In my previous blog I wrote about the new SSL offloading capabilities in Exchange 2013 SP1. In this blog I will explain how to use this with a load balancer. In my lab environment I’m using an F5 (virtual) LTM running on Hyper-V. My lab is configured as shown in the following figure:
On February 25, 2014 Microsoft released Exchange 2013 SP1, an interesting upgrade in the Exchange 2013 program. Besides SP1 new UM Language Packs have been released as well. For more detailed information please check the SP1 release notes. At the same time Microsoft has released Update Rollup 5 for Exchange 2010 SP3 and Update Rollup 13 for Exchange 2007 SP3.
Looking at the Cumulative Updates with Exchange 2013, SP1 is identical to CU4. One reason for releasing a Service Packs is the support lifecycle. Major releases and Service Packs of a Microsoft product are included in the support lifecycle, Cumulative Updates are not.
During TechEd 2010 in Berlin Ross Smith IV from Microsoft suddenly announced that Microsoft recommends using a hardware load balancer for Exchange Server 2010 instead of using Windows Network Load Balancing. You can check the presentation online on Channel9: http://channel9.msdn.com/Events/TechEd/Europe/2010/UNC311.
NLB has some known issues when it comes to Exchange Server 2010 like scalability issues, lack of service awareness, a full reconnect of all clients when adding or removing a new NLB member and only the option of Source IP for persistence.
When you’re using a (hardware) load balancer in combination with Exchange Server 2010 you might want to offload SSL from the Exchange servers to the load balancers. This way you get more options available for persistence in the load balancer.
Enabling SSL offloading in Exchange 2010 is not that difficult but it consists of several steps which can be prone to error if you have to configure this on multiple servers (which is most likely the case of course with a load balancer).