An extra added cost to Exchange 2010 deployments is often a hardware load balancer, or even virtual load balancer appliances. These start at over £1000 for some of the cheaper ones and can cost tens of thousands, however there’s open source software out there that can do the same thing, just as well.
HAProxy is a widely used, reliable and stable Load Balancer for Linux and a few weeks ago I began looking at it as an alternative for Exchange 2010 load balancing and whilst having a look to see if anyone had done it before, I found a good article here. The one problem for many Exchange administrators is that they don’t have time to learn about Linux just to try it out, so I began to think that it would be great if someone made a virtual appliance (just like many of the HLB vendors sell) with an easy to use management interface aimed squarely at Exchange 2010 environments.
The Exchange 2010 HAProxy VLB Appliance is a free Layer 4 based virtual load balancer that runs in VMware or Hyper-V environments. It doesn’t require Linux knowledge to get up and running and is managed using a simple, easy to use, web-based management interface (screenshots below). For the initial release it’s not aimed at your production environment yet but as more people test it out and help refine it, future versions will be (and will be free, naturally).
Prerequisites
Before you start, you need to have an understanding of how the load balancer fits in your environment. Typically clients will connect to it for web services, like OWA, and also through Outlook via MAPI, using a Client Access Array as illustrated by this simplified diagram:
In addition to planning your environment, you’ll also need some other information for the load balancer setup:
- IP address for management
- IP address for the virtual load balancer interface, in the same subnet
- DNS and NTP server addresses
- Client Access Server IP addresses
- Network Access from the virtual load balancer interface to the following TCP ports on the Client Access Servers:
- 80 and 443 for HTTP/HTTPS
- 135,139,6001-6004,60000 and 60001 for RPC Client Access
Note that if you’re testing this in a perimeter network, you only need ports 80 and 443 open for external access to Exchange servers.
Installation
The process for installation is fairly straightforward:
- Download and import the appliance
- Boot it up and set the management IP address via the console
- Visit the web-based management interface and set a password, load balanced virtual IP address, set a few details like time zone and DNS server and finally add your first client access server.
- Log in and add your other client access servers and follow instructions within the management interface as to how to set up static RPC TCP/IP ports on your client access servers.
The following videos show the installation and initial setup procedure both for VMware and Hyper-V environments:
Management
The management interface is intended to be fairly simple. After initial setup and login, you should (after the settings have taken effect) basic statistics for the underlying HAProxy load balancer, showing the number of sessions and state of the Client Access Servers:
The initial version uses Layer 4 load balancing, and uses the client source IP address for client affinity and doesn’t have intelligent application-level monitoring and SSL offload (yet). Therefore you just need to correctly configure static RPC ports (RPC Client Access, port 60000 and Address Book Service, port 60001) on the client access servers and add the IP addresses of each client access server to load balance:
On the remaining tabs, you have access to change the management and load balancer IP addressing, set the time zone and NTP servers, update the management interface password and check the logs for the management interface and underlying software that propagates changes made through the UI:
Should you wish, you can also log in at the console using the root password credentials you’ll set on initial startup. From here, it’s a standard minimal Ubuntu installation though any changes to settings that are usually managed through the UI will be overwritten the next time they are changed through the UI:
To actually send traffic to the load balancer, you need to consider the configuration of your environment and have setup your Client Access Array then the associated DNS names for web and RPC Client Access.
Download
Version 0.1 (initial release) is available for download here:
VMware vSphere Compatible OVF file, zipped (md5sum: b60388c5aa1012abe71f5864e79a6828)
VMware vSphere 5.1 Compatible OVF 3.1 file, zipped (md5sum: 7643cee75ae87fa0ca281bafc281abad)
Hyper-V compatible VHD, zipped (md5sum a9ae7f9b498f96a4d6d1bb58c4c542ee)
To check md5sum values, use Microsoft File Checksum Integrity Verifier
Notes
This is the first version, so just to repeat it’s only aimed at use in your lab environment.
It’s intended that with subsequent versions it will be production ready, as this is totally aimed at being an easy to use free alternative to paid-for hardware and virtual load balancers for Exchange 2010. It needs a few extra features but most importantly it needs your feedback and testing in the wild to ensure the management interface is good enough, and to get some ideas back from the field on what sort of load it can handle in it’s current form.
One thing I can’t guarantee is support for this – comments and reports of bugs are always appreciated, but the downside of free is it doesn’t come with a support contract. However the intention is to keep developing this and add other features to the so it can compete with the expensive equivalents.
Issues
Currently, the downloadable registry file for setup of static RPC ports does not work as expected. I recommend using Bhargav Shukla’s script for configuring static ports available here:
Pingback: Impressions: Book: “iPhone with Microsoft Exchange Server 2010: Business Integration and Deployment”
Saw comments requesting HAProxy for Exchange 2013. While not a user-friendly appliance, here is how you can build your own HA pair of L7 load balancer with HAProxy:
http://ezoltan.blogspot.com.au/2014/10/highly-available-l7-load-balancing-for_24.html
“The one problem for many Exchange administrators is that they don’t have time to learn about Linux”
But they will have to learn how to maintain it – at least to understand how to patch the vulnerabilities on the platform (OS + Product).
“Cool it free” … but the next question is “do/will we have the resource to take care of it”.
On the other way the appliance are outrageously expensive but the manufacturer is taking care of the regular updates.
hey can u update down link for vmware? thanks
Hi,
Download links still broken!
Any way to download vMware OVF File?
Thanks
Pingback: A free Exchange load balancer | IT PRO Demos
Hello, any change of a new download link. They seem broken. Or release the HAProxy config file.
i was able to pull it from the wayback machine if anyone is interested: https://archive.org/web/
Thanks A LOT, Chris
how many of you have really download the either of VM ? links are not working for me
Looks like people have been asking for a couple months for the links to be fixed. May have to look at another product if they don’t maintain their page.
Is it possible to get the working download link? Please.
links are broken please fix or email me new links. i tried looking up the zip file names on google to no avail. Or if anyone else has them an could post a link to them that would be great. I’m trying to create a generic GUI for hap cuz most of my staff here is allergic to linux. i will post my creation if i’m successful.
I am trying this with default haproxy but it is not stabel
i am looking for the download of the version here
looks its down
Please send me the VMWare version
Kind regards
Eric
Is it possible to get the download link?
Is it posible to update to ubuntu 14? Because of the bash shell security leak.
Please, i need references on the ZEN Load Balacer.
My question is regarding article http://searchexchange.techtarget.com/tip/Set-up-reliable-Exchange-2013-load-balancing-with-open-source-tools
I am going to just include what another user asked because I am having the same exact problem
MattP75 — 26 Jun 2014 8:21 AM
Excellent article Steve. Just wanted to a line in the haproxy.cfg file “option httpchk /owa/healthcheck.htm”. When I include this in my config the stats page of HAProxy shows the CAS servers as “down” yet the health check url is resolvable from any server. Is there anything behind the scenes I’m missing – something to do with SSL or certificates that is stopping the loadbalancer accessing the page?
Could the article please be amended to include instructions regarding this?
I am not sure what version you are using, but I am on 1.5 and the following works for me.
option httpchk GET /owa/healthcheck.htm HTTP/1.0
http-check expect string CONTOSO.COM
http-check disable-on-404
Replace CONTOSO.COM with whatever string you want to check for.
What is the initial password to this vm?
setup
Hi,
Hyper-v image doesn’t boot up on Windows 2012 R2 Hyper-v server, is there updated version for 2012?
Having some issues with setting this up on Hyper-v running on Windows 8.1. The VM has a kernel panic if the standard network adapter is used. If the legacy network adapter is used, the VM starts up and the IP can be set. After reboot it works for about one minute after start up the network drops off. At every reboot it works for a minute after start up and then drops.
Something is loaded that interferes but not knowing enough about Ubuntu I can’t figure out what. Any ideas or suggestions are welcome. Thanks /M
Got it working in the end by setting the standard adapter to “not connected” whilst booting the first time, then enabling and setting the IP. Then setting it to “not connected” and rebooting the VM. Then again, when VM is up. changing adapter to connected and running ifup.
Strike that – OA is toast
What’s up? OA should work
Steve,
Sweet package. You should develop it. IT works for me and I’m going live with it. I’m sitting it betweeen my CAS servers and some Apache reverse proxies and it resolves all of the RPC OA/EAS problems in a heartbeat. [geddit?]
Hi Steve can you by any chance include smtp as my CAS Array is internet facing? Or do you have a recommendation?
Thanks
Pingback: HAProxy for Exchange 2013 – How to roll your own protocol-aware load balancer | Steve Goodman's Exchange Blog
vm in hyper-v problem
Hi Steve,
Would this work with Exchange 2013? I am going to be installing 2 multi-role Exchange 2013 servers using DAG and there is no money for a load balancer.
Thank you,
Kevin
haproxy is a front end for the world’s most active webservers… and highly respected as a swiss army knife kind of software… it is in our benefit to learn how to use it….
Hello,
Seems like a great product. I am having a few problems. I have set the IP via the console. I am able to ping the HA proxy server but i am unable to access it via the web interface!!! any idea of what i am doing wrong
I have the same problem. When the haproxy service tries to start, it says “Starting proxy Exchange2010: cannot bind socket”. I can ping the vm just fine. Tried re-deploying the OVF template and starting from scratch and get the same result. Running VMware ESXi 5.5 using the 5.1 compatible OVF.
Nevermind, when I ran through the initial setup the first time, I didn’t notice the message about going to “http://manageip:8080” to finish after the reboot. Working now.
Hi,
Thank you for this article, I’m investigating HAproxy too at the moment and it looks very stable and widely used indeed.
I also have seen that Zen Loadbalancers looks promising but I’m not sure if it’s better than HAproxy, here is it’s link: http://www.zenloadbalancer.org
I like a lot of features like you can set the pages you want to show when something isn’t avalable, and all other settings are very detailed too.
I’m also figuring out if it’s ideal to use HAproxy in Pfsense as this are my routers and the package is available in it.
Hope to see some more posts here.
Matt
Hi Steve,
Do you have an update for the latest HAProxy?
Thank You