Deployment Guide. AX Series with Microsoft Exchange Server

(1)

AX Series with

Microsoft

Exchange Server

(2)

Outlook Web Access (OWA) as part of Exchange Server allows users to connect remotely via a Web browser interface. OWA requires Web connectivity and can be used from Internet cafes and any other location that provides the connectivity. OWA interfaces through the HTTP and HTTPS protocols. Load balancing of OWA clients to Exchange through AX involves the confi guration procedures in the following sections.

Confi guring HTTP Health Monitor for Exchange Web Service

The AX device can regularly check the health of real servers and service ports. Health checks ensure that client requests are directed only to available servers. It is a best practice to setup a health check that is specifi c to the application type. In this deployment guide, we use a health check that requests a page from the Web server on the Exchange system.

To confi gure HTTP health monitor:

Select

1. Confi g Mode > Service > Health Monitor Click

2. Add

On the

3. Health Monitor section, enter a name for the monitor in the Name fi eld. In this exam- ple, the name “HTTP-Exchg” is used

On the

4. Method section, select HTTP from the Type drop-down list

Confi guration of optional fi elds may be required for your deployment. In this deployment, we 5.

use a specifi c HTTP health check in the URL fi eld by issuing a GET (from the drop down list) for “/iistest.htm” and checking for the content “Exchange Test” in the Expect fi eld. You can do a similar health check for your setup

Click

6. OK to fi nish confi guration of the health monitor. The health monitor appears in the health monitor table

(7)

Figure 2.2 Health Monitor Confi guration Figure 2.2 Health Monitor Confi guration

Confi guring Real Servers for Exchange

Real server confi guration is the fi rst step in doing server load balancing. The health monitor that was cre- ated above is used to check the real server health.

To confi gure a real server:

Select

1. Confi g Mode > Service > SLB Select

2. Server on the menu bar Click

3. Add. The General section appears In the

4. Name fi eld, enter a name for the server. In this example, the name is “Win-Exchg”

In the

5. IP Address fi eld, enter the IP address of the Exchange server In the

6. Health Monitor drop-down list, leave the default health monitor for Layer 3, which is ping to the server’s IP address

In the

7. Port section, enter the number of the service port in the Port fi eld for the real server. In this example, the port number is “80”

(8)

In the

8. Health Monitor (HM) drop-down list for the port, select the confi gured HTTP health monitor above which is “HTTP-Exchg”

Click

9. Add to add the port to the port list for the server Click

10. OK. The real server appears in the server table Repeat this procedure for each of the Exchange servers 11.

Figure 2.3 Real Server Confi guration Figure 2.3 Real Server Confi guration

Service Group Confi gurati on

A service group contains a set of real servers from which the AX device can select to service client requests. A service group allows you to virtually support multiple Exchange servers as one logical server.

This example uses a service group that contains Exchange servers as real servers and the applicable service port 80.

To confi gure a service group:

Select

2. Service Group on the menu bar Click

3. Add. The Service Group section appears In

4. Name fi eld, enter name of service group. In this example, the name is “HTTP-Exchg”

(9)

In the

5. Algorithm drop-down list, select the preferred load-balancing method. You can control the load on each server by selecting the appropriate type of load balancing methods. For this confi guration, Round Robin is used

In the

6. Server section, select a confi gured real server from the Server drop-down list In the

7. Port fi eld, enter the service port number (in this example, “80”) Click

8. Add. Repeat steps 6-8 for each real server Click

9. OK. The new group appears in the service group table

Figure 2.4 Service Group Confi guration Figure 2.4 Service Group Confi guration

IP Source NAT Confi gurati on

This step confi gures the IP address pool to use for IP source Network Address Translation (NAT). This pool assigns IP addresses to clients that use the Exchange servers. When the AX device performs NAT for a port that is bound to the template, the device selects an IP address from the pool.

Note: This step is optional for mapping between external IP addresses and internal IP addresses.

To confi gure Source NAT:

Select

1. Confi g Mode > Service > IP Source NAT Select

2. IPv4 Pool on the menu bar Click

3. Add. The IP Source NAT >IPv4 Pool > Create screen appears Enter a

4. Name for the pool. In this example, the pool name is “Exchg-NAT”

(10)

Enter the

5. Start IP Address and End IP Address (the beginning and ending addresses in the range to use for the pool). This can be the same number for a single IP address. In this example we use “192.168.141.16” for both fi elds

Enter the network mask, in this example

6. “255.255.255.0”

If the AX device is deployed in transparent mode, enter the default

7. Gateway to use for the NAT

traffi c. (In this example, the AX device is deployed in route mode, so the fi eld is left blank.) To use session synchronization for NAT translations, select the

8. HA Group from the drop down

list

Note: In this guide, High Availability (HA) is not used Click

9. OK

Figure 2.5 IP Source NAT Confi guration Figure 2.5 IP Source NAT Confi guration

Creati ng Templates for Outlook Web Access

Templates are sets of confi guration parameters that apply to specifi c service types or to servers and service ports. Even though in some cases default templates can be used, it is recommended that you create templates specifi c for Exchange, thus allowing you to change the templates in the future without impacting the default templates, which others may be sharing also. For this deployment, the following types of templates are used:

HTTP template

•

Cookie-persistence template (Optional)

•

TCP-Proxy template

•

RAM Caching Template (Optional)

•

SSL Client Template

•

SSL Server Template

•

(11)

To place a template into use, you must bind it to the virtual port on the virtual server. The SSL client and server templates are covered in the section, “OWA component of client access using SSL.”

Confi guring HTTP Template

HTTP templates have many options, including options to change information in the HTTP header, and select a service group based on the URL requested by the client. By default, all the options in this template are either disabled or not set, so you need to confi gure these options per your deployment requirements.

To confi gure an HTTP template:

Select

1. Confi g Mode > Service > Template Select

2. Application > HTTP on the drop down menu bar Click

3. Add. The HTTP section appears Enter a

4. Name for the template (in this example, “Exchg-HTTP-Temp”)

Select or enter values for the template options you want to use. In this example, the default 5.

values are used for the remaining options

For further options on this screen you can continue, or when fi nished, click

6. OK. The template

then appears in the HTTP template list

Figure 2.6 HTTP Template Confi guration Figure 2.6 HTTP Template Confi guration If continuing on the same confi guration:

Click on

1. Compression section icon to expand and see the available options Click the

2. Enabled radio button next to Compression Keep-Accept-Encoding

3. Enabled will leave the Accept-Encoding header in HTTP request from clients instead of removing the header. To keep the Accept-Encoding fi eld in client requests, select Enabled next to Compression Keep Accept Encoding. Otherwise, to remove the fi eld, leave this option disabled

(12)

To specify the

4. Min Content Length that is eligible for compression, enter the minimum num- ber of bytes the content must be in the Compression Content Length fi eld. In our example we type “1024”

To add more content types to be compressed:

5.

Click the

a. Compression Type tab In the

b. Type fi eld, enter the string for a content type to compress. In this example fi rst we type “pdf”

Click

c. Add

Repeat

d. step b and step c for each type of content to compress Click

6. OK

Figure 2.7 HTTP Template Confi guration Continuation Figure 2.7 HTTP Template Confi guration Continuation

Confi guring Cookie Persistence Template

Cookie Persistence inserts a cookie in the HTTP header of a server reply before sending the reply to the client. The cookie ensures that subsequent requests from the client for the same virtual server and virtual port are directed to the same service group, real server, or real service port for a specifi ed time confi g- ured in the expiration fi eld below.

To confi gure Cookie Persistence:

Select

2. Persistence > Cookie Persistence from the menu bar Click

3. Add to create a new template In the

4. Name fi eld, type the name of the template. In this example, the name is “Exchg-Cookie”.

In the

5. Expiration fi eld, check the check box. We used the expiration time of “604800” sec- onds, which is seven days. (The maximum confi gurable expiration is one year.)

For the

6. Cookie Name we used “exchg-cookie”

(13)

In the

7. Path fi eld, type default path “/”

Click

8. OK. The template appears in the Cookie Persistence template list

Figure 2.8 Cookie Persistence Confi guration Figure 2.8 Cookie Persistence Confi guration

Confi guring TCP-Proxy Template

TCP-Proxy Templates control TCP stack settings such as the idle timeout for TCP connections. Unless you need to change the setting for a TCP/IP stack parameter, you can use the default TCP-proxy template for the service type that uses it.

To confi gure a TCP Proxy template:

Select

2. TCP Proxy on the menu bar Click

3. Add

In the

4. Name fi eld, enter a name for the new template. In this example, the name is “Exchg- TCP-Proxy”

In the

5. Idle Timeout fi eld, the default value is “600” seconds. The defaults for this setting and the other settings are used in this example

Click

6. OK

(14)

Figure 2.9 TCP Proxy Template Confi guration Figure 2.9 TCP Proxy Template Confi guration

Confi guring RAM Caching Template

To cache some content on the AX device itself, you can use a RAM caching template. In this case, the AX device directly serves content that is cached, and only sends requests to the cache server for content that is not cached on the AX device. RAM caching can be used with compression on the same virtual port. In this case, compressed objects are cached and served to clients.

The RAM Cache can store a variety of static and dynamic content, serving this content instantly and ef- fi ciently to a large number of users.

Caching of HTTP content reduces the number of Web server transactions and hence the load on the servers. Caching of dynamic content reduces the latency and the cost of generating dynamic pages by application servers and database servers. Caching can also result in signifi cant reduction in page down- load time and in bandwidth utilization.

RAM caching is especially useful for high-demand objects on a website, for static content such as im- ages, and when used in conjunction with compression to store compressed responses and eliminating unnecessary overhead. The steps involved are as follows:

(15)

Select

1. Confi g Mode> Service > Template On the menu bar, select

2. Application > RAM Caching

Click

3. Add to create a new one Enter a

4. Name for the template, if you are creating a new one. This example name is “Exchg- RAM”

Enter or change any settings for which you do not want to use the default settings. Here we 5.

changed Age value to “7200” seconds In the Max. Cache Field, default value is

6. 10 MB, but we are using “50MB” for Max. Cache

To confi gure a cache policy:

7.

In the

a. URI fi eld, enter the portion of the URI string to match on. In this example we typed

“/apps/docs/”

Select

b. Cache from the Action drop-down list

By default, the content is cached for the number of seconds specifi ed in the

c. Age fi eld of the

RAM Caching section. To override the aging period, specify the number of seconds in the Duration fi eld. We used “3600” for that

Click

d. Add

Click

8. OK

Figure 2.10 RAM Caching Template Confi guration Figure 2.10 RAM Caching Template Confi guration

(16)

Confi guring HTTP Virtual Server

When you confi gure a virtual server, you add a virtual service port for each of the load-balanced services. When adding a virtual service port, you specify the protocol port number for the port, and the service type. In this example, the service type is HTTP. Virtual port confi guration also includes binding the service group and the templates to the port.

To confi gure a virtual server for the HTTP service:

Select

2. Virtual Server on the menu bar Click

4. Name fi eld, enter a name for the virtual server. In this example, the name is “Exchg- Web-HTTP”

In the

5. IP Address fi eld, enter the IP address that clients will request. In this example, the ad- dress is “192.168.141.11”

Figure 2.11 Virtual Server Confi guration Figure 2.11 Virtual Server Confi guration

In the

6. Port section, click Add. The Virtual Server Port section appears In the

7. Type drop-down list, select the service type. In this example, select HTTP In the

8. Port fi eld, enter the service port number. In this example, enter “80”

In the

9. Service Group drop-down list, select the service group. In this example, select service group “HTTP-Exchg”

(17)

Figure 2.12 Virtual Server Port Confi guration Figure 2.12 Virtual Server Port Confi guration

Continue on the same confi guration:

The default port template is used for the

10. Virtual Server Port Template, so leave default

selected In the

11. Source NAT Pool drop-down list, select the pool confi gured above (in this example,

“Exchg-NAT”) In the

12. HTTP Template drop-down list, select the HTTP Template confi gured above (in this example, “Exchg-HTTP-Temp”)

In the

13. RAM Caching Template drop-down list, select the RAM caching template confi gured above (in this example “Exchg-RAM”)

In the

14. TCP-Proxy Template drop-down list, select the TCP-proxy template (in this example,

“Exchg-TCP-Proxy”) In the

15. Persistence Template Type select Cookie Persistence Template from the drop down.

You can now select a Cookie Persistence Template drop-down list. Select the cookie-persistence template (in this example, “Exchg-Cookie”)

Figure 2.13 Virtual Server Port Confi guration (Continuation) Figure 2.13 Virtual Server Port Confi guration (Continuation)

(18)

Click

16. OK. The port appears in the list of the Port section

Figure 2.14 Virtual Server Port Confi guration (Continuation) Figure 2.14 Virtual Server Port Confi guration (Continuation) Click

17. OK. The virtual server appears in the virtual server list Click

18. Save to save the confi guration changes to the startup-confi g

Note: As the confi guration is hierarchical, you need to click the OK button up to the top level of confi gura- tion so that all the changes are applied.

(19)

Confi guring AX for Outlook Web Access Component of

Client Access Using SSL

Confi gurati on Steps

To confi gure the AX device to load balance Exchange servers using SSL, use the steps described in the previous section, but on the virtual server, use service type and health check for HTTPS instead of HTTP.

Before confi guring the virtual server, the following additional steps also are required:

Create or import an SSL certifi cate

•

Create an SSL client template

•

Create an SSL server template

•

Import SSL Certi fi cate

If you are importing a CA-signed certifi cate for which you used the AX device to generate the CSR, you do not need to import the key. The key is automatically generated on the AX device when you generate the CSR.

To import the Certifi cate:

Select

1. Confi g Mode> Service > SSL Management On the menu bar, select

2. Certifi cate

To import the certifi cate click

3. Import. The SSL Management > Certifi cate > Import screen appears

In the

4. Name fi eld, enter a name for the certifi cate. This is the name you will refer to when add- ing the certifi cate to a client-SSL or server-SSL template. In this example we type “n1.pem”

Select

5. Certifi cate from the Type drop-down list, if not already selected Click

6. Browse and navigate to the location of the certifi cate Click

7. Open. The path and fi lename appear in the Source fi eld Click

8. OK. The certifi cate appears in the certifi cate and key list

(20)

Figure 3.1 SSL Certifi cate Figure 3.1 SSL Certifi cate

To create the Key:

Select

1. Confi g Mode > Service > SSL Management On the menu bar, select

2. Certifi cate

Click on the

3. Import button. The SSL Management > Certifi cate > Import screen appears.

In the

4. Name fi eld, enter a name for the key. This is the name you will refer to when adding the key to a client-SSL or server-SSL template. In this example we used “n1.key”

Select

5. Key from the Type drop-down list Click

6. Browse and navigate to the location of the key Click

7. Open. The path and fi lename appear in the Source fi eld Click

8. OK. The key appears in the certifi cate and key list

Figure 3.2 SSL Key Figure 3.2 SSL Key

(21)

Confi guring SSL Server Template

In this step, SSL server template is confi gured for the real server.

To confi gure a Server SSL template:

Select

1. Confi gure Mode > Service > Template Select

2. SSL > Server SSL from the menu bar Click

3. Add. The Server SSL section appears In the

4. Name fi eld, enter a name for the template. In this example, the name is “Exchg-SSL- server”

In the

5. CA Cert Name drop-down list, select the certifi cate imported above Click

6. OK. The new template appears in the Server SSL template list

Figure 3.3 Server SSL Template Confi guration Figure 3.3 Server SSL Template Confi guration

Confi guring SSL Client Template

In this step, SSL client template is confi gured for the HTTPS virtual server. The SSL certifi cate and key confi gured in the previous step are used here. Later, during confi guration of the virtual server, the template will be bound to the HTTPS virtual service port.

To confi gure a client SSL template:

Select

2. SSL > Client SSL from the menu bar and drop down list Click

3. Add. The Template >> Client SSL >> Create screen appears In the

4. Name fi eld, enter a name for the template. In this example, the name is “Exchg-SSL”

In the

5. Certifi cate Name drop-down list, select the certifi cate imported above In the

6. Key Name fi eld, select the key imported above Click

7. OK. The new template appears in the Client SSL template list

(22)

Figure 3.4 Client SSL Template Confi guration Figure 3.4 Client SSL Template Confi guration

Confi guring HTTPS Virtual Server

In this step, a virtual server with SSL virtual service port is confi gured.

Select

1. Confi g Mode > Service > SLB, if not still selected Select

4. Name fi eld, enter a name for the virtual server. In this example, the name is “Exchg- Web-https”

In the

5. IP Address fi eld, enter the IP address that clients will request

Figure 3.5 HTTPS Virtual Server Confi guration Figure 3.5 HTTPS Virtual Server Confi guration

In the

7. Type drop-down list, select the service type. In this example, select HTTPS In the

8. Port fi eld, enter the service port number. In this example, enter “443”

In the

9. Service Group drop-down list, select the service group (in this example, “HTTPS-Ex- chg”, this may be “HTTP-Exchg” if the name was not changed in the original steps)

(23)

Figure 3.6 HTTPS Virtual Server Port Confi guration Figure 3.6 HTTPS Virtual Server Port Confi guration

Continue on the same confi guration:

In the

10. Source NAT Pool drop-down list, select the pool confi gured above (in this example,

“Exchg-NAT”) In the

11. HTTP Template drop-down list, select the HTTP template confi gured above (in this example, “Exchg-HTTP-Temp”)

In the

12. RAM Caching Template drop-down list, select the RAM caching template confi gured above (in this example “Exchg-RAM”)

In the

13. Client-SSL Template drop-down list, select the confi gured client-SSL template (in his example, “Exchg-SSL”)

In the

14. Server-SSL Template drop-down list, select the confi gured server-SSL template (in this example, “Exchg-SSL-Server”)

In the

15. TCP-Proxy Template drop-down list, select the TCP-proxy template (in this example,

“Exchg-TCP-Proxy”) Change the

16. Persistence Template Type to Cookie Persistence Template. Then select the Cookie Persistence Template from the drop-down list in the fi eld below, (in this example,

“Exchg-Cookie”)

(24)

Figure 3.7 HTTPS Virtual Server Port Confi guration (Continuation) Figure 3.7 HTTPS Virtual Server Port Confi guration (Continuation)

Click

17. OK. The port appears in the Port section Click

18. OK

Click

19. Save to save the confi guration changes to the startup-confi g

(25)

Confi guring AX for IMAP4 and POP3 Components of Client

Access

POP3 and IMAP4 are protocols used to connect a client to the Microsoft Exchange Server. To access Exchange server with these protocols, clients use programs such as Outlook, Outlook Express or other third party clients such as Thunderbird and Eudora. AX is confi gured to service POP3 and IMAP4 with secure SSL connections.

Confi guring AX for IMAP4

This section contains confi guration steps for IMAP4 on AX, and the required steps are:

Import Certifi cate and Key

•

Confi gure TCP Health Monitor for port 993

•

Confi gure Real Server

•

Confi gure Service-group

•

Confi gure Template

•

Confi gure Virtual Server

•

Note: Follow the procedures outlined above in the OWA section for loading SSL certifi cates and keys for all the confi gurations below.

Creati ng TCP Health Monitor for IMAP

The fi rst step is to confi gure a health monitor for the Exchange server IMAP service.

Select

2. Add

In the

3. Health Monitor section, enter a name for the monitor in the Name fi eld. In this example, the name “Exchg-TCP-IMAP” is used

In the

4. Interval and Timeout fi elds, default values are 30 and 5. But for this example we used

“20” seconds as interval value and “3” seconds as timeout value for TCP health monitor In the

5. Method section, select TCP from the Type drop-down list In the

6. Port fi eld, enter port number “993” for IMAP4 with SSL service

Confi gure optional fi elds as required for your deployment. In this example, the default health 7.

monitor settings are used Click

8. OK to fi nish confi guration of the health monitor. The health monitor appears in the Health Monitor list

(26)

Figure 4.1 Health Monitor Confi guration for IMAP Figure 4.1 Health Monitor Confi guration for IMAP

Real Server Confi gurati on for IMAP

We are using IMAP service with secure SSL and therefore need to confi gure port 993 on the real server.

Also we need to confi gure the TCP health monitor on the service port. The following steps are required to confi gure the IMAP real server.

Select

In the

5. IP Address fi eld, enter the IP address of the server. In this example the IP address value is “192.168.140.10”

In the

6. Health Monitor drop-down list, leave the default health monitor selected. This drop- down list specifi es the Layer 3 health monitor, which will ping the server’s IP address In the

7. Port fi eld, enter the number of the service port on the real server. In this example, the port number is “993”

(27)

In the

8. Health Monitor (HM) drop-down list for the port, select the previously confi gured TCP health monitor for IMAP “Exchg-TCP-IMAP”

Click

Figure 4.2 Real Server Confi guration for IMAP Figure 4.2 Real Server Confi guration for IMAP

(28)

Confi guring IMAP Service Group

A service group contains a set of real servers from which the AX device can be selected to service client requests. A service group allows you to group multiple real servers to assign to a single virtual server.

For IMAP4 the service port is 993.

Select

3. Add. The SLB >> Service Group >> Create screen appears In

4. Name fi eld, enter name of service group. In this example, the name is “Exchg-IMAP4-SSL”

In the

6. Server fi eld, select a previously confi gured real server from the Server drop-down list. In this example real server is “Win-Exchg”

In the

7. Port fi eld, enter the service port number. In this example the port number for IMAP ser- vice with SSL is “993”

Click

Figure 4.3 Service Group Confi guration for IMAP Figure 4.3 Service Group Confi guration for IMAP

(29)

Creati ng Templates for IMAP4

For IMAP4 service confi guration, the following templates are used:

TCP-Proxy Template

•

SSL-Client Template

•

SSL-Server Template

•

TCP-Proxy template confi gurati on

TCP-proxy template controls TCP stack settings such as the idle timeout for TCP connections. Unless you need to change the setting for a TCP/IP stack parameter, you can use the default TCP-Proxy template for the service type that uses it.

To confi gure a TCP-Proxy template:

Select

1. Confi g Mode > Service > Template Click

2. TCP Proxy on the top menu bar Click

3. Add

In the

4. Name fi eld, enter the name for the new template. In this example, the name is “Exchg- IMAP-TCPProxy”

In the

5. Idle Timeout fi eld, the default value is 600 seconds. In this example we used “1200”

seconds for idle timeout

Other settings are used in this example as default value 6.

Click

7. OK

(30)

SSL Client template confi gurati on

In this step, the SSL client template is confi gured for the IMAP virtual server. We are using the IMAP service with secure SSL service so we need to confi gure the SSL client template on IMAP SSL service port 993. Import SSL Certifi cate and Key using steps confi gured in the Outlook Web Access component of Client Access Using SSL, Pg 21.

Select

2. SSL > Client SSL from the top menu bar and drop down Click

4. Name fi eld, enter a name for the template. In this example, the name is “Exchg-IMAP- Certi”

In the

5. Certifi cate Name drop-down list, select the certifi cate imported above. In this example, the name is also “Exchange-IMAP-Cert”

From the

6. Key Name drop down, select the key imported above. In this example, the name is also “Exchange-IMAP-Cert”

In this example we changed the

7. Cache Size to “10”

Click

Figure 4.5 SSL Client Template Confi guration Figure 4.5 SSL Client Template Confi guration

(31)

SSL Server template confi gurati on

In this step, the SSL server template is confi gured for the IMAP virtual server. We need to confi gure SSL Server template on IMAP SSL service port 993.

Select

1. SSL then Server SSL from the top menu bar and drop down Click

2. Add. The Template >> Server SSL >> Create screen appears In the

3. Name fi eld, enter a name for the template. In this example, the name is “IMAP-SSL- Server”

In the

4. CA Cert Name drop-down list, select the certifi cate imported above. In this example, the name is also “Exchange-IMAP-Cert”

Click

5. OK. The new template appears in the Server SSL template list

Figure 4.6 SSL Server Template Confi guration Figure 4.6 SSL Server Template Confi guration

Confi guring IMAP4 Virtual Server

In this step virtual server for IMAP4 service is confi gured. We are using the IMAP service with secure SSL so we will need to confi gure port 993 on virtual server. The type of virtual server is SSL Proxy and you will also need to confi gure the template on service port 993. To confi gure a virtual server:

Select

2. Virtual Server on the top menu bar Click

3. Add. The SLB >> Virtual Server >> Create screen appears In the

4. Name fi eld, enter a name for the virtual server. In this example, the name is “Exchg- IMAP”

In the

(32)

Figure 4.7 IMAP Virtual Server Confi guration Figure 4.7 IMAP Virtual Server Confi guration

In the

6. Port section, click Add. The SLB >> Virtual Server >> Create screen appears In the

7. Type drop-down list, select the service type. In this example, select SSL-Proxy In the

8. Port fi eld, enter port “993” for IMAP service with secure SSL In the

9. Service Group drop-down list, select the service group “Exchg-IMAP4-SSL” for this example

Figure 4.8 IMAP Virtual Server Port Confi guration Figure 4.8 IMAP Virtual Server Port Confi guration

The default port template is used for the

10. Virtual Server Port Template, so leave default

selected In the

11. Source NAT Pool drop-down list, select the pool (in this example, “Exchg-NAT”) In the

12. Client-SSL Template drop-down list, select previously confi gured “Exchg-IMAP-Certi”

SSL client template In the

13. Server-SSL Template drop-down list, select previously confi gured SSL Server Tem- plate

In the

14. TCP-Proxy Template fi eld, select the “Exchg-IMAP-TCPProxy” template confi gured above

(33)

Figure 4.9 IMAP Virtual Server Port Confi guration (Continuation) Figure 4.9 IMAP Virtual Server Port Confi guration (Continuation)

15. Click OK. The port appears in the Port section list 16. Click OK

17. Click Save to save the confi guration changes to the startup-confi g

Confi guring AX for POP3

This section contains confi guration steps to support POP3 load balancing using the AX.

To confi gure POP3 on AX, the required steps are:

Import Certifi cate and Key

•

Confi gure TCP Health Monitor for port 995

•

Confi gure Template

•

Confi gure Virtual Server for POP3

•

Note: Follow the procedures outlined above in the OWA section for loading the SSL certifi cate and keys for all the confi gurations below.

(34)

Creati ng TCP Health Monitor for POP3

In this step we confi gure TCP health monitor for POP3 and Exchange Server.

Select

2. Add

On the

3. Health Monitor section, enter a name for the monitor in the Name fi eld. In this exam- ple, the name “exch-pop-hm” is used

In the

4. Interval and Timeout fi elds, default values are 30 and 5. But for this example we used

“10” seconds as the interval value and “2” seconds as the timeout value for TCP health monitor Expand the

5. Method section, select TCP from the Type drop-down list In the

6. Port fi eld, enter port number “995” for POP3 with SSL service

Figure 4.10 Health Monitor for POP3 Confi guration Figure 4.10 Health Monitor for POP3 Confi guration

(35)

Confi guring POP3 Real Server

In this step we confi gure real Exchange Server with POP3 service. We are using POP3 with SSL and so we will need to confi gure port 995 (POP3 with SSL) on a real server.

Select

4. Name fi eld, enter a name for the Exchange server. In this example, the name is “Win- Exchg”

In the

5. IP Address fi eld, enter the IP address of the server. In this example, the IP address is

“192.168.140.10”

In the

8. Health Monitor (HM) drop-down list for the port, select the TCP health monitor confi g- ured for POP3 in the previous step

Click

(36)

Figure 4.11 Real Server for POP3 Confi guration Figure 4.11 Real Server for POP3 Confi guration

(37)

Confi guring POP3 Service Group

A service group contains a set of real servers from which the AX device can select to service client requests. A service group allows you to virtually support multiple real servers. In this example the service group contains Exchange server with service port 995 for POP3.

Select

4. Name fi eld, enter name of service group. In this example, the name is “Exchg-SSL-POP”

In the

6. Server section, select a confi gured real server from the Server drop-down list.

In the

7. Port fi eld, enter port number “995” for POP3 with SSL Click

Figure 4.12 POP3 Service Group Confi guration Figure 4.12 POP3 Service Group Confi guration

(38)

Creati ng Templates for POP3

For POP3 service confi guration on AX, the following templates are used:

TCP-Proxy Template

•

SSL-Client Template

•

SSL-Server Template

•

TCP-Proxy template confi gurati on

TCP-proxy templates control TCP stack settings such as the idle timeout for TCP connections. Unless you need to change the setting for a TCP/IP stack parameter, you can use the default TCP-proxy template for the service type.

To confi gure a TCP-proxy template:

Select

1. Confi g Mode > Service > Template Click

2. TCP Proxy on the top menu bar Click

3. Add

In the

4. Name fi eld, enter a name for the new template. In this example, the name is “Exchg- POP-TCPProxy”

Default values are use for other parameters.

5.

Click

6. OK.

Figure 4.13 TCP Proxy Template Confi guration for POP3 Figure 4.13 TCP Proxy Template Confi guration for POP3

(39)

SSL Client template confi gurati on

In this step, the SSL client template is confi gured for the POP3 virtual server. Import the SSL Certifi cate and Key using the steps noted in the “Confi guring AX for Outlook Web Access component of Client Ac- cess Using SSL” section. The template is bound to virtual server port 995.

Select

2. SSL > Client SSL from the top menu bar and drop down Click

4. Name fi eld, enter a name for the template. In this example, the name is “Exchg-POP- Certi”

In the

5. Certifi cate Name drop-down list, select the certifi cate imported above. In this example, the name is also “Exchg-POP-Certi”

In the

6. Key Name fi eld, select the key imported above. In this example, the name is also

“Exchg-POP-Cert”

In this example we changed the

7. Cache Size to “10”

Click

8. OK. The new template appears in the Template >> Client SSL >> List

Figure 4.14 SSL Client Template Confi guration for POP3 Figure 4.14 SSL Client Template Confi guration for POP3

(40)

SSL Server template confi gurati on

In this step, the SSL server template is confi gured for the POP3 virtual server. We need to confi gure the SSL Server template on POP3 SSL service port 995.

Select

2. SSL then Server SSL from the top menu bar and drop down Click

3. Add. The Template >> Server SSL >> Create screen appears In the

4. Name fi eld, enter a name for the template. In this example, the name is “POP-SSL- Server”

In the

5. CA Cert Name drop-down list, select the certifi cate imported above. In this example, the name is also “Exchg-POP-Certi”

Click

Figure 4.15 SSL Server Template Confi guration Figure 4.15 SSL Server Template Confi guration

Confi guring POP3 Virtual Server

In this step we will confi gure virtual server for POP3 service. You need to confi gure service port 995 on the virtual server and the server type is SSL-Proxy. The Virtual port confi guration also includes binding the service group and the templates to the port.

To confi gure POP3 virtual server:

Select

4. Name fi eld, enter a name for the virtual server. In this example, the name is “Exchg- POP3”

In the

(41)

Figure 4.16 Virtual Server Confi guration for POP3 Figure 4.16 Virtual Server Confi guration for POP3

In the

7. Type default type is TCP, so select SSL-Proxy from the drop-down list In the

8. Port fi eld, enter port number to bind that service on the virtual server. In this example we need POP3 with SSL so the port is “995”

In the

9. Service Group drop-down list, select the service group. In this example, select service group “Exchg-SSL-POP”

Figure 4.17 Virtual Server Port Confi guration for POP3 Figure 4.17 Virtual Server Port Confi guration for POP3

The default

10. Virtual Server Port Template is used, so leave default selected In the

11. Source NAT Pool drop-down list, select the pool (in this example, “Exchg-NAT”) In the

12. Client-SSL Template drop-down list, select the previously confi gured “Exchg-POP- Certi” SSL client template

In the

13. Server-SSL Template drop-down list, select previously confi gured SSL Server template From the

14. TCP-Proxy Template drop down, select the “Exchg-POP-TCPProxy” template for this example

(42)

Figure 4.18 Virtual Server Port Confi guration for POP3 (continuation) Figure 4.18 Virtual Server Port Confi guration for POP3 (continuation)

15. Click OK. The port appears in the Port section list 16. Click OK

17. Click Save to save the confi guration changes to the startup-confi g

(43)

Confi guring AX for SMTP

SMTP is used for outgoing mail services and the SMTP virtual server is associated with Exchange in sending mail. We are using SMTP with SSL, utilizing port 587 for secure SMTPS. Before binding this port you will need to confi gure port 587 on the real server and confi gure one service group for SMTPS service.

Steps to confi gure SMTPS on AX:

Confi gure TCP Health Monitor

•

Confi gure Template

•

Confi gure Virtual Server

•

Creati ng SMTP Health Monitor:

The fi rst step is to confi gure health monitor for SMTPS service.

Select

2. Add

In the

3. Health Monitor section, enter a name for the monitor in the Name fi eld. In this example, the name “exchg-smtps” is used

In the

4. Interval and Timeout fi elds, default values are 30 and 5. We are also using default value for this example

In the

5. Method section, select SMTP from the Type drop-down list In the

6. Port fi eld type “587” for SMTP

(44)

Figure 5.1 Health Monitor Confi guration for SMTP Figure 5.1 Health Monitor Confi guration for SMTP

Confi guring SMTP Real Server:

In this step we confi gure the Exchange real server with SMTPS service. For this we need to confi gure port 587 on the real server.

Select

In the

5. IP Address fi eld, enter the IP address of the server In the

(45)

In the

8. Health Monitor (HM) drop-down list for the port, select the confi gured TCP health moni- tor “exchg-smtps”

Click

Figure 5.2 SMTP Real Server Confi guration Figure 5.2 SMTP Real Server Confi guration

(46)

Confi guring SMTP Service Group

A service group contains a set of real servers from which the AX device can select to service client requests. A service group allows you to virtually support multiple real servers. Following steps are to confi gure SMTPS service group:

Select

4. Name fi eld, enter name of service group. In this example, the name is “Exchg-SMTPS”

In the

6. Server section, select a confi gured real server from the drop-down list In the port fi eld, enter the port

7. “587”

Click

Figure 5.3 SMTP Service Group Confi guration Figure 5.3 SMTP Service Group Confi guration

(47)

Creati ng Template for SMTP

For SMTP, the TCP template is used for the service. AX device has a default TCP template and you can also confi gure your own TCP template on the AX. In this confi guration we confi gure our TCP template with a timeout of 1200 seconds.

To confi gure TCP Template:

Select

1. Confi g Mode> Service > Template Select

2. L4 > TCP on the top menu bar and drop down Click

3. Add

Enter a name for the template in the

4. Name fi eld, in this example we use ”Exchg-TCP- SMTPS”

In the

5. Idle Timeout fi eld, we used “1200” seconds Click

6. OK. The new template appears in the TCP template table

Figure 5.4 TCP Template Confi guration for SMTP Figure 5.4 TCP Template Confi guration for SMTP

Confi guring SMTPS Virtual Server

The next step is to confi gure virtual server for SMTPS. The TCP type virtual server is used for SMTPS.

To confi gure a virtual server:

Select

2. Virtual Server on the top menu bar Click

4. Name fi eld, enter a name for the virtual server. In this example, the name is “Exchg- SMTPS”

(48)

In the

5. IP Address fi eld, enter the IP address that clients will request. In this example IP ad- dress is “192.168.141.20”

Figure 5.5 SMTPS Virtual Server Confi guration Figure 5.5 SMTPS Virtual Server Confi guration In the

7. Type drop down use the default type of TCP In the

8. Port fi eld, enter port number for the service on the virtual server. In this example enter port “587” for SMTPS service

In the

9. Service Group drop-down list, select the service group. In this example, select service group “Exchg-SMTPS”

Figure 5.6 SMTPS Virtual Server Port Confi guration Figure 5.6 SMTPS Virtual Server Port Confi guration In

10. TCP Template drop down, select confi gured “Exchg-TCP-SMTPS” template from drop- down list. (The screen shot is not listed for this step)

Click

11. OK. The port appears in the Port section list as follows

(49)

Figure 5.7 SMTPS Virtual Server after Port Creation Figure 5.7 SMTPS Virtual Server after Port Creation Click

12. OK. The virtual server appears in the virtual server table

(50)

Summary and Conclusion

The confi guration steps described above show how to set up the AX device for Exchange Server. By using the AX device to load balance Exchange services, the following key advantages can be achieved:

Transparent application load sharing

•

Multiple Exchange services can be pooled together without any changes to how users ac-

◦

cess the applications.

Availability of applications

•

Obtain higher availability when Exchange servers fail so that there is no direct impact to how

◦

users access the applications.

Performance

•

Achieve higher connection throughput and faster end user responsiveness by offl oading

◦

security processing to the AX device.

The AX Series Advanced Traffi c Manager provides signifi cant benefi ts for all users of Microsoft Ex- change services. For more information about AX Series products, refer to:

http://a10networks.com/products/axseries.php http://a10networks.com/resources/solutionsheets.php http://a10networks.com/resources/casestudies.php

(51)

A10 Networks was founded in 2004 with a mission to provide innovative networking and security solutions. A10 Networks makes high-performance products that help organiza- tions accelerate, optimize and secure their applications. A10 Networks is headquartered in Silicon Valley with offi ces in the United States, Europe, Japan, China, Korea and Tai- wan. For more information, visit

www.a10networks.com.

Performance by Design

To learn more about the AX Series Advanced Traffi c Manager and how to improve application performance up to 8 times faster while enhanc- ing reliability and security, visit A10 Networks’ website at:

www.a10networks.com Or call and talk to an A10 sales representative:

Corporate Headquarters

A10 Networks, Inc.

2309 Bering Drive San Jose, CA 95131 Tel: +1 408 325-8668 Fax: +1 408 325-8666

North America Sales:

+1 888 A10-6363 +1 408 325-8616

Europe, Middle East &

Africa Sales:

+31 70 799-9143

Asia Pacifi c Sales:

China, Beijing Offi ce:

+86 10 8515-0698

China, Shanghai Offi ce:

+86 21 6137-7850 Japan Sales:

+81-3-3291-0091 Korea Offi ce:

+82-2-6007-2150 +82-2-6007-2151 Taiwan Offi ce:

+886-2-2657-3198

Deployment Guide. AX Series with Microsoft Exchange Server

AX Series with

Microsoft

Exchange Server

Table of Contents