Set up reliable Exchange 2013 load balancing with open source tools

You can now use free third-party load-balancing options, including Linux offerings, thanks to improvements in Exchange.

Expensive load balancers are no longer required, thanks to Exchange 2013 improvements. Clients don't require affinity,...

so Layer 7 load balancers that inspect traffic and ensure the same client always goes back to the same server can be substituted with simple Layer 4 load balancers with simple configurations.

There are many reasons why an expensive load balancer might make sense for you, but you should also consider free Linux-based offerings. Most commercial load balancers are based on Linux, and some even use HAProxy, the free load balancer software we'll use, under the hood. Used by some of the largest websites in the world across many Exchange implementations, HAProxy is an open source load balancer that could fit the bit for your organizations.

sample Exchange Server setup
Figure 1

Setting up Exchange 2013 load balancing with a free option isn't complicated because it's easy to implement and doesn't require lots of maintenance to keep up and running. Commercial load balancers are great and come with good support, additional features and simple graphical user interfaces (GUIs), but a free option might meet your needs for Exchange 2013.

Let's look at an example environment. We'll keep everything relatively simple in our example environment, so we'll have a single site with two Exchange Servers. Each server is running both the Client Access Role and the Mailbox Role and participates in a single database availability group (Figure 1).

The benefit of simple Layer 4 load balancing might mean our load balancer configuration is simple, but it also means that we need to use fully qualified domain names (FQDNs) for each Web service, along with corresponding Exchange configuration for internal and external URLs.

Service            FQDN
Outlook Web App and SMTP mail.exchangelabs.co.uk
Exchange Admin Center eac.exchangelabs.co.uk
Exchange Web Services ews.exchangelabs.co.uk
Offline Address Book oab.exchangelabs.co.uk
Exchange ActiveSync eas.exchangelabs.co.uk
Autodiscover autodiscover.exchangelabs.co.uk
Outlook Anywhere oa.exchangelabs.co.uk

Layer 4 load balancing can't inspect the traffic passing through and therefore won't know if the client is requesting OWA, ActiveSync or something else. To ensure that we can perform per-service monitoring on the load balancer, we'll need to split up traffic by using different IP addresses, the result of which is separate names for each service.

Installing Linux to run Exchange 2013 load balancing

To run our load balancer, we'll need a basic Linux installation. If you haven't installed Linux before, it isn't particularly hard. If you're familiar with PowerShell, then you will adapt pretty easily.

The Linux distribution we'll use for this load balancer is Ubuntu 12.04 LTS. LTS stands for Long-Term Support, which means it will continue to receive updates long after newer versions of Ubuntu stop receiving updates. Ubuntu isn't necessarily better than any other Linux distribution, but we've chosen it because it includes HAProxy. That makes it easy to install and update.

Download Ubuntu Server 12.04 LTS from the Ubuntu website. We'll use that ISO to create a new virtual machine (Figure 2).

New Virtual Machine Wizard
Figure 2

The Hyper-V configuration dialogue shows that we don't need a lot of resources to run this load balancer; 1 GB RAM and a single virtual CPU will suffice for our small database availability group.

Ubuntu installation is straightforward. It's a virtual machine, so we know the hardware will be supported and we can choose the defaults for every stage of the installer; the only exceptions are when choosing your login user account and package selection. When prompted to install packages, choose OpenSSH to allow remote administration of the server. The server will reboot after the installation completes, and after the first boot, we're presented with the login prompt. We'll log in here to perform a couple of core tasks:

  1. Perform updates, the equivalent of installing Windows Updates on the server.
  2. Configure the IP addresses the server will use.

Log in with the user created during the setup process. This user allows us to elevate privileges to the administrator user (root) by prefixing commands with sudo (the equivalent of User Account Control) to make our changes. The program apt-get is used to install and update software, so we'll update the package list and then install updates using the following commands:

sudo apt-get update
sudo apt-get upgrade

After performing updates, assign static IP addresses to the server. We'll have a primary IP address and an additional IP address for each load-balanced service. The configuration for the network is contained in a text file, which we'll edit with a text editor, similar to Notepad, called Nano:

sudo nano -w /etc/network/interfaces

After opening the interfaces file, replace it with configuration information to match your network:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
# OWA and SMTP
auto eth0:0
iface eth0:0 inet static
auto eth0:1
iface eth0:1 inet static
           # EWS auto eth0:2 iface eth0:2 inet static address 
             # OAB auto eth0:3 iface eth0:3 inet static address 
               # EAS auto eth0:4 iface eth0:4 inet static address 
                 # Autodiscover auto eth0:5 iface eth0:5 inet static address 
                   # OA auto eth0:6 iface eth0:6 inet static address 
network configuration
Now you can view the changes you've made (Figure 3).

Using Ctrl-X, then restart the networking service using the following command:

sudo /etc/init.d/networking restart

Install and configure the load balancer

With our server set up, it's time to install the load-balancer software, HAProxy. We'll use the following command to install it:

sudo apt-get install haproxy

The HAProxy package will download and install. Because it was installed using the package manager, it'll also benefit from updates as and when they're applied. Just like the networking configuration, the load-balancer configuration -- HAProxy -- is contained within a simple text file. To complete our load-balancer configuration, we'll need to edit the configuration file for HAProxy and define a number of parameters:

  1. The definitions for each load-balanced service, such as OWA, and how they are monitored
  2. The IP addresses each load-balanced service is attached to
  3. The IP addresses of the back-end servers

We'll use our simple Nano text editor again to edit the configuration file:

sudo nano -w /etc/haproxy/haproxy.cfg

We'll also have to create definitions for each service, using the following configuration file as a reference:

        maxconn 4096
        user haproxy
        group haproxy
        mode    tcp
        balance roundrobin
        retries 3
        option redispatch
        maxconn 10000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000

listen OWA 
        option httpchk /owa/healthcheck.htm
        server <Server 1 Name> <Server one IP> check port 80
        server <Server 2 Name> <Server 2 IP> check port 80

listen EAC <EAC IP>:443
        option httpchk /eac/healthcheck.htm
        server <Server 1 Name> <Server 1 IP> check port 80
        server <Server 2 Name> <Server 2 IP> check port 80

listen EWS 
        option httpchk /ews/healthcheck.htm
        server <Server 1 Name> <Server one IP> check port 80
        server <Server 2 Name> <Server 2 IP> check port 80

listen OAB 
        option httpchk /oab/healthcheck.htm
        server <Server 1 Name> <Server one IP> check port 80
        server <Server 2 Name> <Server 2 IP> check port 80

listen EAS 
        option httpchk /Microsoft-Server-ActiveSync/healthcheck.htm
        server <Server 1 Name> <Server one IP> check port 80
        server <Server 2 Name> <Server 2 IP> check port 80

listen Autodiscover 
        option httpchk /Autodiscover/healthcheck.htm
        server <Server 1 Name> <Server one IP> check port 80
        server <Server 2 Name> <Server 2 IP> check port 80

listen OA 
         :443 option httpchk /rpc/healthcheck.htm server <Server 1 Name> <Server one IP> check port 80 server <Server 2 Name> <Server 2 IP> check port 80 listen SMTP 
          :25 option smtpchk server <Server 1 Name> <Server 1 IP> check port 25 server <Server 2 Name> <Server 2 IP> check port 25 listen stats 
           :8080 mode http stats enable stats uri / 

Having problems with the Health Check URL?

If you haven't done so already, make sure to untick Require SSL for the OWA virtual directory on each Exchange Server. You'll need to do this because HAProxy must perform the health check over a standard HTTP connection.

creating definitions in a network
Figure 4

You can view the changes after you've made them (Figure 4).

Use Ctrl-X to save the configuration file and activate the configuration using the following commands:

update-rc.d haproxy enable
sudo /etc/init.d/haproxy restart

As with any load balancer, you'll need to direct traffic toward it for it to actually load-balance anything. For each service load-balanced, we'll update the DNS entries to match each corresponding service (Figure 5). 

update DNS entries
Figure 5

As we begin to test traffic with the load balancer, we'll want to verify that it's distributing the load correctly while we gain insight into how healthy the load balancer is. HAProxy includes statistics, which we've enabled in the configuration. To access the statistics, use the following URL: http:// :8080/stats. 

Lastly, we'll illustrate how simple the HAProxy-based load balancer is to manage and examine what we need to do when performing Exchange Server maintenance. In previous versions of Exchange, we would have used the GUI for a load balancer to disable all new traffic from reaching a server. In Exchange 2013 load balancing, we can simply use a command on Exchange to put the Client Access Role into maintenance:

Set-ServerComponentState <Server Name>  -Component ServerWideOffline -State Inactive -Requester Maintenance

As HAProxy is using the parts of Exchange to monitor services, it will automatically mark the server as Down while maintenance is performed.

When maintenance is finished, use this command to mark the server as Active again. HAProxy will pick this up and begin routing requests.

Set-ServerComponentState <Server Name> -Component
ServerWideOffline -State Active -Requester Maintenance

About the author:  Steve Goodman is an Exchange MVP and works as a technical architect for one of the U.K.'s leading Microsoft Gold partners, Phoenix IT Group. Goodman has worked in the IT industry for 14 years and has worked extensively with Microsoft Exchange since version 5.5.

Dig Deeper on Exchange Server setup and troubleshooting