+1 833 274 2566

What do you need load balancing for?

"Loadbalancer.org are fantastic and always respond quickly to any tickets I log with them. Their engineers are very helpful and knowledgeable and know the systems they support inside out."

John Burton

Giacom World Networks

Load Balancing Microsoft SharePoint

Microsoft SharePoint is Microsoft’s enterprise collaboration platform. SharePoint makes it easier for people to work together. Using SharePoint, staff can set up web sites to share information with others, manage documents from start to finish, publish reports to help everyone make better decisions and search across a range of internal and external data sources to find answers and information more quickly and effectively.

Example load balanced Sharepoint front end deployment illustrating SSL termination, WAF traffic inspection and SSL re-encryption.

Supported Microsoft Sharepoint Protocols

Protocol Ports Load balancing methods
HTTP 80 Layer 7 SNAT (Recommended) Using Reverse Proxy mode is the easiest and most flexible load balancing method, offering advanced URL switching, cookie insertion and WAF capabilities.
Layer 4 DR Direct Routing has the advantage of being fully transparent and seriously fast but requires solving the arp problem.
Layer 4 NAT Traditional NAT mode gives easy to implement fast and transparent load balancing but usually requires a two-arm configuration (two subnets).
HTTPS 443 All load balancing methods can be easily configured for SSL Pass-through.
This has the advantage of being fast, secure and easy to maintain. Identical SSL certificates will need to exist on each of your backend servers for pass-through security.
SSL Termination or off-loading must be used when advanced Layer 7 functionality such as cookies or URL switching is required. You can also implement SNI if you have multiple domain certificates one one public IP address. Optional re-encryption is also available between the load balancer and IIS.

FAQs

  • How do we get the client source IP address in our web server logs?

    There are several ways to solve the transparency issue with a Load Balancer.
    - Layer 4 (HTTP & HTTPS): This is source IP address transparent by default.
    - Layer 7 (HTTP): Change the logging behaviour in IIS to show the XFF header.
    - Layer 7 (HTTP & HTTPS): Enable Proxy Protocol and XFF.
    - Only if all else fails then Layer 7 with two-arm TPROXY is fully transparent

  • Do I require persistence for Sharepoint?

    Since the release of Microsoft Sharepoint 2013 you no longer require persistence. Instead the Distributed Cache service can maintain authentication information across all Sharepoint frontend web servers.

  • Can I offload/terminate SSL at the load balancer?

    Yes you can. We usually recommend that you terminate SSL at the real servers for better scalability as well as less complexity. However, if you need to use the WAF, advanced persistence methods or insert X-Forwarded-For Headers then you can optionally offload SSL at the load balancer. You can even re-encrypt again to the backend if desired for extra peace of mind.

  • What can I do to protect Sharepoint from Cross-site scripting (XSS) and SQL injection attacks?

    With the Web Application Firewall (WAF) users will be protected with the OWASP Top 10 rules which keeps the service PCI compliant but also, users can configure extra/other rules if they need to.

Surely you must have a question?