Download presentation
Presentation is loading. Please wait.
Published byDora Barrett Modified over 9 years ago
4
User CAS DAG For any given mailbox’s connectivity, the user is always served by the server that hosts the active database copy Each CAS determines the right end point for the traffic, and so all sessions – regardless of where they started – end up in the same place MBX-BMBX-A Layer 4LB
6
MBX CAS Load balancer HTTP proxy IIS DB Protocol head Local proxy request SITE BOUNDARY MBX CAS Load balancer IIS HTTP proxy DB Protocol head OWA cross-site redirect requestCross-site proxy request SITE BOUNDARY MBX DB Protocol head HTTP
9
Clients autodiscover.contoso.com E2010 CAS E2010 MBX E2013 CAS E2013 MBX E2010 CAS E2010 MBX DNS Internet-facing siteIntranet site CAS 2010 handles request PROXY
10
Clients autodiscover.contoso.com E2007 CAS E2007 MBX E2013 CAS E2013 MBX E2007 CAS E2007 MBX DNS Internet-facing siteIntranet site MBX 2013 handles request PROXY MBX 2013 handles request PROXY
11
Outlook clients Internal LB namespace E2010 CAS E2010 MBX E2013 CAS E2013 MBX E2010 CAS E2010 MBX Internet-facing siteIntranet site CAS 2010 handles request PROXY The triangle (AD) Lookup SCP records in AD
12
Outlook clients Internal LB namespace E2007 CAS E2007 MBX E2013 CAS E2013 MBX E2007 CAS E2007 MBX Internet-facing siteIntranet site Still a triangle Lookup SCP records in AD MBX 2013 handles request PROXY
15
mail.contoso.com E2010/ E2007 MBX Internet-facing siteIntranet site E2010/E2007 CAS Enable OA Client Auth: Basic IIS Auth: Clients E2013 MBX E2013 CAS Enable OA Client Auth: Basic IIS Auth: Basic E2010/ E2007 MBX E2010/E2007 CAS Enable OA Client Auth: Basic IIS Auth: NTLM 1.Enable Outlook Anywhere On intranet 2007/2010 servers 2.Client settings Make 2007/2010 client settings the same as 2013 Server (in this case meaning OA hostname = mail.contoso.com and client auth = Basic) 3.IIS authentication methods Must include NTLM RPC/HTTP PROXY RPC PROXY NTLM RPC
17
mail.contoso.com LAYER 4 LB OWA E2010 MBX Internet-facing site E2010 CAS HTTP PROXY RPC E2013 MBX E2013 CAS Intranet site E2010 MBX E2010 CAS europe.mail.contoso.com LAYER 7 LB Auth 2013 logon page Same site proxy request HTTP PROXY Cross site proxy request RPC Auth 2010 logon page single sign on (sso) redirect!! new in CU2!
18
mail.contoso.com LAYER 4 LB OWA E2007 MBX Internet-facing site E2007 CAS RPC E2013 MBX E2013 CAS Intranet site E2007 MBX E2007 CAS europe.mail.contoso.com LAYER 7 LB Auth 2013 logon page Auth 2007 logon page HTTP PROXY RPC Auth 2010 logon page Legacy.mail.contoso.com LAYER 7 LB Single sign on (SSO) redirect!! New in CU2! Single sign on (SSO) redirect!! New in CU2!
19
mail.contoso.com LAYER 4 LB OWA E2010 MBX Internet-facing site E2010 CAS E2013 MBX E2013 CAS Intranet-facing site E2013 MBX E2013 CAS europe.mail.contoso.com LAYER 4 LB Auth 2013 logon page Single sign on (SSO) redirect!! New in CU2!
20
mail.contoso.com LAYER 4 LB OWA E2010 MBX Internet-facing site E2010 CAS E2013 MBX E2013 CAS Intranet-facing site E2013 MBX E2013 CAS mail.contoso.com LAYER 4 LB Auth 2013 logon page HTTP PROXY
22
mail.contoso.com LAYER 4 LB EAS E2010 MBX Internet-facing site E2010 CAS HTTP PROXY E2013 MBX E2013 CAS Intranet site E2010 MBX E2010 CAS europe.mail.contoso.com LAYER 7 LB Same site proxy request HTTP PROXY Cross site proxy request
23
mail.contoso.com LAYER 4 LB EAS Internet-facing site Intranet site E2007 MBX E2007 CAS europe.mail.contoso.com LAYER 7 LB legacy.mail.contoso.com LAYER 7 LB E2007 MBX E2007 CAS E2013 MBX E2013 CAS
25
mail.contoso.com LAYER 4 LB EWS E2010 MBX Internet-facing site E2010 CAS HTTP PROXY E2013 MBX E2013 CAS Intranet site E2010 MBX E2010 CAS europe.mail.contoso.com LAYER 7 LB Same site proxy request HTTP PROXY Cross site proxy request
26
E2007 MBX E2007 CAS E2013 MBX E2013 CAS mail.contoso.com LAYER 4 LB EWS Europe intranet-facing site E2007 MBX E2007 CAS europe.mail.contoso.com LAYER 7 LB legacy.mail.contoso.com LAYER 7 LB Internet-facing siteIntranet site
33
User CAS DAG MBX-BMBX-A Layer 4LB For any given mailbox’s connectivity, the user is always served by the server that hosts the active database copy. Each CAS determines the right end point for the traffic, and so all sessions – regardless of where they started – end up in the same place.
34
Layer 4LB User Client makes request to FQDN: /ews/Exchange.asmx on TCP 443 LB sees: IP address/Port No SSL Termination CAS LB forwards traffic to CAS with no idea of final URL So how do we pick a CAS when there are several, or determine the health of a CAS?
35
Layer 4LB UserCAS OWA ECP EWS EAS OAB AutoD mail.contoso.com autodiscover.contoso.co m If you can test the health of a Vdir on CAS to determine overall server health – which one(s) would you pick? RPC mail.contoso.com/rpc Result: At layer four – with one namespace – health is per server, NOT per protocol
37
Layer 7LB UserCAS OWA ECP EWS EAS OAB AutoD mail.contoso.com autodiscover.contoso.co m SSL Termination at Load Balancer reveals full URL RPC mail.contoso.com/rpc mail.contoso.com/owa Result: At layer seven – with one namespace – health is per protocol
38
Layer 4LB UserCAS OWA ECP EWS EAS OAB AutoD mail.contoso.com autodiscover.contoso.co m The destination IP implies the full URL RPC rpc.contoso.com owa.contoso.com Result: At layer four – with multiple namespaces – health is per protocol ews.contoso.com oab.contoso.com eas.contoso.com ecp.contoso.com
39
Functionality Simplicity Target Audience Trade-offs + Simple, fast, no affinity LB + Single, unified namespace + Minimal networking skillset - Per server availability + Simple, fast, no affinity LB + Per protocol availability - One namespace per protocol + Per protocol availability + Single, unified namespace - SSL termination @ LB - Requires increase networking skillset
43
Layer 4LB User Client makes request LB sees: IP address/port No SSL termination CAS LB forwards traffic to CAS Is this not a packet filtering device?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.