The latest insights from the load balancing experts | Loadbalancer.org
  • Support
  • Blog
  • +1 833 274 2566
  • Solutions
  • Services
  • Products
  • Resources
  • Get Started
  • Support
  • Blog
Schedule your demo
  • Solutions
  • Services
  • Products
  • Resources
  • Get Started
  • Support
  • Blog

The latest insights from the load balancing experts | Loadbalancer.org

  • Latest posts
  • By topic
    • How Tos
    • Events
    • Guest Blogs
    • Top Ten Blogs
    • HA Proxy
  • By sector
    • Healthcare
    • Storage
    • Security
    • Print
    • Microsoft
  • How-To's
  • HAProxy
  • High Availability
  • Just for Fun
  • Security
  • Events
  • News
  • Linux
  • Top 10 Blogs
  • Amazon AWS
  • Reviews and Comparisons
  • Healthcare
  • SSL
  • Web Application Firewall (WAF)
  • Case Studies
  • Microsoft Azure
  • Disaster Recovery
  • Direct Server Return (DSR)
  • Global Server Load Balancing (GSLB)
  • Microsoft
  • Microsoft Exchange
  • Print
  • Denial of Service
  • Microsoft Remote Desktop Services
  • Object Storage
  • Web Filters / Proxy
  • Broadcast Media
  • X-Forwarded-For Header (XFF)
  • Guest Blogs
  • VMware
  • Google Cloud Platform (GCP)
  • Nutanix
See more tags

Load Balancing Exchange 2016

26 February 2019 / 4 min read / Microsoft Exchange

Exchange 2016 is Microsoft's latest enterprise level messaging and collaboration server. It has been designed for simplicity of scale, hardware utilization, and failure isolation. This has greatly simplified both the deployment process and the implementation of a load balancer.

The CAS role that used to be in Exchange 2010 and 2013 has now been merged into the Mailbox role. Exchange 2016 has been consolidated into two roles: the Mailbox Server role and the Edge Transport Server role. In Exchange Server 2016, the Mailbox Servers form the DAG.

The Exchange 2016 mailbox role includes the same proxied functionality that was in Exchange 2013, meaning that if two servers host different mailboxes they will proxy traffic for each other when required. The mailbox server hosting the active copy of the mailbox will serve the user accessing it, even if the user connects to another mailbox server.

Finally, all client traffic from native Exchange clients like Outlook connect over HTTP/HTTPS. No client connectivity directly via MAPI is allowed. One of the main differences from Exchange 2010 is that all client connections are made using HTTPS. Outlook 2013 SP1 and all later versions of Outlook use MAPI over HTTPS to access their mailbox. Older versions of Outlook do not support MAPI over HTTPS and use RPC over HTTPS (Outlook Anywhere).

Load balancing considerations

Correctly configuring Exchange 2016 as a cluster is a lot easier than the older versions of the product. However, you still need to think about your basic network architecture, your health checks and SSL offloading.

Load balancer deployment method

Exchange 2016 can be deployed using either layer 4 or layer 7 methods. At layer 4, either DR (Direct Return) or NAT mode can be used. Layer 7 utilizes SNAT mode.
For simplicity we recommend using layer 7 SNAT mode. This mode requires no changes to the Exchange Servers and enables the Exchange Servers to be located on any route-able network.

However, for very large deployments supporting many 1000s of mailboxes, layer 4 DR mode can be leveraged to provide maximum load balancing performance.

One-arm layer 4 DR mode is the fastest and most scalable option so where possible this is recommended. If this is not feasible for any reason – for example, the Exchange Servers are located on a different subnet to the VIP - then two-arm layer 4 NAT mode is suggested as this also offers high performance.

Recommended deployment

We've recently changed our recommended deployment mode from layer 4 DR -> layer 7 SNAT. This change was made for several reasons: Layer 7 is easy to configure, the servers can be positioned on any routeable network, no Exchange Server configuration changes are required to handle the ARP problem. But most importantly layer 7 now has ample performance for even the largest Exchange deployments.

Exchange 2016 Health-checks

To ensure that load balancers do not route traffic to a Mailbox server that Managed Availability has marked as offline, load balancer health probes must be configured to check a specific URL for each service in the format:
https://<External FQDN>/<protocol>/healthcheck.htm
For example with the Outlook Web Access service you would use:
https://your.domain.com/owa/healthcheck.htm

Note that healthcheck.htm does not actually exist within the virtual directories; it is generated in-memory based on the component state of the protocol in question.

If the load balancer health probe receives a 200 status response, then the protocol is up; if the load balancer receives a different status code, then Managed Availability has marked that protocol instance down on the Mailbox server. As a result, the load balancer should also consider that end point down and remove the Mailbox server from the applicable load balancing pool.

Persistence (aka Server Affinity) requirements

Due to Exchange 2016's new architecture, all sessions to the Mailbox servers are stateless and therefore persistence/affinity is no longer required on the load balancer.

Virtual Server/Service (VIP) requirements

To provide load balancing and HA for Exchange, the following VIPs are required:

  1. HTTPS & HTTP (the HTTP VIP is only required for redirecting to HTTPS)
  2. SMTP
  3. IMAP4 (If used/required)
  4. POP3 (If used/required)

Port requirements

The following table shows the port list that must be load balanced. Some services such as IMAP4 or POP3 may not be used in your environment.

TCP Port Role(s) Uses
25 CAS Inbound SMTP
110 CAS POP3 clients
143 CAS IMAP4 clients
443 Mailbox HTTPS (Outlook Web App, AutoDiscovery, Web Services, ActiveSync, MAPI over HTTP, RPC over HTTP – a.k.a. Outlook Anywhere, Offline Address Book, Exchange Administration Center)
Note: Outlook Web App has been renamed as Outlook on the Web in Exchange 2016
993 CAS Secure IMAP4 clients
995 CAS Secure POP3 clients

Deployment architecture

Layer 7 SNAT (without SSL Offload) — Recommended

Exchange-1

Layer 7 SNAT Mode (with SSL Offload)

Exchange-2

More information

For more information please refer to our complete deployment guide: http://pdfs.loadbalancer.org/Microsoft_Exchange_2016_Deployment_Guide.pdf

Found in

Microsoft Exchange, How-To's

About the author

Neil Hosking-profile-image
Neil Hosking

Worked with 1st, 2nd & 3rd line technical support for the Royal Navy and corporate companies for over 20 years, Neil joined the Loadbalancer.org support team in September 2015 looking to develop his skill set across a wider variety of customer environments. When he’s not in the office Neil can be found cycling or visiting the cinema as well as watching his favorite TV shows including the Walking Dead.

Read More

Related posts

Microsoft Exchange
Microsoft Exchange
21 Aug 2020
Making a leading charity’s email system secure, accessible and reliable Rosalind Bootle
Our expertise enabled a leading charity utilise their Microsoft Exchange email system making it easily accessible, secure, scalable and reliable.

2 min read

Read more
Case Studies
Case Studies
22 Feb 2017
Loadbalancer.org & BenQ Case Study Jake Borman
BenQ meets user expectations with high-performance Microsoft Exchange platform in Europe With employees spread across ten European countries, BenQ needs to ensure that its email system in Europe delivers high performance and exceptional availability. It

3 min read

Read more
Security
Security
1 Mar 2019
FTPS Implicit vs FTPS Explicit: Who will win? Imannuel Graham
“Load balancing FTP can be loads of fun for system and network administrators alike!” - said nobody ever. Implementation of FTP and configuration of your firewalls can be cumbersome, especially when it comes to being

4 min read

Read more

Get started

Get in touch

Start a conversation about the right solution for your business.

Get in touch

Create your quote

Transparent pricing you can see straight away.

Create your quote

Download now

Try us free for 30 days – see why our customers love us.

Download now

Schedule a virtual meeting with us

Working remotely or from home? Let’s meet on a call or online.

Let's meet

Follow Loadbalancer.org

+1 833 274 2566
  • Company
    • Solutions
    • Services
    • Load balancer
    • Why Loadbalancer.org
    • Blog
    • Professional services
    • Sitemap
  • Load balancer
    • Get a quote
    • Free trial
    • Online demo
  • Resources
    • Manuals
    • Deployment guides
    • Applications
    • White papers
    • Case studies
    • Solutions
  • Support
    • FAQ's
    • Open a ticket
    • Security news
  • Applications
    • Healthcare
    • Storage
    • Print
    • Security
    • Microsoft
The latest insights from the load balancing experts | Loadbalancer.org

The latest insights from the load balancing experts | Loadbalancer.org. All rights reserved

  • Contact Us
  • Terms & Conditions
  • Privacy Policy