I didn’t know this one, was aware of the general guidelines. This is a very nice guide, fully detailed.
From: Thomas Heil [mailto:[email protected]] Sent: Wednesday, August 28, 2013 5:06 PM To: Ozgur Tas Cc: Lukas Tribus; Kevin C; [email protected] Subject: Re: Load Balance individual requests Hi did you know this one http://www.exceliance.fr/sites/default/files/biblio/appnotes_0061_lync_2010_deployment_guide_en.pdf cheers Thomas Heil Am 28.08.2013 um 21:29 schrieb Ozgur Tas <[email protected]<mailto:[email protected]>>: We are just using to load balance a Front-End pool in Lync 2010. Each local Lync branch servers have one failover pool assigned, which is the load balanced pool at datacenter (2 servers at datacenter). And these two front end servers is load-balanced using haproxy ( ports 80, 443, 8080, 4443 ). ~~~some info: The following settings should be configured on your hardware load balancer to properly load balance requests for Lync Web Services: •For internal Web Services virtual IPs (VIPs), set source_addr persistence (internal port 80, 443) on the hardware load balancer. For Lync Server 2010, source_addr persistence indicates that multiple connections coming from a single IP address are always sent to one server to maintain session state. •For external Web Services virtual IPs (VIPs), set cookie-based persistence on a per port basis for external ports 4443, 8080 on the hardware load balancer. For Lync Server 2010, cookie-based persistence indicates that multiple connections from a single client are always sent to one server to maintain session state. To configure cookie-based persistence, the load balancer must decrypt and re-encrypt SSL traffic. Therefore, any certificate assigned to the external web service FQDN must also be assigned the 4443 VIP of the hard load balancer. ◦Cookies must not be set to HTTP only. ◦Cookies must not be configured with an expiration time. ◦Cookies must be configured to filter on ‘MS WSMAN’. ◦Cookies must be set in every HTTP response for which the incoming HTTP request did not have a cookie, regardless of whether a previous HTTP response on that same TCP connection had already obtained a cookie. If the Load Balancer optimizes cookie insert to only occur once per TCP connection, that optimization MUST NOT be used. •If a reverse proxy is used, set the Forward host header to True in the reverse proxy publishing rule for port 4443. This will ensure that the original URL is forwarded to the target web server. ~~~ : http://blogs.technet.com/b/nexthop/archive/2011/11/03/hardware-load-balancer-requirements-for-lync-server-2010.aspx -----Original Message----- From: Lukas Tribus [mailto:[email protected]] Sent: Wednesday, August 28, 2013 1:41 PM To: Kevin C Cc: [email protected]<mailto:[email protected]> Subject: RE: Load Balance individual requests Yes, link use SIP and HTTPS. HAProxy can't load balance UDP based SIP. The documentation says tha HAproxy must load balance individual requests within a TCP session and make persistence with a cookie. This implies however that HAProxy has to offload SSL. So the certificate needs to be installed on the HAProxy box. Lukas
