High Availability and Web Publishing for UC Deployments Load Balancing & Reverse Proxy October 24, 2013 Bhargav Shukla Director – Product Research and.

Slides:



Advertisements
Similar presentations
SIP, Firewalls and NATs Oh My!. SIP Summit SIP, Firewalls and NATs, Oh My! Getting SIP Through Firewalls Firewalls Typically.
Advertisements

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Unified communications platform Enterprise-ready.
Unified communications platform Enterprise-ready.
Lync /11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Microsoft ® Lync Ignite Microsoft Lync 2013.
Sonus SBC1000, SBC 2000 Competitive Positioning
©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
externalinternal SIP Proxy a w.
Key Elements to Deploying OCS. Where to Start  OCS can seem to require an awful lot of servers _ Edge, Director, Front End, SQL, Monitoring, SQL, Archiving,
June 23rd, 2009Inflectra Proprietary InformationPage: 1 SpiraTest/Plan/Team Deployment Considerations How to deploy for high-availability and strategies.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Firewall Configuration Strategies

1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.
Unified. Simplified. Unified Communications Launch 2007.
(ITI310) By Eng. BASSEM ALSAID SESSIONS 8: Network Load Balancing (NLB)
Microsoft Load Balancing and Clustering. Outline Introduction Load balancing Clustering.
Secure Remote Access & Lync Ilse Van Criekinge
Microsoft ® Lync™ Server 2010 Edge Server/Remote Access Module 16 Microsoft Corporation.
Course 201 – Administration, Content Inspection and SSL VPN
On-Premises Cloud On-PremisesHybridCloud.
Barracuda Load Balancer Server Availability and Scalability.
Mobility And Anywhere Access Clancy Priest Technology Services Director City of Hayward.
PC Maintenance: Preparing for A+ Certification Chapter 25: The Internet.
Access Gateway Operation
Internal NetworkExternal Network. Hub Internal NetworkExternal Network WS.
Securing Microsoft® Exchange Server 2010
Module 1: Server Roles and Initial Configuration Tasks
Ewan MacKellar Steve Moore. Get to know what is normal! - Build a repository of network captures and Snooper logs showing what takes place in.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
INSTALLING MICROSOFT EXCHANGE SERVER 2003 CLUSTERS AND FRONT-END AND BACK ‑ END SERVERS Chapter 4.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Why are we here? Enterprise Voice for Lync from dial-tone to the desktop –Best practices –Best hardware –Best financial options.
Unified Communications February Aastra – OPEN Telephony over IP Solutions for every need Customer NeedsAastra Solutions OPENToIP – SIP OPEN ToIP.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
EXL321. Lync 2010 Planning tool+ Planning guides+ * new in LS significant enhancements in LS 2010.
Module 4 Planning and Deploying Client Access Services in Microsoft® Exchange Server 2010 Presentation: 120 minutes Lab: 90 minutes After completing.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Remote Access Using Citrix Presentation Server December 6, 2006 Matthew Granger IT665.
Module 13: Designing Print Services in Windows Server 2008.
Johann Kruse National Technology Specialist Microsoft Australia UNC310.
Module 7 Planning and Deploying Messaging Compliance.
Integrating and Troubleshooting Citrix Access Gateway.
11 CLUSTERING AND AVAILABILITY Chapter 11. Chapter 11: CLUSTERING AND AVAILABILITY2 OVERVIEW  Describe the clustering capabilities of Microsoft Windows.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 10: Windows Firewall and Caching Fundamentals.
Integrated System Registration, presence (SIP) persistent chat (XCCOS) Registration, presence (SIP) persistent chat (XCCOS) Lync persistent chat pool.
What’s new in Communications Server “14” Architecture & Deployment Ferjan Ormeling
Integrated System Enterprise voice Audio, video & web conferencing Mobile Persistent chat Reduced maintenance Single system Scalable Flexible Small.
Interwise Connect Version 8. Interwise Connect V8: What’s New  Conferencing -Web Client -Extended platform support -Faster application sharing -Automatic.
Michel de Rooij April 26 th, 2016 BE-COM E-COMMUNICATIONS EVENT: EXCHANGE 2016 & OFFICE ONLINE SERVER.
VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.
Running a Successful Voice ADS (UC83PAL). Session Objectives And Takeaways Session Objective(s): Learn best practices for OCS and Lync 2010 Architecture.
Johan Delimon 26/04/2016 BE-COM E-COMMUNICATIONS EVENT THE INNER WORKINGS OF SKYPE FOR BUSINESS: NETWORKING.
1 © 1999, Cisco Systems, Inc. 1293_07F9_c1 LocalDirector Version3.1.
The Secrets of Media Flows in Skype for Business
Barracuda Load Balancer
Affinity Depending on the application and client requirements of your Network Load Balancing cluster, you can be required to select an Affinity setting.
F5 BIGIP V 9 Training.
Securing the Network Perimeter with ISA 2004
3 | Analyzing Server, Network, and Client Health
Unit 27: Network Operating Systems
Alan Shen Director Unify Square
SpiraTest/Plan/Team Deployment Considerations
TechEd /30/2018 7:07 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Designing IIS Security (IIS – Internet Information Service)
09 | Configuring Lync Online
Presentation transcript:

High Availability and Web Publishing for UC Deployments Load Balancing & Reverse Proxy October 24, 2013 Bhargav Shukla Director – Product Research and Innovation KEMP Technologies

Load Balancing Lync 2013 What should you load balance? – For Server to Server traffic Topology aware, no load balancing needed – For Client to Server traffic DNS load balancing for pool (SIP traffic) DNS load balancing does not work for web traffic Port translation is required for external web services traffic

Load Balancing Lync 2013 Visual Reference ROLEHIGH AVAILABILITYLOAD BALANCER DNS LOAD BALANCING Standard Edition ServerNot AvailableN/A Enterprise Edition ServerDeploy Multiple Servers in a Pool and use Load Balancing Yes Back End ServerSQL Server uses Windows Clustering for High Availability No A/V Conferencing ServerDeploy Multiple Servers in a Pool and Use Load Balancing N/A Edge ServerDeploy Multiple Servers in a Pool and Use Load Balancing Yes Mediation ServerDeploy Multiple Servers in a Pool and Use Load Balancing Yes MonitoringStandby Server (MSMQ on the Front-End queues messages in the event of the failure) No ArchivingStandby Server (MSMQ on the Front-End queues messages in the event of the failure) No DirectorDeploy Multiple Servers in a Pool and Use Load Balancing Yes File ServerUse Windows Clustering or Distributed File SystemNo

Load Balancing Lync 2013 Load Balancing Front End/Director Pools

Load Balancing Lync 2013 Load Balancing Front End/Director Pools Microsoft recommended method – Use DNS Load Balancing for SIP traffic – Configure Web services override FQDN for internal web services – Load balance TCP port 80, 8080, 443 and 4443 – Also Load balance TCP port 444 if Director is deployed

Load Balancing Lync 2013 Load Balancing Front End/Director Pools – Source IP Persistence can be used, but should you? Clients from behind NAT device shows up as single IP Can result in uneven connection distribution – Health check on TCP port 5061, or use hardware load balancer monitoring port from topology if defined – Alternatively check /meet/blank.html instead of 5061 to ensure IIS is working

Load Balancing Lync 2013 Load Balancing Front End/Director Pools – There is no negative impact if you use cookie If you use cookie, it must be named MS-WSMAN Must not expire Must not be marked httpOnly Turn off cookie optimization – Use 20 minute TCP session timeout – Use 1800 seconds TCP idle timeout

Load Balancing Lync 2013 Load Balancing Front End/Director Pools – Load balancer only configuration, DNS RR not used for SIP Load balance the following ports (all TCP) 5061, 444, 135, 80, 8080, 443, 4443, 448, , , 5080 Hardware Load Balancer Ports if Using Only Hardware Load Balancing -

Load Balancing Lync 2013 Load Balancing Mediation Pools – DNS only load balancing is sufficient – If using load balancer instead of DNS, load balance only TCP 5070

Load Balancing Lync 2013 Load Balancing Edge Pools

Load Balancing Lync 2013 Load Balancing Edge Pools using DNS – Loss of failover in following scenarios Federation with organizations running OCS versions older than Lync 2010 PIM connectivity with Skype, Windows Live, AOL, Yahoo! and XMPP partners UM Play on Phone functionality Transferring calls from UM Auto Attendant

Load Balancing Lync 2013 Load Balancing Edge Pools using Load Balancer – External Interfaces Access Edge Interface – Source NAT can be used – SIP (External Client) – TCP 443 – SIP (Federation/PIM) – TCP 5061 – XMPP –TCP 5269 Web Conferencing Interface – Source NAT can be used – PSOM – 443 AV Edge Interface – NAT can’t be used here – STUN/MSTURN – TCP 443 – STUN/MSTURN – UDP 3478

Load Balancing Lync 2013 Load Balancing Edge Pools using Load Balancer – External Interfaces Use Access VIP as default gateway on all Edge interfaces AV Edge Interface considerations – Turn off TCP nagling for both internal and external TCP 443 VIP – Turn off TCP nagling for external port range ,999 – Must use publicly routable IP with no NAT or port translation

Load Balancing Lync 2013 Load Balancing Edge Pools using Load Balancer – Internal Interfaces Access SIP – TCP 5061 – Used by Directors, FE Pools AV Authentication SIP – TCP 5062 – Any FE Pool and SBA AV Media Transfer – UDP 3478 – Preferred path for A/V media transfer AV Media Transfer – TCP 443 – Fallback path for A/V media transfer – File Transfer – Desktop Sharing

Load Balancing Lync 2013 Reverse Proxy

Device deployed between clients and servers, usually in the DMZ and interacts with servers and services on behalf of the client Commonly used to provide load balancing for availability and scalability Terminates TCP traffic Protects internal HTTP servers by providing a single point of access to the internal network Full reverse proxies provide advanced Layer 7 features such as SSL acceleration, traffic management, intrusion prevention, content acceleration, etc. More than NAT Reverse Proxy – What is It Load BalancerReverse Proxy =

Load Balancing Lync 2013 Reverse Proxy – a separate VIP on Load Balancer – Load balance port 80 and 443 – Translate to server ports 8080 and 4443 – Can not use pre-authentication – No persistence is required – Use 20 minute TCP session timeout – Use 1800 seconds TCP idle timeout – Health check on port 5061, or use hardware load balancer monitoring port from topology if defined – Alternatively check /meet/blank.html instead of 5061 to ensure IIS is working

Hardware Load Balancing - Edge Requires N+1 Public IP addresses Reference - &

Load Balancing Lync 2013 Load Balancing Office Web Apps Servers – Load balance port TCP/443 – Enable and Reencrypt SSL – Use Source IP for persistence with 30 minute timeout, use other methods if NAT or concentrators are involved – Use 1800 seconds Idle timeout – Perform healthcheck on /hosting/discovery, using HTTP GET

DNS or Hardware? HLB ProsHLB ConsDNS LB ProsDNS LB Cons App AwarenessExtra step for server draining Simpler Server DrainingSome 3 rd party apps don’t understand DNS LB Easy to take partially working server offline Additional setup work required Less overall complexityMany PBXs can’t talk to pool of DNS LB mediation Servers Supports all level clients Adds significantly to deployment (myth) Minimal LB expertise required Down level clients don’t support DNS LB HA for PIC/XMPP and legacy federation Adds substantial latency (myth) Over-complicates troubleshooting (myth)

Best Practices -Use same load balancing method for internal/external Edge interfaces -Don’t leave timeout at default: TCP idle timeout should be set to 1800 sec -Turn off TCP Nagling for AV Edge ports 50k- 59,999 and internal/external 443 -Use SNAT for general services, DNAT for AV Edge -Ensure load balancer and Lync failover scenarios are tested… BEFORE you need it -Avoid using DSR – not supported -Create an independent virtual service for each edge service (access/webconf/AV) -User cookie-based persistence for external Lync web services and source-address persistence for internal Lync web services -Cookie-based persistence required for Lync Mobility services - Marked http Only, named MS-WSMAN and no expiration -Always use a HLB if HA for XMPP/PIC/legacy Federation is important -Edge internal interface must be on different network than Edge external interface with routing between them disabled -Edge Server External interface running A/V must use routable IP – no NAT/PAT

Thank You!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.