locked
UAG and External Load Balancers RRS feed

  • Question

  • Hi,

    I have a scenario where i need to load balance the external interfaces of UAG servers using an hardware load balancer. Found some deployment guides on F5 which can do this.

    However, on the internal side, i would like to use the web pools functionality of UAG to load balance Exchange CAS server requests.

    All users connect to Exchange using Outlook Anywhere (RPC over HTTPS), so the flow looks like this -

    Internet -> LB VIP -> UAG ->(webpools) -> CAS Servers 

    Any issues in implementing such a scenario ?

    Thanks,

    Ravi

    Tuesday, September 20, 2011 12:46 PM

All replies

  • Hi Ravi. That should work without issues. My only recommendation is not to use the ssl-offloading features of F5.
    // Raúl - I love this game
    Tuesday, September 20, 2011 1:32 PM
  • Hi Ravi,

    as Raul mentioned this should work without issues. But just for curiosity, why don't you use your F5 for both?

    -Kai


    This posting is provided "AS IS" whithout any warranties. Kai Wilke | ITaCS GmbH | GERMANY, Berlin | www.itacs.de
    Tuesday, September 20, 2011 1:49 PM
  • Thanks Raul and Kai.

    Our security folks don't allow to share devices between DMZ and internal networks. Will have to invest in another pair and if UAG can load balance the internal pools with my primary requirement being external access only, this will probably save some costs.

    Regards,

    Ravi

    Tuesday, September 20, 2011 2:13 PM
  • Probably obvious, but be aware that the load balancing feature of UAG is only available for web protocols, not load balancing for all protocols.

    This is fine for Exchange web services, but maybe not for other internal systems...

    UAG DirectAccess is another scenario which would introduce the F5 for internal load balancing too: http://technet.microsoft.com/en-us/library/ee690463.aspx

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Tuesday, September 20, 2011 2:47 PM
  • Thanks, i am currently looking at publishing the following -

    a. Outlook Web Access, Outlook Anywhere, ActiveSync etc.

    b. Sharepoint Sites and few other web portals

    Also planning to publish Lync externally but using Lync Edge services and hence UAG won't play any role.

    Do you foresee any issues in achieving this ?

     

    Regards,

    Ravi

    Tuesday, September 20, 2011 4:38 PM
  • No, those web services (Ex and SPS) should be fine and are ideal candidates for web farm load balancing...

    Be aware that Lync edge services still require a reverse proxy as part of the overall architecture; TMG is pretty commonplace for that requriement, but I know MS have been also looking at UAG providing similar services for Lync as it would then negate deploying TMG purely for Lync edge if UAG is already in place...

    Just keep the other limitations in mind if you plan on expanding on using your UAG platform for things like DA.

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Tuesday, September 20, 2011 7:31 PM
  • Thanks, yes i am aware about the Lync requirements from a reverse proxy perspective (address book downloads, meeting information etc.). So as UAG currently stands, can it do this ?

    Regards,

    Ravi

    Wednesday, September 21, 2011 10:27 AM
  • It could for OCS, but I don't think it is (or was) officially supported; hopefully it will be supported in a future UAG update...


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Wednesday, September 21, 2011 10:32 AM