Setting up Microsoft Exchange Server 2016 with Avi

Similar documents
AX Series with Microsoft Exchange Server 2010

Load Balancing Microsoft Exchange Deployment Guide v Copyright Loadbalancer.org

Microsoft Exchange Server 2013 and 2016 Deployment

Load Balancing Microsoft Exchange Deployment Guide v Copyright Loadbalancer.org, Inc

Deploying the BIG-IP System v11 with Microsoft Exchange 2010 and 2013 Client Access Servers

Deploying the BIG-IP System v11 with Microsoft Exchange 2010 and 2013 Client Access Servers

Deploy Avi Vantage with Microsoft Lync 2013

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Load Balancing Microsoft Exchange Deployment Guide v Copyright Loadbalancer.org, Inc

FortiADC with MS Exchange 2016 Deployment Guide

MS Exchange 2010 Deployment Guide

Mobile MOUSe EXCHANGE SERVER 2010 CONFIGURATION ONLINE COURSE OUTLINE

MS Exchange 2016 Deployment Guide

What to Know About Exchange 2013 and Load Balancing

VMware Enterprise Systems Connector Installation and Configuration. JULY 2018 VMware Identity Manager 3.2 VMware Identity Manager VMware AirWatch 9.

LEARN EXCHANGE PART 1 Getting Started with Exchange 2013

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

Hands-on Lab Exercise Guide

VMware AirWatch Content Gateway Guide For Linux

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Sophos UTM Web Application Firewall For: Microsoft Exchange Services

VMware AirWatch Content Gateway for Windows. VMware Workspace ONE UEM 1811 Unified Access Gateway

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Load Balancing Microsoft Remote Desktop Services. Deployment Guide v Copyright Loadbalancer.org

VMware AirWatch Content Gateway Guide for Linux For Linux

Microsoft Exchange Proxy Settings Outlook 2010 Gpo

VMware Enterprise Systems Connector Installation and Configuration. Modified 29 SEP 2017 VMware AirWatch VMware Identity Manager 2.9.

VMware Enterprise Systems Connector Installation and Configuration

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

VMware AirWatch Content Gateway Guide for Windows

Installing and Configuring vcloud Connector

VMware AirWatch Content Gateway Guide for Windows

Load Balancing Microsoft IIS. Deployment Guide v Copyright Loadbalancer.org

Deployment Guide AX Series with Oracle E-Business Suite 12

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

Exchange Server 2016 Client Access Namespace Configuration

DEPLOYMENT GUIDE Version 1.1. Deploying F5 with IBM WebSphere 7

VMware AirWatch Content Gateway Guide for Windows

BlackBerry UEM Configuration Guide

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Configuration Guide. BlackBerry UEM. Version 12.9

How to configure the UTM Web Application Firewall for Microsoft Remote Desktop Gateway connectivity

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP System v10 with Microsoft IIS 7.0 and 7.5

DEPLOYMENT GUIDE DEPLOYING F5 WITH ORACLE ACCESS MANAGER

VMware Workspace ONE UEM VMware AirWatch Cloud Connector

VMware AirWatch Content Gateway Guide for Windows

VMware Horizon View Deployment

Deploying F5 with Microsoft Exchange 2013 and 2010 Client Access Servers

Deploying F5 with Microsoft Exchange 2016 Mailbox Servers

Brocade Virtual Traffic Manager and Parallels Remote Application Server

Deploying NetScaler with Microsoft Exchange 2016

Deploying the BIG-IP System v10 with Oracle s BEA WebLogic

Configuration Guide. BlackBerry UEM. Version 12.7 Maintenance Release 2

AD FS v3. Deployment Guide

Content Switching Exchange and Lync. Technical Note

User Guide - Exchange Mailbox Archiver Agent

Microsoft Exam

Assess Remediate Enable Migrate

Load Balancing Microsoft Remote Desktop Services. Deployment Guide v Copyright Loadbalancer.org, Inc

Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902

Lenovo ThinkAgile XClarity Integrator for Nutanix Installation and User's Guide

Riverbed SteelApp Traffic Manager Solution Guide

Microsoft Exchange Microsoft Exchange Deployment Guide

Manual Owa Exchange 2010 Url Parameters

Module 3 Remote Desktop Gateway Estimated Time: 90 minutes

Privileged Identity App Launcher and Session Recording

DEPLOYMENT GUIDE Version 1.1. Deploying the BIG-IP Access Policy Manager with IBM, Oracle, and Microsoft

Parallels Remote Application Server

VMware Content Gateway to Unified Access Gateway Migration Guide

NetScaler Analysis and Reporting. Goliath for NetScaler Installation Guide v4.0 For Deployment on VMware ESX/ESXi

Office 365 for IT Pros

Deploying F5 with Microsoft Exchange 2016 Mailbox Servers

Vision deliver a fast, easy to deploy and operate, economical solution that can provide high availability solution for exchange server

LifeSize Control Installation Guide

Version Installation Guide. 1 Bocada Installation Guide

Deployment of Unified Communication - Lync Server 2013 Steps: Lync Front End Server in a Domain. Few Screen Shots. Scroll down to start your drill

VMware Tunnel Guide Deploying the VMware Tunnel for your AirWatch environment

Load Balancing Nginx Web Servers with OWASP Top 10 WAF in Azure

Manual Owa Exchange 2010 Url Redirect To

Crestron Fusion Cloud On-Premises Software Enterprise Management Platform. Installation Guide Crestron Electronics, Inc.

VMware Identity Manager Administration

Optimizing Outlook Anywhere with Juniper WXC

Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

Hosted Microsoft Exchange Client Setup & Guide Book

Installing and Configuring VMware Identity Manager for Linux. Modified MAY 2018 VMware Identity Manager 3.2

VII. Corente Services SSL Client

Using SSL to Secure Client/Server Connections

Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.

vapp Deployment and Configuration Guide

Sophos Virtual Appliance. setup guide

BlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0. Administration Guide

TECHNICAL WHITE PAPER AUGUST 2017 REVIEWER S GUIDE FOR VIEW IN VMWARE HORIZON 7: INSTALLATION AND CONFIGURATION. VMware Horizon 7 version 7.

WatchGuard XCS and Outlook Web Access 2013

Deploying F5 with Microsoft Remote Desktop Services

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

Workspace ONE UEM Notification Service. VMware Workspace ONE UEM 1811

Transcription:

Page 1 of 14

Setting up Microsoft Exchange Server 2016 with Avi Networks view online What is Exchange Server 2016 Microsoft Exchange Server 2016 is an e-mail server solution, with calendar and contact manager, which supports variety of clients such as Outlook, web browser, and mobile devices. ## Avi's Exchange Server Solution Benefits Avi solution provides following benefits for Exchange deployment. * Horizontal scale: You do not have to be caught off guard by sudden traffic surge. Avi can adjust the capacity of the load balancer infrastructure dynamically by scaling-out and scaling-in its data plane engines called Service Engine (SE). * Analytics and visibility: Analytics and visibility play a key role in troubleshooting issues and evaluating risks that can affect end-user experience. Unlike other ADC vendors, Avi provides an end-to-end timing chart, pinpointing latency distribution across segments of a client, the ADC, and servers. Avi understands the resource utilization of servers, combines it with observed performance, and present the result as a health score. By looking at the health score, you can judge the current end-user experience and risk coming from resource utilization. * SSL offload and management with ease of use: Simply select Avi's SSL Everywhere and import a certificate. The rest will be taken care of by Avi. You do not have to convert a certificate and configure multiple things to make Exchange secure. Other significant advantages include SSL compute offload and HTTP visibility. In particular, SSL compute offload allows reduction of the number of CAS units and related license cost. By terminating SSL on Avi, you can fully enjoy Avi's innovative analytics and visibility engine. * Cloudoptimized deployment and high availability: The Avi Controller automatically discovers available resources, such as networks and servers in the virtual infrastructure. This allows IT admins to be less vulnerable to human errors. In addition, the Avi Controller detects a problem when its SE or a hypervisor has a problem; it automatically looks for a best available hypervisor and launches an SE to recover. Unlike other ADC solutions, this approach does not require a redundant device. Deployment Architecture Figure 1. Exchange 2016 Traffic Flows (source: msexchangeanywhere by Ross Smith) Exchange Server 2016 has two roles for servers, the Client Access server (CAS) and the Mailbox server, which comprise CAS Array and DAG (Database Access Group) respectively for high availability and increased performance. The CAS provides client protocols, SMTP, and a Unified Messaging Call Router. The client protocols include HTTP/HTTPS and POP3/IMAP4. The UM Call Router redirects SIP traffic to a Mailbox server. Copyright 2018 Avi Networks, Inc. Page 2 of 14

Note: An external load balancer is required to build CAS array. Unlike CAS array, DAG does NOT require an external load balancer. A server can take both roles of the Client Access and the Mailbox. CAS provides the following services that require load balancing. * Outlook Anywhere: enables an Outlook client to connect to the Exchange server. It uses RPC over HTTP(S). * Outlook Web Access: enables any Web browser to connect to the Exchange server, offering Outlook-client like experience on the browser. * Exchange Web Service: enables client applications to communicate with the Exchange server. EWS provides access to much of the same data that is made available through Microsoft Outlook. * Exchange Administration Center: provides a web-based management console for the Exchange server. * Exchange Management Shell: enables a remote admin over HTTP(S) to perform every task that can be performed by the Exchange Administration Center. * ActiveSync: enables mobile devices, such as iphone and Android devices, to synchronize mail, calendar, contact, and tasks with the Exchange server. * AutoDiscover: enables a client application, e.g., ActiveSync app or Outlook, to configure itself with minimal user information. With the AutoDiscover service, a user's e-mail address and password are enough to find out the rest of configuration information. * Offline Address Book: enables an Outlook client in Cached Exchange Mode to lookup addresses when offline. * POP3/IMAP4: enables 3rd party e-mail clients to download e- mail from the Exchange server. SMTP is used for outgoing e-mail. * SMTP: enables 3rd-party e-mail clients to use the Exchange server as an outgoing e-mail server. POP3/IMAP4 is used for incoming e-mail. * MAPI: enables client programs to become (e-mail) messaging-enabled, aware, or based by calling MAPI subsystem routines that interface with certain messaging servers. Setting Up Exchange for Load Balancing The <a href="https://technet.microsoft.com/library/aa996719%28v=exchg.160%29.aspx?f=255&mspperror=-2147217396" >Exchange 2016 System Requirements Microsoft Technet article specifies requirements for setting up Exchange Server 2016. * In this case a Windows 2012 Server (using a 2012 iso) was brought up on a VM with an 8-core CPU, 8 GB of RAM and 100 GB of disk capacity. (Ideally, disk should be partitioned into four drives for OS, Logs, Exchange Install Directory and Databases). * An Exchange server on 2016 then needs to be installed on the Windows 2012 server. An Exchange server license can be obtained free of cost for 180 days using Outlook credentials (personal). The license can be obtained from here: Microsoft Exchange Server 2016 product page, Microsoft Exchange Server 2016 download page * With an Exchange 2016 server it's a prerequisite that the server have a static IP. * Before the Exchange 2016 can be installed, it's necessary that the prerequisites are installed, else the setup.exe file for 2016 fails with multiple errors. The same can be installed using Windows PowerShell from the 2012 server VM that was created. Once installed, the server needs to be rebooted. **.NET 4.5 support (Ideally, you need 4.5.2, but the same would be upgraded to 4.5.2 automatically once the setup.exe is run.) ** Desktop Experience ** Internet Information Service (IIS) ** Windows Failover Clustering * After the reboot, install Unified Communications Managed API (UCMA) 4.0 Runtime: download page * In case the server chosen is 2012 RTM, Windows Management Framework 4.0 needs to be installed as well: download page * Install the Active Directory Remote Server Administration Tools plugin on the Exchange server using PowerShell. * Install Active Directory per the steps outlined here: Setting up an Active Directory Lab (Part 1) * An important step to note is that the DNS Resolver under System Settings in Avi Vantage should point to the local DNS server set-up during Active Directory install. In this case AD, Exchange 2016, DNS and IIS were installed on one single server. * From the link above we need to make sure that we have a client machine can be a part of the domain we create ( avitest.com in this case) and the user that we create in Active Directory can login to the same. For test purposes a Win7 test machine was chosen as the client machine ( VM spawned out of a Windows 7 iso) which was made a part of the domain avitest. com and with credentials configured in AD for the said test user from the client machine. * Once the client machine is a part of the domain, switch to the 2012 server PowerShell prompt wherein the 2016 setup file resides and then configure Active Directory to receive Exchange 2016. The Exchange Schema version should be on 15317. Verify this using ADSI edit. * The setup.exe for 2016 can now be executed and we need to set it up for Mailbox rule. * Once set up, ECP can be browsed using https:// servername/ecp (in our case the servername is lab-dc01). * Since this is a lab-only environment, we need to skip the namespace part of Split DNS for external and internal access. In this case the internal and external hostname was kept as same for being lab-dc01.avitest.com for all the Exchange services. (The same needs to be done from the ECP login as done above.) * MAPI and autodiscover services cannot be configured through ECP in the browser and need to be configured via Exchange Management Shell. * Login to Exchange Admin Center and create a self-signed certificate for the server. Export the same to the desktop, as the same would be used for importing in the VS that we create. * The self-signed certificate needs to be assigned to the IIS service. * Create two mailbox users using EAC so that emails can be sent from two accounts. * An Exchange Copyright 2018 Avi Networks, Inc. Page 3 of 14

client could be on Outlook 2016 or Outlook 2013. For tests we used the OWA access through a normal Chrome/FireFox browser. * To enable SSL offload on Exchange 2016,and make changes to each Exchange services as described in the Configuring SSL offloading in Exchange 2013 Microsoft TechNet article. * To set up a secondary Exchange Server, follow the steps as above. We don?t need to go ahead with an AD installation but have to make sure that the secondary Exchange Server is part of the same domain and that a new forest domain is NOT created. We just need the existing domain that was created. Load-Balancing Policies Figure 2. Exchange Load-Balancing Deployment Avi supports deployment of an Exchange solution three different ways. 1. One virtual service (VS) and one pool: This is the quickest way to deploy the Exchange service and requires only one virtual IP address. However, individual health monitoring for different services is not possible. If you deploy Exchange 2016, you have to choose one persistence method across all services; this may result in suboptimal operational results because different Exchange 2016 services require different persistence methods for the best result. The statistics and analytics information from the Avi system will be an aggregate of all services. 2. One virtual service and multiple pools: This requires configuring Layer 7 policy on Avi Vantage, to forward an HTTP message based on the host header to a corresponding pool. This deployment requires only one virtual IP address and enables individual health monitoring for different services. In addition, for Exchange 2016, Avi Vantage supports a different persistence method per pool. This deployment enables Avi Vantage to provide statistics and analytics information on a perpool basis. 3. Multiple virtual services and one pool per virtual service: This requires as many IP addresses as Exchange services to load balance. Each virtual service will have one pool. This deployment eanbles Avi Vantage to provide statistics and analytics information on a per-vs basis. Note: A virtual service is defined as a virtual IP address and a port number. In this guide, we are going to use the second deployment model. We will create a single virtual service for all services with multiple pools. Each pool corresponds to an Exchange service. The table below lists all the Exchange services and ports to load balance and health check methods (Figure 2). Exchange 2016 provides pre-defined HTML pages for health monitoring by a load balancer. Copyright 2018 Avi Networks, Inc. Page 4 of 14

Table 1. Exchange 2016 services for load balancing In table 1, lab-dc01.avitest.com and autodiscovery.avitest.com should point to the virtual IP. All HTTPS-based services will be terminated by Avi. The traffic will be decrypted and sent to the pool and will be encrypted and sent back to the client. For SMTP/IMAP4/POP3 traffic, Layer 4 policy will be applied. With the Layer 4 policy, Avi Vantage just terminates a TCP connection but bypasses the SSL connection. Avi System Configuration Exchange 2016 SLB configuration involves the following activities. 1. Health Monitor Navigate to. Templates > Profile > Monitor Create an HTTP health monitor for each Exchange service (8 in number). Use URLs listed in table 1. Client Request Data needs to be set to GET / /healthcheck.htm HTTP/1.1. As an example this one is set for OWA as GET /OWA /healthcheck.htm HTTP/1.1. Copyright 2018 Avi Networks, Inc. Page 5 of 14

Create a TCP health monitor each for POP3, IMAP4, and SMTP on specific port numbers as shown in table 1. Copyright 2018 Avi Networks, Inc. Page 6 of 14

2. SSL Certificate Navigate to Template > Profile > Certificate. Click Create > Application Certificate. Import the self-signed certificate that was exported when the CSR was created on Exchange Server. The Exchange Server that is exported is in PFX format and needs to be converted to.pem format to be imported into the Avi Vantage UI. This can be achieved as? openssl pkcs12 -in cert.pfx -out cert.pem -nodes?. 3. Virtual Service Navigate to Application > Virtual Services. Create an L7 Virtual Service for Exchange service with the same IP address and associate it with other objects, such as an application profile, health monitor, SSL, etc. For HTTPS, use System-Secure-HTTP and System-TCP-Proxy for Application Profile and TCP/UDP Profile. Note: When HTTPS or the System-Secure-HTTP profile are used, disable the "Secure Cookies" and "HTTP-only Cookies" checkboxes in the Security tab for that HTTP profile. Copyright 2018 Avi Networks, Inc. Page 7 of 14

Create three L4 Virtual Services each for POP3, IMAP4, and SMTP, use System-L4-Application and System-TCP- Proxy. 4. Pool This can be accessed separately or from the Virtual Services configuration wizard. Pool is a construct that includes servers, load balancing method, persistence method, and health monitor. Add servers across which load is to be balanced and choose Least-Connections for the load balancing method. Below is an example of a pool created for Outlook Web Access (OWA) service. The Active health monitor is chosen as the one created above. In this case it?s the owa health monitor which is chosen. Copyright 2018 Avi Networks, Inc. Page 8 of 14

The server IP address is the IP of the Exchange server which resolves to lab-dc01.avitest.com. Create 12 pools with names based on table 2. Copyright 2018 Avi Networks, Inc. Page 9 of 14

5. HTTP Policy This can be added after creating a virtual service or from the Virtual Service configuration wizard. Create a HTTP policy and it includes 8 HTTP request rules, each rule corresponding to an Exchange service. To create the HTTP policy, follow the steps next. Navigate to Application > Virtual Services. Click the virtual services edit icon. This will pop up the Edit Virtual Service menu. Navigate to Policy > HTTP Request. Click Add HTTP Request Rule. Enter a rule name, e.g., rule-pool-oa. Choose Path and Begins With for Matching Rules. Then, enter /rpc. Choose Content Switch and Pool for Action. Then, choose a corresponding pool, e.g., pool-oa. Click Save Rule Below we can see an example of creating the same for an L7 virtual service for OWA. Copyright 2018 Avi Networks, Inc. Page 10 of 14

Below we see all HTTP based policies created for the L7 virtual service. Repeat the steps for each Exchange pool. Refer to table 2 for URLs and pools. Copyright 2018 Avi Networks, Inc. Page 11 of 14

Table 2. Pools for Exchange 2016 services 6. Load Balancing Copyright 2018 Avi Networks, Inc. Page 12 of 14

To support load balancing across Exchange Servers on a single VIP, choose the?round Robin? load balance option under all pools that have been configured. Below we show this being done for the owa-pool. Add the secondary exchange server IP under all pools. Below we show this being done for the owa-pool. Copyright 2018 Avi Networks, Inc. Page 13 of 14

7. Confirming proper operation The L7 service had a default pool pointing to pool-as (ActiveSync). The below screenshot confirms clients accessed the Exchange virtual service several times during the 15-minute timeframe depicted in the timeline. Non-significant logs having been on, one observes a total of 43 log entries, including the successful ones (return code = 200). The most recent log entry is shown expanded. The other 42, collapsed into single-line rows, are not shown in the screenshot. The L7 virtual service successfully content-switched requests to the pool-owa pool as a result of the rule-pool-owa request policy rule. The Avi Vantage solution provides additional information about the client from which the request originated, including the client?s operating system (Android), device type (Moto G Play), browser (Chrome Mobile), SSL version (TLSv1.2), certificate type (RSA), and so on. Copyright 2018 Avi Networks, Inc. Page 14 of 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback