In part 1 of the article series, we got Exchange 2013 configured, Hyper-V networks configured and installed LoadMaster in both the AD site and finally configure with Two-Arm networks. In this part of the article series we will configure LoadMaster for Exchange HTTPS and SMTP services. Below Figure 2.1 is the current lab setup with IP address configuration.
Figure 2.1 Current lab setup with IP address configuration.
Importing Exchange Kemp Templates into the LoadMaster
Kemp offers free templates for Exchange 2013 with preconfigured settings. These preconfigured templates are based on the Microsoft best practice and helps us to keep our configuration simpler and quicker. These configurations can further tweaked to suites the complex environment and business requirements.
1. Download Exchange 2013 Core Services template from Kemp LoadMaster documentation page on the Hyper-v host machine
Figure 2.2 Downloading Exchange 2013 Core Services template.
2. Core services template helps administrator to configure all the Exchange 2013 HTTPS, SMTP and MAPI protocols easily with minimum configuration steps.
3. Connect to the Dallas LoadMaster from the host machine browser using the IP Address – https://192.168.1.100
4. Click on Virtual services -> Manage Templates
5. Click on Browse button to select the template file ‘Exchange2013Core.tmpl’ from the local machine and click on Add New Template button to import the same.
Figure 2.3 Importing Exchange 2013 Template
6. Once imported, it will display the details of all the templates imported
Figure 2.4 Exchange 2013 Templates after importing the downloaded template file
Perform the above steps 1-5 to import the Exchange 2013 Core Services template on Pittsburg LoadMaster.
Creating and Configuring HTTPS Virtual Services
In this part, we will configure one Virtual IP for all the Exchange 2013 HTTPS virtual services. HTTPS virtual services include OWA, EAC, Active sync, Outlook anywhere and EWS. We can also configure one virtual IP for each Exchange services. It is complex to configure but provides better redundancy for each of the Exchange services.
Follow the below steps to configure Dallas LoadMaster with one Virtual IP address for all the Exchange HTTPS services.
1. Connect to the Dallas LoadMaster from the browser using the IP Address – https://192.168.1.100
2. Expand Virtual Services -> click Add new
3. To allow external clients to connect to Exchange, sepcify VIP – 192.168.1.90 on port 443, then select use template Exchange 2013 HTTPS and click on Add this virtual service.
Figure 2.5 Adding Virtual IP Address for Exchange 2013 HTTPS
4. It then redirects to the properties page of Virtual IP(VIP) address
5. Under Basic Properties, specify the Alternative Address as 10.10.10.90 from which is from Dallas internal network segment.
Figure 2.6 Exchange 2013 HTTPS Basic properties configuration.
6. Keep the Standard Options, SSL Properties, Advanced Properties, and ESP Options as default.
Figure 2.7 Exchange 2013 HTTPS Standard Options, SSL Properties, Advanced Properties, and ESP configuration.
7. Under Real Servers properties, click on Add New button to add the Dallas Exchange 2013 server
Figure 2.8 Exchange 2013 Real Servers Properties
8. Specify the Dallas Exchange 2013 IP Address -10.10.10.2 and click Add This Real Servers
Figure 2.9 Specifying Exchange 2013 Server Address for Real Servers options.
9. Validate the addition of Exchange 2013 server under real servers.
Figure 2.10 Validating Addition of new Exchange 2013 Real Servers Properties
10. Finally, click on View/Modify services from the main menu to confirm the new HTTPS Virtual IP Addresses and services status is UP.
Figure 2.11 Validating HTTPS Virtual IP Addresses and services status
Perform the above operation from step 1 – 11 on Pittsburg LoadMaster to configure External Virtual IP Address 192.168.1.91 and internal alternative Virtual IP as 18.104.22.168. Make sure to add the internal Pittsburg Exchange 2013 server IP address 22.214.171.124 under Real Servers.
Creating and Configuring SMTP Virtual Services
SMTP Virtual services help to route email between internal and external network. Internet MX records must be configured to these external Virtual Address so internet emails are delivered to it. LoadMaster process the Internet email and forwards to the internal Exchange servers. Similarly Internet email from internal are accepted by the LoadMaster and it will be process delivered to external. Below are the steps to configure the same:
1. Connect to the Dallas LoadMaster using browser – https://192.168.1.100
2. From the main menu, expand Virtual Services -> select Add new
3. Input the Virtual Address 192.168.1.103 , select use template Exchange 2013 SMTP and click on Add This Virtual Service
Figure 2.12 creating new Virtual IP Address for Exchange 2013 SMTP services.
4. It then redirects the advance properties page
5. Specify the Alternative Address – 10.10.10.103 from Internal network subnet
Figure 2.13 Configuring Exchange 2013 SMTP basic properties.
6. Keep Standard Options, SSL Properties, Advanced Properties and ESP Options as default
7. Click on Add New button from Real Serves options to add the Dallas Exchange 2013 server.
Figure 2.14 Configuring Real Servers properties.
8. Specify the Exchange 2013 IP Address -10.10.10.2 and click on Add this Real Servers
Figure 2.15 Adding Exchange 2013 Server under Real Server.
11. Validate the Exchange 2013 server IP address and port under Real Servers.
Figure 2.16 Validating Exchange 2013 Server under Real Server.
12. Click on View/Modify Services to confirm the new SMTP Virtual IP Addresses and services status is UP
Figure 2.17 Validating new Exchange SMTP Virtual Service.
Perform the above operation from step 1 to 13 on Pittsburg LoadMaster to configure External SMTP Virtual IP Address 192.168.1.104 and internal alternative Virtual IP as 126.96.36.199. Finally, make sure to add internal Exchange server IP Address – 188.8.131.52 under Real Servers and validate the same.
We have almost done with the configuration of LoadMaster in the lab and below Figure 2.18 is the final Exchange 2013 LAB using Kemp Free LoadMaster. It has all the necessary VIP address for client connection.
Figure 2.18 Exchange 2013 LAB using Kemp Free LoadMaster
Importing Exchange 2013 Certificate into the LoadMaster
Currently LoadMaster is not configured with SSL Offloading. SSL Offloading terminates the client SSL connection at the LoadMaster and generate the new connection to the Exchange server in the backend. This improve the security and performance for client connection. This is an optional settings and below are the steps to perform the same:
1. Export the SAN Certificate from the Exchange server 2013 with private key in PFX format and password.
2. Connect to the Dallas LoadMaster through internet Explorer
3. Click on Mail Menu -> Certificate -> SSL certificate and click on Import Certificate
Figure 2.19 SSL Certificate Import option on LoadMaster.
4. Specify the Exchange Certificate file path, Pass Phrase (password applied during the export) and Certificate Identifier. Click on Save to import the certificate into the LoadMaster
Figure 2.20 Importing SSL Certificate into the LoadMaster
5. Modify the Exchange HTTPS virtual Service and expand SSL Properties
6. Enable SSL Acceleration and Reencrypt option. Then set the available Exchange certificate and move it to assigned certificates. Lastly select Best Practices under Cipher set and click on Modify Cipher Set.
Figure 2.21 Configuring SSL Offloading and assigning Exchange certificate on the LoadMaster
Follow the above instruction from step 1-6 on the Pittsburg LoadMaster to import the Exchange certificates and configure SSL offloading.
We are almost at the end of the Part 2 article series and configured with LoadMaster for Exchange 2013 HTTPS and SMTP Services. In the next and final part of the article series, we will configure Geo Redundancy. Which allows clients to connect to the available Exchange servers, if any of the Exchange servers/services /AD sites goes down.