Wednesday, March 3, 2010

Load balancing Exchange 2010 CAS servers (CAS Array)

I've been spending much of my time lately working on Exchange 2010 designs for customers here in Canada. One of the common design scenarios we propose is a multi-server DAG with all roles collocated on the same server. When installing multiple Exchange 2010 servers you'll notice that each collocated (MB/HT/CAS) server has a default database. I typically remove the database and create my own with it's own name and file location rather than moving and renaming the default....personal preference. Either way, when you create a database or use the default database on an E2010 MB server there is an attribute called "RPCClientAccessServer" tied to the database which needs some special attention if you intend on load balancing the CAS server role. I'll come back to this in a few moments...

You may know by now that the CAS server in E2010 actually takes on a more critical role than before. In previous versions of Exchange (2007-) the CAS role basically handled IIS (web) traffic for Outlook Web Access users and that's about it. Now with E2010 the CAS role actually handles MAPI/RPC traffic. This means your Outlook 2003/2007/2010 client traffic on the LAN will not connect directly to the database server, but rather the CAS server. Where this becomes more of an impact in deployments is when you want to provide redundancy and DR capabilities to Outlook clients. The clients are configured to "talk" to a specific server initially....and if you have lets say three all-in-one E2010 servers with users in mailboxes on each system, their client settings in Outlook are going to show the specific name of the E2010 server hosting their mailbox. So what if that server goes down? Will the client connect to another server hosting a replica of the database? The answer is no....because you haven't created an RPC Array or set up anything else.

First off if you're wanting to load balance between multiple collocated servers in a Database Availability Group (DAG), you need a hardware (or virtualized) load balancer. Personally I prefer the Citrix NetScaler VPX since it works with VMWare vSphere 4 and the basic model is free and downloadable as a virtual appliance. You can't use NLB since the DAG is using Windows Clustering components and collocation of those technologies isn't supported.

Setting up your hardware load balancer

Let's walk through the setup of the load balancer first. With your hardware load balancer you're going to define a name and IP used by clients to connect to E2010....let's say "webmail.lvsedmtest.ca". This name needs a DNS record on your corporate DNS server and you need to pick an IP address.....let's say 10.10.10.252. Once you've created your DNS host record for the name, we need to configure the load balancer. In my example I'm load balancing to 4 all-in-one servers (see image). Each server and the IP address has been defined in the NetScaler VPX UI.

First, create/define your servers and IP's. These will be later linked to your services which are then bound to the Virtual Server.


Now I need to create a monitor to keep track of the RPC services for each server. Later I'm going to bind this monitor to each RPC service for each server. I use the format of "mon_" for monitor, "rpc_" for the type of monitor, then "cas" for what I'm monitoring. The monitor name is "mon_rpc_cas" and has no specific IP....but rather it has port 135 listed as the port to check to determine if it's operational (up) or not (down).


Now I'm going to create RPC services for each server I need to load balance to. Each service name contains the format of "svc_" then the type "rpc_" then the server name "jcsexchcal" so the entire name looks like "svc_rpc_jcsexchcal". The first service name I've created is linked to the "jcsexchcal.lvsedmtest.local" server (defined earlier) and has both a PING monitor but also the mon_rpc_cas monitor tied to it. This step is critical otherwise your services won't operate in an up/down state properly. You need to repeat this step for each server/service you want to load balance to.


Next I need to create a "Virtual Server" which contains all my services, the IP address, and load balancing attributes (i.e. round robin vs. least connection). I've chosen the name of "vs_" for virtual server, then "rpc_" for the type of data I'm load balancing, then "webmail" for the DNS host name I'm load balancing so the entire name looks like "vs_rpc_webmail". My IP address is 10.10.10.252 which is linked in DNS to "webmail.lvsedmtest.ca". Each service in the UI should show "UP" in the state column by this time by the way! You will want to make sure you click on the "Method and Persistence" tab to set the timeout value to 15min to ensure connections persist with the same CAS server. This will prevent odd re-login issues with OWA.


Great. Now you have a load balanced RPC cluster that can serve up traffic for Outlook clients. Now back to Exchange since we're not quite done there yet.

Setting up the Exchange CAS Array

The CAS Array is a new feature in E2010 which needs some PowerShell hands-on to create and configure. When you define the CAS Array a "site" parameter is specified which is used to determine which CAS servers are a member of the array. You don't actually pick the CAS servers when you create the array. I use the "New-ClientAccessArray" command as follows:


New-ClientAccessArray -fqdn webmail.lvsedmtest.ca -site Default-First-Site-Name -name "CAS Array 1"

At this point if you create any new databases on CAS servers in that site, the "RPCClientAccessServer" attribute will be set to the CAS Array fqdn. I mentioned this at the beginning as an important point because any existing databases you create or databases created during Exchange setup will have the attribute set to the server in which they were created. You will need to change this attribute using the following PowerShell command:

Set-MailboxDatabase database01 -RpcClientAccessServer webmail.lvsedmtest.ca


To view the RPCClientAccessServer attribute currently set on all databases:

Get-MailboxDatabase |fl rpc*,name


This means if you have users within the database you don't have to move them....just update the attribute to be "webmail.lvsedmtest.ca" and their Outlook clients will update too.


Performing a connection status on Outlook will show a TCP/IP connection (not RPC/HTTPS) to the fqdn of your CAS Arrray!



Cheers!

5 comments:

  1. Nice Work, but you forgot to mention the following issues:
    Port 135 is the Port for the TCP Endpoint Mapper!
    You also need RPC Client Access and Adress Book Service which use per default port ranges! So you have to setup first static ports for these 2 services.
    The way to set up the static port for the Adress Book Service differs between Exchange 2010 RTM and Exchange 2010 SP1

    Regards
    Bernd Kruczek
    bernd.kruczek@bk4u.net

    ReplyDelete
  2. Hello Bernd, the load balancing rule uses a 'catch all' port of "*". The port 135 mentioned in the article is tied to the monitor which is attached to the "*" VServer. So we're not just load balancing 135....we load balance any port on this rule but it watches for port 135 as a heartbeat.

    ReplyDelete
  3. Is it even possible to define specific CAS servers as members of the Array? I have 5 CAS\HUB colocated servers. But I only want 2 of them involved in the CAS array for testing purpose before full production configuration of all 5.

    ReplyDelete
  4. Not that I'm aware of. When you specify the command to create the CAS array you indicate the AD site. If you're CAS servers are in different AD sites you will end up with multiple CAS arrays.

    ReplyDelete
  5. Thanks Jason, great step by step guide. Ive been trying to get my head around this with DAGS and youve explained it perfectly.Will look into the harware LB too!

    Cheers

    Allen White

    ReplyDelete