After importing the certificate, enable SSL decryption on the virtual server created:
1. Select Services > Virtual Servers, and select the virtual server created for POP3 that will be performing SSL decryption.
2. Scroll down and click SSL Decryption.
3. Set ssl_decrypt to Yes.
4. Select the previously imported certificate.
5. Scroll down to the bottom of the page, and click Update.
Configuration Summary
By accessing Services > Config Summary on the WebGUI, a complete snapshot of all configured services is provided. This is a very useful table to glance through to get a good understanding of how the services are configured.
Configuration Steps for a Single Virtual Server for All Exchange HTTP Services with
Multiple Pools
This approach uses a single IP address that is mapped to the FQDN of all Exchange HTTP services and uses multiple pools for each service. Using TrafficScript, Virtual Traffic Manager directs traffic to its appropriate pool, and each pool can be monitored separately.
This section contains step-by-step instructions to configure Virtual Traffic Manager for a single virtual server for all Exchange
HTTP services with multiple pools.
Brocade Virtual Traffic Manager and Microsoft Exchange 2013 Deployment Guide
53-1003936-02
Page 13
Component
Virtual Traffic Manager
(repeat for each service)
Virtual Traffic Manager
(repeat for each service)
Virtual Traffic Manager
(once)
Virtual Traffic Manager
(as required)
Virtual Traffic Manager
(as required)
Procedure
Create a traffic IP group for each Exchange HTTP service.
Create a pool for each Exchange HTTP service.
Select a monitor for the pool.
Create a virtual server for each Exchange HTTP service.
Configure SSL decryption.
Create and associate a traffic script that forwards the requests to the appropriate pool with the virtual server.
Description
A single traffic IP group must be created for all Exchange
services. For details, see the “Creating a Traffic IP Group”
section.
Enter the hostname or IP address of the node along with
the TCP/UDP port. For details, see the “Creating Pools”
section.
Select a health monitor for the pool. For details, see the
“Creating Monitors” section.
Create and associate the virtual server to the server pool of choice and the traffic IP group to listen on. For details,
see the “Creating a Virtual Server” section.
Configure SSL decryption to enable SSL offloads. For
details, see the “SSL Decryption” section.
Configure a traffic script to forward requests to relevant
pools. For details, see the “Creating and Associate Traffic
Script” section.
Creating a Traffic IP Group
Create a traffic IP group (also known as a virtual IP) on which the virtual server will listen on. To create a new traffic IP group:
1. Select Services > Traffic IP Groups, and scroll down to Create a new Traffic IP Group.
2. Fill in the fields as follows:
• Name: A descriptive name for the Exchange HTTP services (e.g., mail-lb.company.com)
• IP Addresses: An IP address that is mapped to the FQDN of all Exchange HTTP services
3. Click Create Traffic Group.
Creating Pools
For each of the identified Exchange HTTP services, create a pool using the following steps:
1. Select Services > Pools, and scroll down to Create a new Pool.
2. Fill in the fields as follows:
• Pool Name: A descriptive name for the pool (e.g., OWA Service)
• Nodes: hostname:443 or ipaddress:443
• Monitor: No monitor (this will be covered in detail in a later section)
3. In the next screen, click Load Balancing.
4. Under Algorithm, select Perceptive.
5. Click the Update button to apply changes.
6. Click SSL Settings.
7. Check the Yes button next to ssl_encrypt.
8. Click the Update button to apply changes.
Page 14 Brocade Virtual Traffic Manager and Microsoft Exchange 2013 Deployment Guide
53-1003936-02
9. Select Pool > Connection Management, and make the following changes:
•
Max_connect_time: 5–10 sec (left to user preference)
•
Max_reply_time: 120 sec (default RPC and ISS timeout template in Exchange 2013)
•
Queue_timeout: 120 sec (default RPC and ISS timeout template in Exchange 2013)
•
Node_connclose: yes (make sure to cut traffic to a node when failure occurs)
Repeat Step 1 through Step 9 to create a pool for each Exchange HTTP service.
Creating Monitors
This section details the steps to create health monitors.
Note: Advanced external monitors can be written in any language of choice and can be associated with the pool.
Create a health monitor to monitor the health of a pool.
1. Select Catalogs > Monitors.
2. Scroll down to Create new monitor.
3. Give the new monitor a descriptive name.
4. Set the type to HTTP monitor and the scope to Node.
5. Click Create Monitor to create the monitor.
6. In the subsequent configuration page, scroll down and set use_ssl to Yes.
7. Change host_header to the service URL path (e.g., owa.company.com).
8. Change Path to /<Path>/healthcheck.htm (e.g., /OWA/healthcheck.htm).
9. Change status_regex to ^200$.
10. Change body_regex to .*200 OK.
11. Scroll down to Apply Changes, and click the Update button.
12. Select Services > Pools, and choose the pool that the monitor will be attached to.
13. Scroll down and click Health Monitoring.
14. Add the appropriate health monitor.
Repeat Step 1 through Step 14 to create a health monitor for each Exchange HTTP service pool. Refer to the following table for the path that should be used for each service.
Service Name Path
Outlook Anywhere (OA)
Autodiscover
Exchange Web Service (EWS)
Exchange Admin Center (EAC)
Outlook Web Access (OWA)
Exchange ActiveSync (EAS)
/rpc/healthcheck.htm
/Autodiscover/healthcheck.htm
/EWS/healthcheck.htm
/ECP/healthcheck.htm
/OWA/healthcheck.htm
/Microsoft-Server-ActiveSync/healthcheck.htm
Brocade Virtual Traffic Manager and Microsoft Exchange 2013 Deployment Guide
53-1003936-02
Page 15
Service Name
Offline Address Book (OAB)
PowerShell (PS)
Path
/OAB/healthcheck.htm
/PowerShell/healthcheck.htm
Creating a Virtual Server
Create a virtual server to handle all Exchange traffic. To create a new virtual server:
1. Select Services > Virtual Servers, and scroll down to Create a new Virtual Server.
2. Enter the following:
•
Virtual Server Name: A descriptive name for the virtual server
•
Protocol: HTTP
•
Port: 443
•
Default Traffic Pool: Any pool created in the previous section
3. Click Create Virtual Server.
4. In the next screen, under Listening on, select Traffic IP Groups and check the appropriate traffic IP group created earlier.
5. Set Enabled to Yes.
6. Click the Update button to apply changes.
SSL Decryption
In order to perform SSL decryption, the certificate and the private key used for the virtual server created earlier must be imported into the Virtual Traffic Manager.
1. Select Catalogs > SSL > SSL Certificates.
2. Click Import Certificate to import the appropriate certificate.
After importing the certificate, enable SSL decryption on the virtual server created:
1. Select Services > Virtual Servers, and choose the virtual server created for Exchange HTTP services that will be performing SSL decryption.
2. Scroll down and click SSL Decryption.
3. Set ssl_decrypt to Yes.
4. Select the certificate imported earlier.
5. Scroll down to the bottom of the page and click Update.
Creating and Associating a Traffic Script That Forwards the Requests to the Appropriate Pool with the Virtual Server
Because a single virtual server is used for all Exchange 2013 HTTP services, incoming traffic should be forwarded to an appropriate pool. This can be done via TrafficScript in Brocade Virtual Traffic Manager. To create a traffic script that can accept variables, perform the following steps:
1. Select System > Global Settings > Other Settings.
2. Set trafficscript!variable_pool_use to Yes.
3. Scroll down to the bottom of the page and click the Apply button.
4. Select Catalogs > Rules.
Page 16 Brocade Virtual Traffic Manager and Microsoft Exchange 2013 Deployment Guide
53-1003936-02