Transcript layer 4 lb
Client Access Architecture Nathan Winters In association with: For any given mailbox’s connectivity, the user is always served by the server that hosts the active database copy User Layer 4LB CAS Each CAS determines the right end point for the traffic, and so all sessions – regardless of where they started – end up in the same place DAG MBX-A MBX-B HTTP HTTP Load balancer HTTP proxy CAS IIS HTTP proxy HTTP SITE BOUNDARY IIS SITE BOUNDARY CAS Load balancer HTTP MBX MBX MBX Protocol head Protocol head Protocol head DB DB DB Local proxy request OWA cross-site redirect request Cross-site proxy request http://channel9.msdn.com/Events/TechEd/Europe/2013/OUC-B317#fbid=nGCz34a0oXr Clients DNS autodiscover.contoso.com E2010 CAS CAS 2010 handles request PROXY E2010 MBX Internet-facing site PROXY E2013 CAS E2010 CAS E2013 MBX E2010 MBX CAS 2010 handles request Intranet site Clients DNS autodiscover.contoso.com E2007 CAS E2013 CAS E2007 CAS PROXY E2007 MBX E2013 MBX Internet-facing site MBX 2013 handles request E2007 MBX Intranet site Clients RPC/HTTP mail.contoso.com RPC/HTTP 1. Enable Outlook Anywhere E2010/E2007 CAS Enable OA Client Auth: Basic IIS Auth: E2013 CAS PROXY NTLM Enable OA Client Auth: Basic IIS Auth: Basic RPC E2010/E2007 CAS PROXY Enable OA Client Auth: Basic IIS Auth: NTLM RPC E2010/ E2007 MBX Internet-facing site E2013 MBX E2010/ E2007 MBX Intranet site On intranet 2007/2010 servers 2. Client settings Make 2007/2010 client settings the same as 2013 Server (in this case meaning OA hostname = mail.contoso.com and client auth = Basic) 3. IIS authentication methods Must include NTLM OWA Same site proxy request E2010 CAS mail.contoso.com europe.mail.contoso.com LAYER 4 LB LAYER 7 LB HTTP PROXY Auth 2013 logon page E2013 CAS RPC E2010 MBX HTTP PROXY E2010 CAS single Auth sign on Cross site (sso) 2010redirect!! logon proxy request newpage in CU2! RPC E2013 MBX Internet-facing site E2010 MBX Internet site OWA Legacy.mail.contoso.com mail.contoso.com europe.mail.contoso.com LAYER 7 LB LAYER 4 LB LAYER 7 LB E2007 CAS Single sign Auth on (SSO) 2007 logon redirect!! page New in CU2! Auth 2013 logon page E2013 CAS RPC E2007 MBX HTTP PROXY E2007 CAS Single sign Auth on (SSO) 2007 logon redirect!! page New in CU2! RPC E2013 MBX Internet-facing site E2007 MBX Intranet site OWA mail.contoso.com europe.mail.contoso.com LAYER 4 LB LAYER 4 LB Auth 2013 logon page E2013 CAS E2013 CAS E2013 MBX E2013 MBX Internet-facing site Single sign on (SSO) redirect!! New in CU2! Internet-facing site OWA mail.contoso.com mail.contoso.com LAYER 4 LB LAYER 4 LB Auth 2013 logon page E2013 CAS E2013 MBX Internet-facing site E2013 CAS HTTP PROXY E2013 MBX Internet-facing site EAS Same site proxy request mail.contoso.com europe.mail.contoso.com LAYER 4 LB LAYER 7 LB HTTP PROXY HTTP PROXY Cross site proxy request E2010 CAS E2013 CAS E2010 CAS E2010 MBX E2013 MBX E2010 MBX Internet-facing site Intranet site EAS legacy.mail.contoso.com mail.contoso.com europe.mail.contoso.com LAYER 7 LB LAYER 4 LB LAYER 7 LB E2007 CAS E2013 CAS E2007 CAS E2007 MBX E2013 MBX E2007 MBX Internet-facing site Intranet site /