Exchange 2010 HAProxy Virtual Load Balancer

An extra added cost to Exchange 2010 deployments is often a hardware load balancer, or even virtual load balancer appliances. These start at over £1000 for some of the cheaper ones and can cost tens of thousands, however there’s open source software out there that can do the same thing, just as well.

HAProxy is a widely used, reliable and stable Load Balancer for Linux and a few weeks ago I began looking at it as an alternative for Exchange 2010 load balancing and whilst having a look to see if anyone had done it before, I found a good article here. The one problem for many Exchange administrators is that they don’t have time to learn about Linux just to try it out, so I began to think that it would be great if someone made a virtual appliance (just like many of the HLB vendors sell) with an easy to use management interface aimed squarely at Exchange 2010 environments.

The Exchange 2010 HAProxy VLB Appliance is a free Layer 4 based virtual load balancer that runs in VMware or Hyper-V environments. It doesn’t require Linux knowledge to get up and running and is managed using a simple, easy to use, web-based management interface (screenshots below). For the initial release it’s not aimed at your production environment yet but as more people test it out and help refine it, future versions will be (and will be free, naturally).

Prerequisites

Before you start, you need to have an understanding of how the load balancer fits in your environment. Typically clients will connect to it for web services, like OWA, and also through Outlook via MAPI, using a Client Access Array as illustrated by this simplified diagram:

image

In addition to planning your environment, you’ll also need some other information for the load balancer setup:

  • IP address for management
  • IP address for the virtual load balancer interface, in the same subnet
  • DNS and NTP server addresses
  • Client Access Server IP addresses
  • Network Access from the virtual load balancer interface to the following TCP ports on the Client Access Servers:
    • 80 and 443 for HTTP/HTTPS
    • 135,139,6001-6004,60000 and 60001 for RPC Client Access

Note that if you’re testing this in a perimeter network, you only need ports 80 and 443 open for external access to Exchange servers.

Installation

The process for installation is fairly straightforward:

image

  • Download and import the appliance
  • Boot it up and set the management IP address via the console
  • Visit the web-based management interface and set a password, load balanced virtual IP address, set a few details like time zone and DNS server and finally add your first client access server.
  • Log in and add your other client access servers and follow instructions within the management interface as to how to set up static RPC TCP/IP ports on your client access servers.

The following videos show the installation and initial setup procedure both for VMware and Hyper-V environments:

VMware vSphere 

Hyper-V 2008 R2

Management

The management interface is intended to be fairly simple. After initial setup and login, you should (after the settings have taken effect) basic statistics for the underlying HAProxy load balancer, showing the number of sessions and state of the Client Access Servers:

image

The initial version uses Layer 4 load balancing, and uses the client source IP address for client affinity and doesn’t have intelligent application-level monitoring and SSL offload (yet). Therefore you just need to correctly configure static RPC ports (RPC Client Access, port 60000 and Address Book Service, port 60001) on the client access servers and add the IP addresses of each client access server to load balance:

image

On the remaining tabs, you have access to change the management and load balancer IP addressing, set the time zone and NTP servers, update the management interface password and check the logs for the management interface and underlying software that propagates changes made through the UI:

imageimage

imageimage

Should you wish, you can also log in at the console using the root password credentials you’ll set on initial startup. From here, it’s a standard minimal Ubuntu installation though any changes to settings that are usually managed through the UI will be overwritten the next time they are changed through the UI:

image

To actually send traffic to the load balancer, you need to consider the configuration of your environment and have setup your Client Access Array then the associated DNS names for web and RPC Client Access.

Download

Version 0.1 (initial release) is available for download here:

VMware vSphere Compatible OVF file, zipped (md5sum: b60388c5aa1012abe71f5864e79a6828)

VMware vSphere 5.1 Compatible OVF 3.1 file, zipped (md5sum: 7643cee75ae87fa0ca281bafc281abad)

Hyper-V compatible VHD, zipped (md5sum a9ae7f9b498f96a4d6d1bb58c4c542ee)

To check md5sum values, use Microsoft File Checksum Integrity Verifier

Notes

This is the first version, so just to repeat it’s only aimed at use in your lab environment.

It’s intended that with subsequent versions it will be production ready, as this is totally aimed at being an easy to use free alternative to paid-for hardware and virtual load balancers for Exchange 2010. It needs a few extra features but most importantly it needs your feedback and testing in the wild to ensure the management interface is good enough, and to get some ideas back from the field on what sort of load it can handle in it’s current form.

One thing I can’t guarantee is support for this – comments and reports of bugs are always appreciated, but the downside of free is it doesn’t come with a support contract. However the intention is to keep developing this and add other features to the so it can compete with the expensive equivalents.

Issues

Currently, the downloadable registry file for setup of static RPC ports does not work as expected. I recommend using Bhargav Shukla’s script for configuring static ports available here:

Script to configure static ports on Exchange Server 2010

210 thoughts on “Exchange 2010 HAProxy Virtual Load Balancer

  1. My question is regarding article http://searchexchange.techtarget.com/tip/Set-up-reliable-Exchange-2013-load-balancing-with-open-source-tools
    I am going to just include what another user asked because I am having the same exact problem

    MattP75 — 26 Jun 2014 8:21 AM

    Excellent article Steve. Just wanted to a line in the haproxy.cfg file “option httpchk /owa/healthcheck.htm”. When I include this in my config the stats page of HAProxy shows the CAS servers as “down” yet the health check url is resolvable from any server. Is there anything behind the scenes I’m missing – something to do with SSL or certificates that is stopping the loadbalancer accessing the page?

    Could the article please be amended to include instructions regarding this?

  2. Having some issues with setting this up on Hyper-v running on Windows 8.1. The VM has a kernel panic if the standard network adapter is used. If the legacy network adapter is used, the VM starts up and the IP can be set. After reboot it works for about one minute after start up the network drops off. At every reboot it works for a minute after start up and then drops.
    Something is loaded that interferes but not knowing enough about Ubuntu I can’t figure out what. Any ideas or suggestions are welcome. Thanks /M

    • Got it working in the end by setting the standard adapter to “not connected” whilst booting the first time, then enabling and setting the IP. Then setting it to “not connected” and rebooting the VM. Then again, when VM is up. changing adapter to connected and running ifup.

  3. Steve,

    Sweet package. You should develop it. IT works for me and I’m going live with it. I’m sitting it betweeen my CAS servers and some Apache reverse proxies and it resolves all of the RPC OA/EAS problems in a heartbeat. [geddit?]

  4. Hi Steve can you by any chance include smtp as my CAS Array is internet facing? Or do you have a recommendation?

    Thanks

  5. Pingback: HAProxy for Exchange 2013 – How to roll your own protocol-aware load balancer | Steve Goodman's Exchange Blog

    • haproxy is a front end for the world’s most active webservers… and highly respected as a swiss army knife kind of software… it is in our benefit to learn how to use it….

  6. Hello,

    Seems like a great product. I am having a few problems. I have set the IP via the console. I am able to ping the HA proxy server but i am unable to access it via the web interface!!! any idea of what i am doing wrong

  7. Hi,

    Thank you for this article, I’m investigating HAproxy too at the moment and it looks very stable and widely used indeed.

    I also have seen that Zen Loadbalancers looks promising but I’m not sure if it’s better than HAproxy, here is it’s link: http://www.zenloadbalancer.org

    I like a lot of features like you can set the pages you want to show when something isn’t avalable, and all other settings are very detailed too.

    I’m also figuring out if it’s ideal to use HAproxy in Pfsense as this are my routers and the package is available in it.

    Hope to see some more posts here.

    Matt

Leave a Reply