I am testing with Exchange 2010. We set it up using L4xNAT (DNAT) with exchange
and the ZLBs in an isolated subnet with the exchange servers pointing to the
ZLBs as their gateway.
The main reason was that we need to be able to see what clients' IPs are when
they connect to exchange (In the logs and for smtp source filtering). I used
the same setup for HTTP, HTTPS, POP3, IMAP4, SMTP, MAPI, Adddress Book. So far
it seems to work good in testing.
-Aaron
On Oct 31, 2013, at 8:40 PM, "Kevin M."
<[email protected]<mailto:[email protected]>> wrote:
?? So for OWA + ActiveSync, two VMs with ZENLB clustered and in the same
subnet as the two Exch13 server... if I don’t want to terminate SSL on the
ZENLBs, is TCP on 443 with round-robin the best way to go? We don’t care to
have OWA service split out from ActiveSync at this point. Any tweaks that
should be applied or is there a better way to accomplish this?
From: kevin mahadeo<mailto:[email protected]>
Sent: Thursday, October 31, 2013 3:01 PM
To:
[email protected]<mailto:[email protected]>
Subject: Re: [Zenloadbalancer-support] HTTPS Backends and Exchange in 3.03
Thanks Emilio... I assumed that with the "HTTPS Backends" feature we wouldn't
need to make the "Farm listener" set to HTTPS and thus not need the cert. We
don't want to terminate SSL at the load balancers.
The Exch13 servers are handling OWA, ActiveSync, and SMTP - but we're only
trying to load-balance OWA and ActiveSync via TCP443 at this time. On the same
pair of ZENLB servers we have two farms configured for the same pair of Exch13
servers:
- one farm is set to TCP on 443 / round-robin... and this one works fine
- the other farm is set to HTTP / Farm listener is HTTP / Service has HTTPS
Backends enabled... this works somewhat for OWA but Activesync (Outlook)
doesn't work at all.
If we don't want to put the cert/key in the load balancer, should TCP 443 with
round-robin be fine for Exch13 servers OWA/Actsync?
- Kevin.
________________________________
Date: Thu, 31 Oct 2013 16:53:07 +0100
From: [email protected]<mailto:[email protected]>
To:
[email protected]<mailto:[email protected]>
Subject: Re: [Zenloadbalancer-support] HTTPS Backends and Exchange in 3.03
I forgot to mention that you have to enable https and configure the ssl cert
for your farm
Regards
2013/10/31 Emilio Campos
<[email protected]<mailto:[email protected]>>
When you talk about exchange 2013, are you talking about OWA Service, https
servers in 443 in backend, in that case you have to configure a HTTP farm with
a Service, i.e. owa name, enable in this service the HTTPS backends field and
add the owa exchange server IP with 443 port enabled.
For review the connection from your load balancer run a telnet to backends,
something like this:
from zen in command line:
telnet exchange_owa_server1 443
telnet excange_owa_server2 443
An let us know
2013/10/31 kevin mahadeo <[email protected]<mailto:[email protected]>>
I was happy to see the the HTTPS Backends feature as we don't want to offload
ssl... but I'm having trouble with our Exchange 2013 farm (two servers). I've
been testing a farm set to just TCP on 443, round robin, and farmguardian to
check for the login.aspx page - this has been working in test.
I've tried to setup a farm based on HTTP with default settings, farm listener
set to HTTP, then under the service I've enabled HTTPS Backends and no
Farmguardian yet, but I'm unable to connect to the Exchange servers via the
VIP. Is there any guide or recommended settings for Exchange 2013 via 443 and
with no HTTPS cert in ZENLB?
Thanks,
Kevin.
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
--
Load balancer distribution - Open Source Project
http://www.zenloadbalancer.com
Distribution list (subscribe):
[email protected]<mailto:[email protected]>
--
Load balancer distribution - Open Source Project
http://www.zenloadbalancer.com
Distribution list (subscribe):
[email protected]<mailto:[email protected]>
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________ Zenloadbalancer-support mailing
list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
________________________________
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
________________________________
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Zenloadbalancer-support mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/zenloadbalancer-support
