In terms of scalability, the primary design goal of Microsoft Exchange 2016 is simplicity of scale, hardware utilization, and failure isolation. A scale-out deployment of Microsoft Exchange 2016 enables you to increase the number of concurrent users who access Exchange servers and improve the availability of those servers.
The following list summarizes the scenarios supported in a scale-out deployment:
- Run Exchange in a load-balanced environment to support high-volume, on-demand, and high-availability (HA) loads.
- Increase the availability of Exchange servers.
- Limit server downtime to allow for maximum use of all available system resources.
The KEMP LoadMaster supports these scenarios seamlessly, with preconfigured load-balancing templates that have been tested and optimized for Exchange 2016 applications and services.
Scale-out Deployment for Load-Balanced Environments
Exchange 2016 makes it easy to add, move, or replace servers in the deployment to scale out as demands change. To achieve the desired scale-out effect, LoadMaster allows you to distribute loads across Exchange servers in homogeneous and heterogeneous environments. In heterogeneous environments, LoadMaster can redirect client requests automatically to the best Exchange server not only by considering the load information, but also by the capacity of the server. As a result, LoadMaster can use the remaining capacity of diverse Exchange servers within a deployment to decide which server is the most appropriate under a given load.
In addition, KEMP SDN Adaptive load balancing provides critical end-to-end visibility of network paths that is missing from traditional Exchange networks, a gap that prevents applications from being routed optimally. SDN Adaptive enables LoadMaster to monitor the condition of all network paths in the Exchange network and, based on congestion conditions, steer flows down alternative paths to servers that can better accommodate the load. The outcome is more intelligent forwarding decisions, which results in:
- Reduced latency and higher throughput, delivering an up to 50% improvement with 64k packets.
- Faster application delivery QoE (Quality of Experience) and service levels based on the prevailing network traffic.
- An improved user experience by up to 100% over non-SDN Adaptive environments.
10 Gigabit Ethernet is rapidly becoming the technology of choice for high-speed connections to Exchange servers. To support high-performance Exchange environments, LoadMaster is able to direct traffic at a full 10 Gbps for application throughput.
Scaling-out an Exchange infrastructure with clustering provides the ideal solution for growing or unpredictable workloads. Rather than overprovisioning capacity, clustering ensures that an Exchange environment is always sized properly and can be expanded dynamically as demand increases. Clustering also offers resilience, as the cluster continues to provide application delivery services if a member fails.
LoadMaster supports clustering by combining from 4 to 8 LoadMaster instances into a single application delivery entity, with overall capacity aggregated from the cluster members. Additional capacity can be added dynamically, without impacting running services. This scenario provides an ideal solution for maximizing Exchange server uptime, while providing HA that far exceeds a traditional 2-node HA pair.
Securing Servers Against Attack
Historically, a key component for Microsoft workloads has been Microsoft’s Forefront Threat Management Gateway (TMG).
TMG allowed customers to publish and protect workload servers such as Exchange Client Access Servers.
When equipped with the Edge Security Pack (ESP), LoadMaster can be used to provide certain key application functionality previously available in TMG.
This feature pack is available as part of KEMP's Enterprise and Enterprise Plus Subscription options and provides key security functionality for published Exchange deployments.
The KEMP Edge Security Pack includes:
- Endpoint authentication for pre-authentication
- Persistent logging and reporting for user logging
- Single Sign-On (SSO) across Virtual Services
- LDAP authentication from LoadMaster to the Active Directory
- Basic authentication communication from a client to LoadMaster
- Dual-factor authentication
In an Exchange environment, LoadMaster utilizes Layer 3, Layer 4, and Layer 7 health checks to monitor the availability of Exchange servers. If a server does not respond to a health check within a defined time interval for a defined number of times, LoadMaster reduces the weighting of the server to zero. A zero weighting effectively removes the server from the virtual service configuration until it can be determined that the server is back online and responding properly.
Single Sign On
LoadMaster is designed to handle multiple virtual services supporting unique workloads. These virtual services can be joined together into Single Sign-On (SSO) groups. With SSOs, clients need only enter the authentication information for the first virtual service and then this same information will be used to access other services in the SSO group. In this way, a client accessing Exchange can also access other workloads if they are configured as a SSO group.
Multi-Factor authentication is a security mechanism that requires multiple forms of identification before allowing access to a protected resource. In an Exchange environment, multifactor authentication can be performed centrally at the LoadMaster. In this scenario, LoadMaster intercepts a login request to Exchange. If the request is valid (that is, the username and password work), then another authentication step is performed (for example, the user’s mobile phone is called or texted, or an app starts automatically on the phone) and the user validates his login.
LoadMaster supports SSL offloading to relieve Web servers of the processing burden of encrypting and decrypting traffic sent via SSL, the security protocol implemented in every Web browser. As a result, server efficiency and application performance are improved significantly, without impacting the end-user experience and without undue cost and complexity.