Wednesday, March 3, 2010

ISA/TMG Load Balance CAS Servers????

One of the most frequent asked question on the Exchange forums is to load balance CAS servers. I think the excitements of Exchange being redundant ( DAG) as nature bringing all these good questions and scenarios on the table.

I have learned recently great information in this regard and wanted to pass it on to you guys to clear some of the confusion may exist.

Question:

Can TMG/ISA be used to load balance the CAS servers ?

Answer: 

ISA or TMG cannot load balance RPC traffic it can only load balance Internet protocol traffic )-:  ( HTTPS,OA)

  • It is possible to use WNLB ( windows network load balancing) with HT/CAS server , However there are caveats doing this such as ,
  • Scalability more than 8 nodes in WNLB with E2010 CAS is not recommended.
  • Network Flooding, WNLB may cause network flooding
  • Lack of Service Awareness , the WNLB only is aware of IP is being up/down

So as summary

 

WNLB with HT/CAS Possible but not recommended Network flooding & lack of service awareness
Scalability
WNLB MBX+CAS Not Possible!!! limitation build into Windows (hard-blocked)
ISA /TMG Cannot load balance RPC traffic Only internet protocol traffic,such as  HTTPS,OA
  • RPC Traffic load balance is possible with Hardware load balancer , which obviously will introduce extra $$$$.

image

As I learn more in this matter I will come back and update this information.

Best regards,

Oz Casey , Dedeal

MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog

Http://telnet25.spaces.live.com (Blog)

Http://telnet25.wordpress.com (Blog

Posted by at

2 comments:

Glenn Blinckmann said...

You know, you do have a couple of options with this. First, you could do round-robin DNS. It's also not service-aware, but you don't have the flooding problem.

You could also switch to using Outlook Anywhere internally. This would allow you to load balance HTTPS only. This is a lot simpler for the load balancer. It's also sometimes looked at as a security enhancement in some environments as this is all encrypted HTTPS and allows you to firewall RPC traffic from the Exchange servers.

March 3, 2010 at 9:54 AM
Pushpendu said...

My 2 cents - why would anyone want to use ISA 2006 or TMG to load balance RPC traffic over the Internet in case of a reverse proxy? ISA 2006 or TMG has Oulook Anywhere templates ( as Glen pointed out) which is precisely used for securing RPC over HTTPS. So as long as ISA provides load balancing for HTTP or HTTPS it would solve your purpose.

April 1, 2010 at 6:30 PM

Post a Comment

Subscribe to: Post Comments (Atom)