An extra added cost to Exchange 2010 deployments is often a hardware load balancer, or even virtual load balancer appliances. These start at over £1000 for some of the cheaper ones and can cost tens of thousands, however there’s open source software out there that can do the same thing, just as well.
HAProxy is a widely used, reliable and stable Load Balancer for Linux and a few weeks ago I began looking at it as an alternative for Exchange 2010 load balancing and whilst having a look to see if anyone had done it before, I found a good article here. The one problem for many Exchange administrators is that they don’t have time to learn about Linux just to try it out, so I began to think that it would be great if someone made a virtual appliance (just like many of the HLB vendors sell) with an easy to use management interface aimed squarely at Exchange 2010 environments.
The Exchange 2010 HAProxy VLB Appliance is a free Layer 4 based virtual load balancer that runs in VMware or Hyper-V environments. It doesn’t require Linux knowledge to get up and running and is managed using a simple, easy to use, web-based management interface (screenshots below). For the initial release it’s not aimed at your production environment yet but as more people test it out and help refine it, future versions will be (and will be free, naturally).
Before you start, you need to have an understanding of how the load balancer fits in your environment. Typically clients will connect to it for web services, like OWA, and also through Outlook via MAPI, using a Client Access Array as illustrated by this simplified diagram:
In addition to planning your environment, you’ll also need some other information for the load balancer setup:
- IP address for management
- IP address for the virtual load balancer interface, in the same subnet
- DNS and NTP server addresses
- Client Access Server IP addresses
- Network Access from the virtual load balancer interface to the following TCP ports on the Client Access Servers:
- 80 and 443 for HTTP/HTTPS
- 135,139,6001-6004,60000 and 60001 for RPC Client Access
Note that if you’re testing this in a perimeter network, you only need ports 80 and 443 open for external access to Exchange servers.
The process for installation is fairly straightforward:
- Download and import the appliance
- Boot it up and set the management IP address via the console
- Visit the web-based management interface and set a password, load balanced virtual IP address, set a few details like time zone and DNS server and finally add your first client access server.
- Log in and add your other client access servers and follow instructions within the management interface as to how to set up static RPC TCP/IP ports on your client access servers.
The following videos show the installation and initial setup procedure both for VMware and Hyper-V environments:
The management interface is intended to be fairly simple. After initial setup and login, you should (after the settings have taken effect) basic statistics for the underlying HAProxy load balancer, showing the number of sessions and state of the Client Access Servers:
The initial version uses Layer 4 load balancing, and uses the client source IP address for client affinity and doesn’t have intelligent application-level monitoring and SSL offload (yet). Therefore you just need to correctly configure static RPC ports (RPC Client Access, port 60000 and Address Book Service, port 60001) on the client access servers and add the IP addresses of each client access server to load balance:
On the remaining tabs, you have access to change the management and load balancer IP addressing, set the time zone and NTP servers, update the management interface password and check the logs for the management interface and underlying software that propagates changes made through the UI:
Should you wish, you can also log in at the console using the root password credentials you’ll set on initial startup. From here, it’s a standard minimal Ubuntu installation though any changes to settings that are usually managed through the UI will be overwritten the next time they are changed through the UI:
To actually send traffic to the load balancer, you need to consider the configuration of your environment and have setup your Client Access Array then the associated DNS names for web and RPC Client Access.
Version 0.1 (initial release) is available for download here:
VMware vSphere Compatible OVF file, zipped (md5sum: b60388c5aa1012abe71f5864e79a6828)
VMware vSphere 5.1 Compatible OVF 3.1 file, zipped (md5sum: 7643cee75ae87fa0ca281bafc281abad)
Hyper-V compatible VHD, zipped (md5sum a9ae7f9b498f96a4d6d1bb58c4c542ee)
To check md5sum values, use Microsoft File Checksum Integrity Verifier
This is the first version, so just to repeat it’s only aimed at use in your lab environment.
It’s intended that with subsequent versions it will be production ready, as this is totally aimed at being an easy to use free alternative to paid-for hardware and virtual load balancers for Exchange 2010. It needs a few extra features but most importantly it needs your feedback and testing in the wild to ensure the management interface is good enough, and to get some ideas back from the field on what sort of load it can handle in it’s current form.
One thing I can’t guarantee is support for this – comments and reports of bugs are always appreciated, but the downside of free is it doesn’t come with a support contract. However the intention is to keep developing this and add other features to the so it can compete with the expensive equivalents.
Currently, the downloadable registry file for setup of static RPC ports does not work as expected. I recommend using Bhargav Shukla’s script for configuring static ports available here: