTE: You may want to change affinity to either single (especially if it is being used internally) or Class C (especially if it is accessible from the Internet) once your testing is done.

Good luck, and have lots of fun!


No comments: