Here our Lead Technical Author/Architect at Loadbalancer.org, Rob Cooper, explains why you need to load balance your Microsoft Apps, and explains how to do this with Microsoft Exchange Server, Remote Desktop Services, Internet Information Services and Always On VPN.
Hundreds of thousands of businesses around the world rely on Microsoft applications to deliver their fundamental IT services. However, these apps aren't always 100% dependable. So how can you rectify this if you need to keep things running 24/7?
Ladies and gentlemen, I give you the load balancer...
Why do Microsoft apps need load balancers?
The underlying servers that support mission-critical Microsoft apps can fail unexpectedly and inexplicably at any time. When this happens, you need to have a load balancer in place to instantly direct the user traffic to alternative servers that are operating, to give users an uninterrupted service. Until a Microsoft app is integrated with a load balancer, the high availability potential stated may be hypothetical.
By load balancing Microsoft apps, businesses can:
- Improve application reliability to deliver high availability for users
- Make apps more scalable and able to cope effortlessly with peaks in demand
- Improve security with flexible network address translation (NAT) rules
- Simplify server maintenance, as IT services can continue uninterrupted while individual servers are taken offline
- Remove the need for scheduled down-time and costly out-of-hours IT maintenance windows
What is the best way to load balance Microsoft applications?
There is no single load balancing method that will deliver the optimum results across all Microsoft apps. Consequently, Loadbalancer.org recommends different load balancing modes for different apps, and indeed for different versions of apps. To maximise the availability and performance of your most critical Microsoft apps, use the configurations below.
Load balancing Microsoft Exchange
Microsoft Exchange is a common email and calendar system. In Exchange 2019, there is a single server role (the Mailbox Server) that provides client access services and the high availability architecture necessary for any enterprise messaging environment. High availability is provided by implementing multiple Mailbox Servers, configuring a Database Availability Group (DAG) and deploying a load balancer.
For Exchange we recommend using Layer 7 SNAT mode for simplicity. It's important to note that when using this node, the client IP is lost and replaced with the load balancer's own IP address. If this is an issue for your environment, X-Forwarded-For headers can be inserted by the load balancer which then enables each Exchange server to be configured to log the client address.
Load balancing Microsoft Always On VPN
Microsoft Always On VPN provides a simple way for users to connect securely to the Internet via a virtual private network (VPN) when working remotely. These days, remote access has become an essential part of any IT system, so to ensure that the Always On VPN is highly available, multiple VPN servers – that use Microsoft’s routing and remote access service (RRAS) – and multiple network policy servers (NPS) should be deployed with a load balancer. Inbound traffic is then distributed between the healthy servers to ensure service availability and provide the best possible performance.
For Always on VPN, Loadbalancer.org recommends using layer 4 SNAT mode. This mode offers high performance and is simple to configure since it requires no configuration changes to the load balanced servers. In addition, as with all layer 4 modes it supports user datagram protocol (UDP) which is required for Always On VPN.
Layer 4 DR mode and NAT mode can also be used, although in both cases configuration changes are required to each Always On VPN server.
Load balancing Microsoft Remote Desktop Services
As with Always on VPN, Microsoft Remote Desktop Services (RDS) is often a key part of a Microsoft based IT system and its use has grown exponentially during the coronavirus pandemic to support home working. RDS is made up of several server roles that each perform different tasks and, to ensure high availability, all servers should always be load balanced including web access servers, connection brokers, session hosts and gateways.
For web access servers and connection brokers, Loadbalancer.org recommends layer 7 SNAT mode. For gateways and session hosts where UDP support is required, layer 4 SNAT mode is recommended. Both layer 4 and layer 7 SNAT mode are simple to implement since no configuration changes are required to the load balanced servers.
Load balancing Microsoft Internet Information Services
Internet Information Services (IIS) is a flexible and secure web server, used for hosting data and services on the Internet, including media streaming and web apps. In an ideal scenario, multiple IIS servers, hosting website replicas, should be deployed to create a web farm. The load balancer can then continually verify the health of each server and only forward traffic to available servers.
For high load IIS based web farms, Loadbalancer.org recommends that layer 4 DR mode is used where possible. This mode offers the best possible performance, since replies go directly from the IIS servers to the client, not via the load balancer. When more complex functionality is required such as header manipulation or URL manipulation, we recommend layer 7 SNAT mode. Layer 7 SNAT supports URL switching, cookie insertion and web application firewall (WAF) capabilities.
Leverage our expertise
This may sound complicated, but it needn’t be. Our products have been used by 1000's of customers to load balance MS applications, so give us a shout if there's anything you're not sure about.
We are a qualified Microsoft partner for apps including Exchange Server, which means our products have been thoroughly tested by Microsoft in Exchange environments. Bottom line - our Microsoft-certified engineers can help you to get it right first time and deliver the reliable performance your users need.