Update 2017/06/07 – Updated the screenshots with the new Kemp LoadMaster UI.
In a recent Lync deployment, we were installing a new Kemp Technologies LoadMaster and a new license type was shown:
This is great news since we can use it for test/lab environments without having the previous 30 days limitation. Also, in the End User Licence Agreement terms, the 18-i) states that we can deploy it in a production environment if we don’t get direct revenue from it:
18. ONLY APPLICABLE TO FREE LOADMASTER – The Free LoadMaster is a derivative of the LoadMaster product line with unique end user requirements.
i) The Free LoadMaster may be deployed in a production environment exclusively under the condition that no direct revenue is derived from its use.
ii) The Free LoadMaster will only continue to operate when able to Call Home to an internet-located KEMP server to provide non-personally identifiable data about the appliance configuration including usage statistics, enabled features and general configuration. KEMP expressly disclaims any liability for non-performance in the event that Call Home communication is disrupted. For more information on Call Home visit www.kemptechnologies.com/callhome
Although it’s free, there’s no such thing as a free lunch, and in this case to get a full core feature LoadMaster we must agree and enable the CallHome feature.
The CallHome requires internet access and it will send statistics and config information back to Kemp Technologies. In spite of that, it won’t send any personal or network traffic information.
Here is a summarized list of the limitations that we consider relevant:
- No Commercial use – It makes sense; if we want to use it for commercial purposes it’s only fair to buy a license;
- CallHome – A really “small price” for the features we get in return;
- 20Mbps throughput – It’s a good limit; if we need more we can upgrade it, for instance, to a Virtual LoadMaster VLM-200. This one allows up to 200 Mbps throughput;
- No in-place Upgrade – We can export the configuration and import it in an updated version;
- No High Availability – Lync deployments without any HA requirements; this would be more than enough.
For a complete list, please check the following links:
Free LoadMaster – About
Free LoadMaster – Key Load Balancer Features and Frequently Asked Questions
It’s also good to know that LoadMaster is qualified for Lync Server 2013:
October 13th, 2014 – KEMP LoadMaster Is Now Fully Validated for Microsoft Lync 2013
Infrastructure qualified for Microsoft Lync – Load Balancers
So let’s configure LoadMaster.
Step 1 – Download and Install
To download it, we need to create a Kemp ID (or use an existing one).
Download the Free LoadMaster
Then select the platform, read the End User Licence Agreement terms and check the box if we agree with the terms:
After downloading, we can configure a new virtual machine (2x Virtual processors and 2GB RAM) and attach the VHD:
Note: The first network adapter will be the eth0 for LoadMaster. If we use a dual homed, this will be the interface with the default gateway.
Step 2 – LoadMaster Basic Configuration
When the LoadMaster boots, we will get the following screen:
The default login is:
We need to configure eth0 IP address – in our Lab it’s 172.20.0.2/24:
Then, the default gateway configuration:
Finally, the DNS server. Please use a valid DNS, since the CallHome feature will require DNS:
Now we can use the web interface to continue with the deployment. Simply click Yes:
Step 3 – Free LoadMaster Activation
Open the web browser and access https://172.20.0.2 (replace this with the IP address that was configured on LoadMaster eth0 network interface).
In the first page, we will need to sign in with the KEMP ID:
Now we select Free LoadMaster:
We also need to allow the Call Home:
And after a successful activation:
Now we need to change the password:
The next steps are also described in the Deployment Guides provided by Kemp Technologies:
Microsoft Lync 2010 – Deployment Guide
Microsoft Lync 2013 – Deployment Guide
Microsoft Skype For Business – Deployment Guide
Step 4 – Configuring the remaining settings
Internal Network eth1
To configure eth1, we need to access System Configuration > Interfaces > eth1:
In our Lab, the IP address is 172.20.13.126/25. After that, click Set Address:
Now we need to connect to the internal IP and then go to System Configuration > Miscellaneous Options > Network Options:
There are some differences in the deployment guide, but the following settings are valid for most of the environments:
Subnet Originating Requests is really important when using dual homed configuration and the subnets aren’t routable between each other.
Additionally, we could enable Enable Non-Local Real Servers option. This will allow to add Real Servers that don’t belong to any of the subnets present in the LoadMaster network interfaces.
We also need to change the L7 Configuration (System Configuration > Miscellaneous Options > L7 Configuration):
Step 5 – Adding Lync/SfB Template
Kemp Technology also provides a complete set of templates. In this particular case, we are going to use the Lync/SfB Template because it will simplify the deployment. We can download the template here:
LoadMaster Load Balancer Documentation
To import a template, select Virtual Services > Manage Templates:
Then, select the downloaded file from Kemp Technologies website and use the Add New Template button:
In this example, even though 12 templates were loaded for Reverse Proxy and HTTP/HTTPS Load Balancer, we will need only Lync/SfB Reverse Proxy and Lync/SfB Internal DNS:
Step 6 – Adding the Virtual Services
To add a Virtual Service, go to Virtual Services > Add New:
For the Reverse Proxy, we will use the external IP address 172.20.0.20 and select the Lync/SfB Reverse Proxy template:
And for the internal load balancing, 172.20.13.20 and this time Lync/SfB Internal DNS template:
After adding both Lync/SfB Templates, we will have 4 Virtual Services:
The first two services are related to the Reverse Proxy and the other two to the internal Load Balancing.
Step 7 – Configuring Virtual Services
#1 Reverse Proxy HTTP
Modify the first Virtual Service and then expand the Real Servers:
The port 5061 is used for checking if the Real Servers are running, because if the Lync/SfB Front End Service is down, it doesn’t make sense to forward any request to it.
Click Add New… and then add the Front End servers, changing the port to 8080:
After adding all servers, they will be listed in the Virtual Service settings:
#2 Reverse Proxy HTTPS
Select the second Virtual Service, add new Real Servers and don’t forget to change the port to 4443:
#3 Internal LB HTTP
In the third Virtual Service make sure that 8080 is configured as additional port:
Now, as before, add the Real Servers but with the port 80, used for the internal load balancing:
#4 Internal LB HTTPS
In this Virtual Service, the certificate will be on the Real Servers and not on the LoadMaster:
Please make sure that an additional port (4443) is configured:
Add the Real Servers and use the port 443:
Step 8 – Adding Certificates
In order to manage certificates, we need to access Certificates & Security > SSL Certificates:
Then click Import Certificate:
Select the proper certificate, type the password and friendly name (without spaces or special characters):
After adding the certificate, select the Virtual Service and assign it with the >:
To submit, use the Save Changes and the certificate will be assigned:
Also, we need to make sure to install all Intermediate CA certificates – otherwise we will get this message:
To install an Intermediate CA certificate, go to Certificates > Intermediate Certs:
Select the Intermediate CA certificate file and a friendly name:
All certificates will be listed:
Now the certificate chain will be displayed correctly:
After all these steps, we should get this in the Virtual Service:
Using LoadMaster – or other Load Balancer as Reverse Proxy – is a good TMG/ARR alternative, especially because we need less resources to achieve the same. The LoadMaster disk, for instance, is configured to 16GB max.
In this case, we use the same LoadMaster for Reverse Proxy and the internal load balancing. However, since Kemp Technologies doesn’t limit the number of Free LoadMaster that we can activate, we can use 2 LoadMaster and split the roles.