We will have 2013 and 2010 exist together for a while...we plan to move away from using Unified Access Gateway for HTTP redirection to our Exchange services and implement Kemp load balancers...two at our HQ site and two at our DR stie...
We plan to have a one arm configuration...from what I gathered...each load balancer will have a network connection and only one network connection and be on the same network as our new Exchange 2013 servers. Can someone take a look at my config and give some input whether or not this will work and some suggestion on Ex13 urls, cert SAN names, etc.
HQKemp 2400 A HQKemp 2400 B DCKemp 2400 A DCKemp 2400 B
172.16.1.104 172.16.1.105 172.25.1.104 172.25.1.10
Virtual IP 172.16.1.106 Virtual IP 172.25.1.104
From the video I’ve watched for Kemp install…we’ll create the following internal DNS records for the Exchange services that will be configured on balancers.
OWA/ECP mail.corp.local.com 172.16.1.107
EWS ews.corp.local.com 172.16.1.108
OAB oab.corp.local.com 172.16.1.109
ActiveSync mobile.corp.local.co 172.16.1.110
OA oa.corp.local.com 172.16.1.111
Autodiscover autodiscover.corp.local.com 172.16.1.112
Question: We will configure the Exchange services with these ip addresses linked to each service on all four load balancers? Or will DR site load balancers have different IPs configured for same Exchange services?
Exchange services are split between our two sites…meaning Outlook Anywhere is configured for our CAS servers at our DR site and ActiveSync comes to HQ CAS servers as an example…so I want all Exchange services to come through the newly installed load balancers at HQ and if they don’t respond…the Exchange services get redirected to the load balancers at our DR site. Can you give some insight on the config of load balancers as to how we can do that?
I have a question about the cert we will have. Our Microsoft rep says we should get a new wildcard cert…currently we have a UCC cert with the following SANs attached.
Will this new cert have to be installed on load balancers? If so…can you suggest some ideas as to what new SANs I need if any of the new cert with Exchange 2010 and 2013 co-existing for a while. Below are the SANs on our current UCC cert.
Outside resolvable SANs
Webmail.corp.local.com 205.223.19.25 portal.corp.local.com 205.223.27.78
Portal2.corp.local.com 205.223.19.25
Autodiscover.corp.local.com 205.223.19.25
Internal SANs
Hqcas1.corp.local.com
Hqcas2.corp.local.com
Dccas1.corp.local.com
Dccas2.corp.local.com
Owamail.corp.local.com (this CAS Array server name that HQ CAS servers create)
What do you suggest we use for the external urls on Exchange 2013 for these services?
Our firewall guy says we’ll use same names, but I’m not sure if we try to use same name if we’ll get an error? Active Directory may say name already in use?
We plan to have firewall to just redirect requests for external urls to load balancers…sound correct? Meaning load balancer won’t have an external NIC defined…which makes it a one arm config…correct?