Kemp load balancers?

cyberguypr

Has anyone used Kemp load balancers? I am looking into a couple of their LM-Exchange units for our Exchange 2010 deployment. They are priced right and exceed our throughput requirements (small environments with 200 users).

Everyone

Haven't used them, but I did look into them. I liked the interface on them. I ended up being able to get the outdated Foundry SSL load balancers the place I was working for at the time already had to work for the Exchange 2010 load balancing, so there was no need to get new load balancers.

If cost is a concern, you could probably use pfSense to load balance (which could even run inside a VM). IIRC Kemp has a virtual appliance load balancer available too and a pretty reasonable price.

it_consultant

cyberguypr wrote: »

Has anyone used Kemp load balancers? I am looking into a couple of their LM-Exchange units for our Exchange 2010 deployment. They are priced right and exceed our throughput requirements (small environments with 200 users).

Gotta ask, isn't a hardware load balancer a bit overkill for this environment? I have seen networks with thousands of exchange connections on a client access array of two CAS servers tied into simple non-redundant (there is a reason for non-redundancy but I won't go into it here) mailbox servers. The performance was outstanding.

Everyone

it_consultant wrote: »

Gotta ask, isn't a hardware load balancer a bit overkill for this environment? I have seen networks with thousands of exchange connections on a client access array of two CAS servers tied into simple non-redundant (there is a reason for non-redundancy but I won't go into it here) mailbox servers. The performance was outstanding.

If you do a 2 node combined CAS/HT/MB server setup with a DAG, you can't use NLB, you HAVE to have a hardware load balancer. If they require HA, that is still probably the most cost effective way to do it.

If you were to split the CAS/HT roles off, you now have to have 4 servers for HA, instead of just 2, which doubles your licensing cost. A hardware load balancer can be used for more than just load balancing Exchange, so it has greater value than spending money on extra Windows Server and Exchange Server licenses.

I did the CAS/HT/MB 2 server DAG with hardware load balancers for an organization with 4000 mailboxes. Worked great. HUGE improvement over the old single server (obviously no redundancy there) Exchange 2003 setup they had. Even with only 200 users, it would be a great way to go when HA is a requirement.

The Exchange 2010 environment I am building now will use hardware load balancers, even though we'll have several dedicated CAS servers, simply because we already have the hardware load balancers, so why not use them? Ok so 60,000+ mailboxes impacts that choice too but...

it_consultant

Everyone wrote: »

If you do a 2 node combined CAS/HT/MB server setup with a DAG, you can't use NLB, you HAVE to have a hardware load balancer. If they require HA, that is still probably the most cost effective way to do it.

If you were to split the CAS/HT roles off, you now have to have 4 servers for HA, instead of just 2, which doubles your licensing cost. A hardware load balancer can be used for more than just load balancing Exchange, so it has greater value than spending money on extra Windows Server and Exchange Server licenses.

I did the CAS/HT/MB 2 server DAG with hardware load balancers for an organization with 4000 mailboxes. Worked great. HUGE improvement over the old single server (obviously no redundancy there) Exchange 2003 setup they had. Even with only 200 users, it would be a great way to go when HA is a requirement.

The Exchange 2010 environment I am building now will use hardware load balancers, even though we'll have several dedicated CAS servers, simply because we already have the hardware load balancers, so why not use them? Ok so 60,000+ mailboxes impacts that choice too but...

I never run HT and CAS on the same box, I actually run HT on the mailbox servers or as their own install. I am not anti-load balancer (I use several in different environments) but with the number of users OP has...even a CAS array with NLB is overkill, truthfully.

You can't compare the performance of Exchange 2003 and 2010, the new architecture of exchange makes it almost certain that a one server installation of Exchange 2010 will outperform the hell out of a one server Exchange 2003 installation.

The fewer moving parts the better - even with the Kemp (from reading their documentation) you still need a CAS array. If you really NEED hardware based HA for CAS servers then you really NEED it, I won't question that. However, you do spend a good amount of time ensuring that your HA solution 1) actually works and 2) doesn't screw up normal operation. For 200 users you are almost shooting yourself in the foot by making it more complex than it has to be.

cyberguypr

Right now we have one mail server. Before my time there was an incident. Management asked for a fully redundant solution which they are willing to pay for. The scenario I'm going for is a CAS/HT/MB 3 node DAG which leaves NLB out. As Everyone mentioned we rather do the load balancers than additional boxes. Overkill/cost is not an issue.

it_consultant

Playing devil's advocate again, you will have 100 percent redundancy except for the load balancer, which is a single point of failure...think hard about your HA solution. If you had an image based backup of your CAS server(s), a VMWARE snap, etc you would achieve your redundancy without the added complexity.

Have you put in a redundant exchange system, more importantly, have you had to recover an exchange environment (redundant or not) that has gone sideways? I have done both more than once. CAS HA is stupid simple, have a bare metal backup and room on an ESX server. Recovering from a SNAP takes seconds and recovering from an image takes 10-15 minutes. Load balancers are not for HA, they are for performance. You will spend hours troubleshooting RPC issues, address book downloading problems, among other things.

I wouldn't use NLB or a load balancer, not worth the time and effort to make sure your regression testing works OK, which it won't. For 200 users I would have a CAS on an ESX server which a SNAP to a SAN and/or a vReplication to another ESX server.

VMware ESX Replication Solutions for Virtual Environments

Everyone

it_consultant wrote: »

I never run HT and CAS on the same box, I actually run HT on the mailbox servers or as their own install. I am not anti-load balancer (I use several in different environments) but with the number of users OP has...even a CAS array with NLB is overkill, truthfully.

6 of 1, half dozen of the other. You can't use NLB if the CAS role is on the same server as the MB role and a DAG is used. Where you choose to put the HT role is irrelevant.

it_consultant wrote: »

You can't compare the performance of Exchange 2003 and 2010, the new architecture of exchange makes it almost certain that a one server installation of Exchange 2010 will outperform the hell out of a one server Exchange 2003 installation.

Performance does not equal availability. Of course it's going to out perform, but the advances in HA are huge. The availability you can achieve with 2010 beats the pants off a clustered 2003 setup, as it should.

it_consultant wrote: »

The fewer moving parts the better - even with the Kemp (from reading their documentation) you still need a CAS array. If you really NEED hardware based HA for CAS servers then you really NEED it, I won't question that. However, you do spend a good amount of time ensuring that your HA solution 1) actually works and 2) doesn't screw up normal operation. For 200 users you are almost shooting yourself in the foot by making it more complex than it has to be.

Unless you have a requirement for HA. You're hung up on the user count. He already stated he has an HA requirement. It wouldn't matter if he only had 5 users, if you need the availability, a 2 server CAS/HT/MB with a hardware load balancer is the way to go.

Sure, you could go as simple as a single server for a small environment like that, but the time to recover may be unacceptable if a failure event occurs. Even with the added complexity, the HA setup will still have you back up and running again a lot quicker in the unlikely event of the HA not working as intended. The HA in 2010 is far less complex than it was in 2003 and 2007.

cyberguypr wrote:

Right now we have one mail server. Before my time there was an incident. Management asked for a fully redundant solution which they are willing to pay for. The scenario I'm going for is a CAS/HT/MB 3 node DAG which leaves NLB out. As Everyone mentioned we rather do the load balancers than additional boxes. Overkill/cost is not an issue.

Sounds like you're going to do lagged copies and go "backupless" then?

cyberguypr

This thread is getting interesting. Always love hearing different points of view.

it_consultant wrote: »

Playing devil's advocate again, you will have 100 percent redundancy except for the load balancer, which is a single point of failure...think hard about your HA solution.

The design involves two load balancers so there is no SPOF there.

it_consultant wrote: »

Have you put in a redundant exchange system, more importantly, have you had to recover an exchange environment (redundant or not) that has gone sideways? I have done both more than once. CAS HA is stupid simple, have a bare metal backup and room on an ESX server. Recovering from a SNAP takes seconds and recovering from an image takes 10-15 minutes. Load balancers are not for HA, they are for performance. You will spend hours troubleshooting RPC issues, address book downloading problems, among other things.

I've logged many hours in recovery operations from Exchange 5.5 through 2007. Not fun initially, but after the first big one they are all the same. For the sake of simplicity let's say my team presented several scenarios, some of them involving VMware based solutions, but for reasons beyond our control the design I described earlier won. I am OK with that and will implement, maintain it and give it all the TLC I can.

Everyone wrote: »

Sure, you could go as simple as a single server for a small environment like that, but the time to recover may be unacceptable if a failure event occurs. Even with the added complexity, the HA setup will still have you back up and running again a lot quicker in the unlikely event of the HA not working as intended.

That is the essence of this dilemma. In this case availability trumps everything else.

Everyone wrote: »

Sounds like you're going to do lagged copies and go "backupless" then?

Since we are not implementing archiving & retention yet, we are not ready to go backupless.

it_consultant

As an aside - I am not criticizing to be an A$$, just trying to air out different ideas.

I have a client with about 300 Exchange users. Exchange 2007 all services in one server. I have three ESX servers, 2 in one site and one offsite. I have a replica of my main exchange server going to the other two ESX servers. Essentially an active - passive - passive kind of scenario. I have BE to do granular backups, log clearing, etc. The EDB file is about 136 GB. I have a pretty quick internet link between the main location and the off site location.

In about 1.5 minutes I can recover the whole environment. This is not complex, there is no performance benefit, but with 300 users and an EDB file of that size, performance is excellent anyway.

Quick and dirty HA. I have other LOB applications that are also replicated this way, not just exchange. Simple HA, simple recovery, much smaller disasters.

Everyone

it_consultant wrote: »

Playing devil's advocate again, you will have 100 percent redundancy except for the load balancer, which is a single point of failure...think hard about your HA solution. If you had an image based backup of your CAS server(s), a VMWARE snap, etc you would achieve your redundancy without the added complexity.

Have you put in a redundant exchange system, more importantly, have you had to recover an exchange environment (redundant or not) that has gone sideways? I have done both more than once. CAS HA is stupid simple, have a bare metal backup and room on an ESX server. Recovering from a SNAP takes seconds and recovering from an image takes 10-15 minutes. Load balancers are not for HA, they are for performance. You will spend hours troubleshooting RPC issues, address book downloading problems, among other things.

I wouldn't use NLB or a load balancer, not worth the time and effort to make sure your regression testing works OK, which it won't. For 200 users I would have a CAS on an ESX server which a SNAP to a SAN and/or a vReplication to another ESX server.

VMware ESX Replication Solutions for Virtual Environments

If you're asking me... 9 out of my 12 years of IT experience have been specializing in Exchange, started with 5.5, worked on dozens of different setups and networks, ranging from 1,000 users on the low end to the 60,000+ I have now. Several migrations, designs, and implementations mixed in there.

I agree, you certainly wouldn't want a single point of failure by using only a single load balancer, and I'd never recommend that. However Load Balancers aren't just for performance, they are for HA too, when setup properly.

How is a single CAS on an ESX server less complex than a redundant hardware load balancer setup? You're just shifting the complexity to ESX. To offer any sort of HA, you have to have an ESX cluster. In that case you can take the "H" out of "HA" because it will still be seen as an outage. With a second CAS, if you lose 1, you can get it up without the end user ever knowing. In your scenario, you're hoping for 10-15 minutes, if your lucky it may not even be that long, but if you're not lucky, it could take a lot longer. Who says they even have/use virtualization at all?

You should never have to spend hours troubleshooting RPC and other issues with Exchange 2010 when using a hardware load balancer in a production environment. Those issues should be worked BEFORE you go live with it. I know exactly what you're talking about, because the redundant Foundry SSL load balancers I had to work with at my last job when I migrated to 2010 were outdated pieces of junk. There were registry hacks that had to be done on the Exchange servers, and configuration options on the load balancers themselves that the Network Engineers had never had to use before. That was the whole reason I looked into the Kemp products, because they're supposed to handle it very well. Proper testing brought these issues to light, and they were resolved before migration.

cyberguypr wrote:

Since we are not implementing archiving & retention yet, we are not ready to go backupless.

Is that an eventual goal? 3rd server is for lagged copies right? I just don't see why you'd want the 3rd server unless you were going to use lagged copies in some form.

Everyone

it_consultant wrote: »

As an aside - I am not criticizing to be an A$$, just trying to air out different ideas.

I have a client with about 300 Exchange users. Exchange 2007 all services in one server. I have three ESX servers, 2 in one site and one offsite. I have a replica of my main exchange server going to the other two ESX servers. Essentially an active - passive - passive kind of scenario. I have BE to do granular backups, log clearing, etc. The EDB file is about 136 GB. I have a pretty quick internet link between the main location and the off site location.

In about 1.5 minutes I can recover the whole environment. This is not complex, there is no performance benefit, but with 300 users and an EDB file of that size, performance is excellent anyway.

Quick and dirty HA. I have other LOB applications that are also replicated this way, not just exchange. Simple HA, simple recovery, much smaller disasters.

Didn't think you were being an A$$, and I hope you don't think I'm being one either. Always interesting to hear different ways of doing things. Like I said, smallest environment I've ever dealt with was 1000 users, so I tend to think bigger on these things. I scale up very well, scaling down on the other hand, probably not so much.

Have you ever had to recover that environment, or is 1.5 minutes just a theory? If your client is OK with the downtime, then I'm sure that solution works great. However I see potential for quite a bit of data loss here. Even if you have nightly backups, and it only takes you 1.5 minutes to recover, you could be losing half a day or more worth of data. Some places may find this an acceptable risk. I personally haven't worked anywhere that would consider it to be one. If I did, it wouldn't be acceptable to me. I've been in situations where failures occurred and recovery fell within established acceptable risk, but now what they thought would be acceptable, suddenly no longer was after the failure actually occurred.

Like I said in my previous post, I wouldn't consider your solution to be either simple, or HA. You've just shifted the complexity from Exchange to ESX. It sounds like you have great disaster recovery, but you don't have HA. They are 2 different things.

it_consultant

My recoveries actually take very little time, you may not have seen my other post but I have a live passive copy ready to go, that means my downtime (for my whole environment) is only as long as it takes me to start a VM. Take a look at my previous post, I gave an in depth explanation of a network a little larger than OP's where I have set up exchange in a quick recovery environment.

I don't hate on hardware load balancers when the performance needs are there, I think HA can be done more simply and creatively on smaller networks.

it_consultant

Everyone wrote: »

Didn't think you were being an A$$, and I hope you don't think I'm being one either. Always interesting to hear different ways of doing things. Like I said, smallest environment I've ever dealt with was 1000 users, so I tend to think bigger on these things. I scale up very well, scaling down on the other hand, probably not so much.

Have you ever had to recover that environment, or is 1.5 minutes just a theory? If your client is OK with the downtime, then I'm sure that solution works great. However I see potential for quite a bit of data loss here. Even if you have nightly backups, and it only takes you 1.5 minutes to recover, you could be losing half a day or more worth of data. Some places may find this an acceptable risk. I personally haven't worked anywhere that would consider it to be one. If I did, it wouldn't be acceptable to me. I've been in situations where failures occurred and recovery fell within established acceptable risk, but now what they thought would be acceptable, suddenly no longer was after the failure actually occurred.

Like I said in my previous post, I wouldn't consider your solution to be either simple, or HA. You've just shifted the complexity from Exchange to ESX. It sounds like you have great disaster recovery, but you don't have HA. They are 2 different things.

I have tested my recoveries. Provided the failure is local to one ESX server then it takes as long as it does to start a VM. If I have to start from off site then it takes a little more because I have to mess with the IP numbers. If a disaster was so bad to take out my whole building, we are in a different ball game.

I considered the half or full day of downtime - all of the clients are cached exchange, if the EDB file comes back up and there is email in the cache that was not in the server it back syncs. I have tested this to my satisfaction. I have considered doing a database server cluster (one on each ESX host) or something, but it hasn't happened yet. I was really more intrigued by the hardware load balancer for the CA function anyway.

kenoo

it_consultant wrote: »

Gotta ask, isn't a hardware load balancer a bit overkill for this environment? I have seen networks with thousands of exchange connections on a client access array of two CAS servers tied into simple non-redundant (there is a reason for non-redundancy but I won't go into it here) mailbox servers. The performance was outstanding.

Maybe so but I guess it depends on what is acceptable for downtime and what kind of SLA needs they have.

We're in the middle of rolling out our exchange 2010 environment at my job, its a hedgefund and uncanny redundancy/0 downtime is key here, so we've been using a pair of active/passive F5 load balancers to a CAS array with 2 servers for about 150 users.. its been working great, we have the passive copies of the DB's on the netapp SAN for quick recoveries (we have snapshots every 15 mins of the passive copies)