Load Balancing Requirements
Topic Last Modified: 2012-11-27
If you have Front End pools, Director pools, Edge Server pools, or reverse proxy pools, you need to deploy load balancing for these pools. Load balancing distributes the traffic among the servers in a pool.
Lync Server 2010 can use any reverse proxy that supports the requirements of the Web services that the Directors, Front End Servers, and Standard Edition server make available. Load balancing of a pool or a farm (a term used to refer to a pool of reverse proxies) of reverse proxies is left to the requirements of the reverse proxy. Lync Server 2010 imposes no specific restrictions on the method of load balancing the reverse proxies as long as the reverse proxy farm can continue to provide the requirements of the Web services.
Microsoft Lync Server 2010 supports two types of load balancing solutions: Domain Name System (DNS) load balancing and hardware load balancing. DNS load balancing offers several advantages including simpler administration, more efficient troubleshooting, and the ability to isolate much of your Lync Server 2010 traffic from any potential hardware load balancer problems.
Decide which load balancing solution is appropriate for each pool in your deployment, keeping in mind the following restrictions:
The internal Edge interface and external Edge interface must use the same type of load balancing. You cannot use DNS load balancing on one interface and hardware load balancing on the other.
Some types of traffic require a hardware load balancer. For example, HTTP traffic requires a hardware load balancer instead of DNS load balancing. DNS load balancing does not work with client-to-server web traffic.
For more details about choosing a load balancer solution for Edge topologies, see "Hardware Load Balancers" in Components Required for External User Access.
If you choose to use DNS load balancing for a pool but still need to implement hardware load balancers for traffic such as HTTP traffic, the administration of the hardware load balancers is greatly simplified. For details, see DNS Load Balancing.
Hardware Load Balancer Requirements
If your deployment includes a Front End pool or a Director pool, you need to use a hardware load balancer on the pools for Web Services. This section describes hardware load balancer requirements for Web Services. For details about hardware load balancer requirements for A/V Edge or reverse proxies, see "Hardware Load Balancer Requirements for A/V Edge" and "Hardware Load Balancer Requirements for Reverse Proxy" in Components Required for External User Access.
Your hardware load balancer must meet the following requirements for Web Services:
For external Web Services virtual IPs (VIPs), set cookie-based persistence on a per port basis for external ports 4443 and 8080 on the hardware load balancer. For Lync Server 2010, cookie-based persistence ensures that multiple connections from a single client are sent to one server to maintain session state.
You must configure the hardware load balancer for cookies as follows:
Cookies must not be marked httpOnly.
Cookies must be named MS-WSMAN.
SSL decryption and re-encryption must be enabled for cookie persistence. Because the load balancer must decrypt and re-encrypt SSL traffic to use cookies for maintaining session state, any certificate assigned to the external Web Services fully qualified domain name (FQDN) must also be assigned the 4443 VIP of the hardware load balancer.
A cookie must be set in every HTTP response if the incoming HTTP request did not include a cookie, even if a previous HTTP response during the same TCP connection already obtained a cookie. If your load balancer optimizes the use of cookies such that a cookie is inserted only once per TCP connection, ensure that you do not use this optimization.
Cookies must not have an expiration time.
Note
In some cases, you may experience double notifications in Mobility on Windows Phone 7, Windows Phone 8, and Apple iPhone, iPad and iTouch. These mobile clients use push notification and may need to have a defined cookie expiration time. If you are experiencing double push notification, set the cookie expiration to 3650 days.
If you are deploying mobile devices, your hardware load balancer must be able to load balance individual requests within a TCP session (in effect, you must be able to load balance an individual request based on the destination IP address). For example, F5 hardware load balancers have the OneConnect feature, which ensures that each request in a TCP connection is individually load balanced. If you deploy mobile devices, ensure that your hardware load balancer vendor supports equivalent functionality.
For details about how to configure your hardware load balancer to meet these requirements, see your vendor's documentation. For details about supported hardware load balancers and links to vendor documentation, see https://go.microsoft.com/fwlink/p/?LinkId=230700.
For internal Web Services VIPS, set source_addr persistence (internal port 80, 443) on the hardware load balancer. For Lync Server 2010, source_addr persistence means that multiple connections coming from a single IP address are always sent to one server to maintain session state.
Important
If you deploy the Lync Server 2010 Mobility Service and support mobile clients only over your internal Wi-Fi network, you need to configure the internal Web Services VIPS for cookie persistence as described above for external Web Services VIPs. In this situation, do not use source_addr persistence for the internal Web Services VIPs on the hardware load balancer.
Use TCP idle timeout of 1800 seconds.
On the firewall between the reverse proxy and the next hop pool’s hardware load balancer, create a rule to allow https: traffic on port 4443, from the reverse proxy to the hardware load balancer. The hardware load balancer must be configured to listen on ports 80, 443, and 4443.