Not all Exchange admins have played with load balancers before (hardware or virtual). In fact, it’s only with the more recent push for higher availability and especially the way it is implemented with roles in Exchange 2007/2010 that load balancers have become a bigger concern for Exchange admins. Nevertheless, with a desire to improve high availability (and load balancing) with the Client Access role and, at times, your Transport server, more and more admins have had to look into load balancers to support their needs.
The purpose of a load balancer is to reduce the impact of the load on a single system. So it manages the distribution of that load while also providing failover redundancy so that users continue to receive service in the event of a failure, so long as you have redundant systems and services in place.
Some of you reading may say “can’t we just use Microsoft’s NLB” but NLB isn’t really appropriate for most if not all Exchange implementations. NLB has some issues with scalability, lack of service awareness, issues with client reconnect and so forth. Microsoft Exchange experts have been telling Exchange admins to stay away from NLB for Exchange purposes, so that puts you back shopping for a third-party hardware-based, software-based or virtual.
And that leads me to the subject of my review, the KEMP Technologies LoadMaster 5300 Load Balancer. This is one of a handful of different level hardware-based LoadMasters that KEMP sells, including the 2200, 2600, 3600 and 5300. They also sell virtual load balance appliances (the VLM-100 and VLM-1000). To see a full list of products and features you can see the comparison chart on KEMP’s site.
Why review the 5300? To be honest, when recommending load balancers to folks, I’ve heard it said “if you are looking for a small-to-midsized load balancing solution go with KEMP, but for larger solutions go with F5.” The 3600 and 5300 KEMP models are powerful enough and feature-rich enough (with a more budget friendly price tag) that you may want to reconsider that approach regardless of your size. But let’s put opinions aside and let the appliance speak for itself. Note: For a comparison of KEMP LM-5300 and F5 LTM 1600/3600 and 6900 click here.
Specifications and Features
I have to tell you, when the box arrived I felt like a kid all over again. I mostly review software so whenever I get a cool laptop from Alienware to play with or an AudioCodes VoIP gateway for Unified Messaging lab work it gets me excited. The LM-5300 was just as cool. I have to say it’s well made. Solid all around, awesome faceplate (KEMP has made a wise move with the gold/black mix shown in Figure 1) that will stand out on a rack, redundant power supplies (2x200W, Hot-Swap) and it runs cool. That may partially be due to the Solid State drives and partially due to the powerful fans running inside (which were a tad loud as appliances tend to be).
Figure 1: The KEMP Technologies LM-5300
We don’t normally show pictures but with a hardware appliance I thought it made sense to have one.
Additional specifications worth noting include a 1x Quad Core processor, 8 GB of memory, a max traffic throughput of 8.8 Gbps with 8 Gigabit Ethernet CU ports and 2 standard 10 Gigabit ports and 9300 (included) SSL TPS (transactions per second).
Main features include the following:
- Layer 4 load balancing
- Layer 7 content switching
- Server-resource, adaptive load balancing
- Server and application health checking
- SSL acceleration in ASIC
- L7 Intrusion Prevention (IPS)
- Interface bonding (link aggregation, failover)
- Full VLAN support
Some of these features are often only found in higher-end load balancers like integrated SSL acceleration, which offloads processor-intensive decryption of SSL session keys from servers. Layer 7 content switching is another example. This feature allows you to prioritize data that gets sent first – images, video, apps, etc. IPS security is another plus to have built right into the appliance especially considering where you will place your load balancers on the edge of the network.
Getting it up and running was as easy as plugging it in (both plugs… when I plugged in only one it started beeping at me furiously, which I realized was for my own benefit because it meant it only had one source of power going into it), plugging in an Ethernet cable and getting right to the web-based user interface. Note: Ignore the certificate warning that is caused by the self-signed certificate on the appliance. You can use the Certificates section to create CSRs (Certificate Signing Requests) and so forth.
If you want to you can connect a monitor (VGA port) and keyboard and configure it directly. That may be easier if your network isn’t using 192.168.1.x (the default configuration for the LM). With the monitor/keyboard approach you have to configure the IP settings and then reboot and then you can access the web-based panel.
You’ll go through all the normal login information (which is provided through the Quick Start Guide that comes with the appliance) and license information (also included if you purchased a license). KEMP will actually send you out an appliance to play with if you ask for one, which I thought was really trusting and generous considering these go for thousands of dollars. Once logged in you can click around through the Main Menu and see all the different settings and such (shown in Figure 2).
Figure 2: The LoadMaster Statistics page in the configuration interface
So you get it up, log in, click around, now what? Well, that kind of depends on why you’re using the load balancer in the first place. From an Exchange perspective my biggest question was how do I get this to work with the Client Access Server role and provide greater availability of those CAS servers.
Exchange CAS and the LM-5300
Essentially you are looking to your load balancer in the case of Exchange 2010 to split the load on client traffic coming in to your CAS server. The CAS handles MAPI, HTTPS, POP3/IMAP4 and SMTP traffic and that could be coming from inside or outside your organization. How you design and deploy your load balancer will depend upon your network configuration needs. You might put the LM on the same network subnet arm (VLAN) as both your clients and Exchange servers or you might use the LM to separate your clients and Exchange servers completely using a two arm VLAN approach. Keep in mind that you don’t want to have single points of failure in your set up so you are looking at possibly working with multiple LM 5300’s and you’ll need multiple switches, etc...
Setting up Exchange with the LM 5300 isn’t exactly an intuitive process. I reached out for help and KEMP had an easy to find set of instruction on their site. It was a bit more than I was looking for. I was looking for the one-two-six blog post version that I found in the Jaap Wesselius blog. He’s a Microsoft MVP and I’ve had a chance to spend some time with Jaap over the years. A brilliant man. Well, he spoke about load balancing at TechEd 2012 and will be speaking again at MEC 2012 in Orlando, so I knew he had the fast track to configuring the KEMP LM-5300.
Although you can configure each individual service as a virtual service through the load balancer, for most configurations KEMP recommends creating a single virtual service for all HTTPS-based Exchange 2010 clients and services. So you would have a virtual services that encompasses Outlook Web App (OWA), the Exchange Control Panel (ECP), Outlook Anywhere (OA), Offline Address Book (OAB), Exchange ActiveSync (EAS), and Exchange Web Services (EWS) as well as the Autodiscover service. They point out in their documentation that a single virtual service keeps the load balancer configuration simple and lets you have a single FQDN and associated SSL certificate for all Exchange 2010 client access methods and services. Depending on your setup you may need to configure the load balancer to use SSL offloading.
Keep in mind that by putting all your HTTPS-based services under one virtual service you do have limitations. For example you won’t be able to health check every individual service. You’ll only be able to do a health check based on port or choose one individual service. Speaking with one of the KEMP technical experts, Jason Dover, he explains “To circumvent this, you could, as an example, setup a script that does a HEAD request for each directory and then only send a 200 OK back to the load balancer when they all pass. The caveat here would be that if only one isn't available for some reason on a given server, the server would be offlined for all of the services. So, bottom line is that while it is recommended to consolidate for the sake of simplicity, there are some considerations to be aware of.”
In addition, you will need to set up an explicit virtual service for Outlook MAPI connections. Remember, the RPC Client Access Service on the CAS servers now handles the MAPI connectivity so that it is no longer on the Mailbox servers. So you need to make sure you have those services set up as well as virtual services through the load balancer. All of this is possible and easy to do through the LM-5300 web-based UI (shown in Figure 3). In addition, there are quick start templates that you can use to get your Exchange environment up and running fast.
Figure 3: Getting started with virtual services
Pricing and Support
A single LM-5300 appliance costs $15,990. However, keep in mind if you only purchase one you are leaving yourself a single point of failure, so these are usually sold in pairs. From the decision maker angle the price is solid considering the higher end features included.
As for support, the site had plenty of documentation on how to configure the appliance. I focused on the Exchange side and had the LoadMaster Deployment Guide for Microsoft Exchange 2010 to walk me through the setup as mentioned earlier. However, I also found that fellow MVPs who work with KEMP loadbalancers also had some great advice on setting up the appliance and I was happy to follow the quick screenshot approach personally.
It’s a great load balancer filled with high-end features at a reasonable price. I liked the product, I like their intense focus on load balancing rather than being all over the board with solutions. And I like their policy of just sending out boxes for folks to try them out. What a great way for Exchange admins who are in need of a load balancer to get their HA in place for non-mailbox servers to see the product and work with it before committing. Two thumbs up on the KEMP LM-5300.