Since KEMP began specific deployments for Exchange 2010 there have been a lot of enhancements to our software. We would like to bring to the reader’s attention a few new features that have been implemented to improve the interaction with Exchange 2010, such as Drop connection on Real Server Failure, Re-encryption, Wildcard Virtual Services, Extra ports, Super HTTP persistence and templates.
Drop connection on Real Server Failure is a change to how we handle connections if a real server should fail. Previously, the LoadMaster had to wait until the idle connection timeout had lapsed before we would cut connections. This posed a problem with applications that held open active connections such as RPC/MAPI. With this new feature enabled we will also proactively cut active connections should a real server fail a health check. This drops the cutover time, when a real server fails, to a small blip. At that point the LoadMaster will forward all requests to healthy servers in the pool.
This option is located under System Configuration – Miscellaneous Options – L7 Configuration.
In prior firmware the only way to provide a fully encrypted path through the LoadMaster while still being able to inspect the data was to have a virtual service that de-encrypted to another virtual service that in turn performed reverse SSL.
This was a process that involved chaining virtual services. Recently we have made this configuration much easier to set
up. We now handle that process behind the scenes within one virtual service. With a one click button that will enable Re-Encryption. This is found under SSL properties after enabling SSL Acceleration.
Early deployments utilized static ports for MAPI and related services . This solution is for users that want to modify their CAS to utilize static ports, but since then we have added a new feature using Wildcard ports for virtual services and real servers. The wildcard feature allows the LoadMaster to listen on all ports, so that if you do not wish to statically assign the RPC ports, we can have the wildcard virtual service control MAPI traffic. This can also be used for any other applications that uses a wide range of ports. This alleviates the need to set up 3 different virtual services for the same exchange service. Instead of creating a port 135 virtual service and the 2 static port virtual services, you can now just set up 1 virtual service using the wildcard feature.
In addition to the wildcard feature, we have implemented a port range and extra ports feature. This allows the user to configure a range of ports for the use of an application that performs as such. Extra ports are used when a user would like the same virtual service to listen and forward traffic to multiple ports such as 80, 8080, 8081. This can also be used in setting up a virtual service for RPC/MAPI. If the user already has static ports configured on the CAS, they can create a virtual service on port 135, and then add in statically set RPC ports in the extra ports field.
In this scenario the connections and persistence will be handled all by one virtual service, making the different port connections persistent on the same table.
With the introduction of our new persistence option Super HTTP, the need for Layer 7 persistence is accomplished. Microsoft recommends the use of layer 7 persistence such as cookies. We have evolved and developed another persistence option that can work as an alternative to cookie based persistence. Super HTTP takes the user agent string and, if present, the authorization header, to create a unique footprint. The benefit here is that the user does not need to support cookies for the persistence to function correctly. We have also added source ip to the persistence to make it more unique if the user agent string is the same.
Recently we added the templates functionality. We have made prebuilt templates for various applications such as Exchange and Lync. This makes deploying Exchange 2010 faster and easier.
Using the KEMP LoadMaster™
James Rago, Senior Technical Support Engineer, KEMP Technologies