Deploying Kemp Technologies Free LoadMaster as Lab Load Balancer/Reverse Proxy

Update 2017/06/07 – Updated the screenshots with the new Kemp LoadMaster UI.

In a recent Lync deployment, we were installing a new Kemp Technologies LoadMaster and a new license type was shown:

This is great news since we can use it for test/lab environments without having the previous 30 days limitation. Also, in the End User Licence Agreement terms, the 18-i) states that we can deploy it in a production environment if we don’t get direct revenue from it:

18. ONLY APPLICABLE TO FREE LOADMASTER – The Free LoadMaster is a derivative of the LoadMaster product line with unique end user requirements.

i) The Free LoadMaster may be deployed in a production environment exclusively under the condition that no direct revenue is derived from its use.

ii) The Free LoadMaster will only continue to operate when able to Call Home to an internet-located KEMP server to provide non-personally identifiable data about the appliance configuration including usage statistics, enabled features and general configuration. KEMP expressly disclaims any liability for non-performance in the event that Call Home communication is disrupted. For more information on Call Home visit www.kemptechnologies.com/callhome

Although it’s free, there’s no such thing as a free lunch, and in this case to get a full core feature LoadMaster we must agree and enable the CallHome feature.

The CallHome requires internet access and it will send statistics and config information back to Kemp Technologies. In spite of that, it won’t send any personal or network traffic information.

Here is a summarized list of the limitations that we consider relevant:

  1. No Commercial use – It makes sense; if we want to use it for commercial purposes it’s only fair to buy a license;
  2. CallHome – A really “small price” for the features we get in return;
  3. 20Mbps throughput – It’s a good limit; if we need more we can upgrade it, for instance, to a Virtual LoadMaster VLM-200. This one allows up to 200 Mbps throughput;
  4. No in-place Upgrade – We can export the configuration and import it in an updated version;
  5. No High Availability – Lync deployments without any HA requirements; this would be more than enough.

For a complete list, please check the following links:

Free LoadMaster – About
http://freeloadbalancer.com/#about

Free LoadMaster – Key Load Balancer Features and Frequently Asked Questions
http://freeloadbalancer.com/features/

It’s also good to know that LoadMaster is qualified for Lync Server 2013:

October 13th, 2014 – KEMP LoadMaster Is Now Fully Validated for Microsoft Lync 2013
http://kemptechnologies.com/news/kemp-loadmaster-now-fully-validated-microsoft-lync-2013/

Infrastructure qualified for Microsoft Lync – Load Balancers
https://technet.microsoft.com/en-us/office/dn788945.aspx

So let’s configure LoadMaster.

Step 1 – Download and Install

To download it, we need to create a Kemp ID (or use an existing one).

Download the Free LoadMaster
http://freeloadbalancer.com/download/

Then select the platform, read the End User Licence Agreement terms and check the box if we agree with the terms:

After downloading, we can configure a new virtual machine (2x Virtual processors and 2GB RAM) and attach the VHD:

freekemploadmaster04

Note: The first network adapter will be the eth0 for LoadMaster. If we use a dual homed, this will be the interface with the default gateway.

Step 2 – LoadMaster Basic Configuration

When the LoadMaster boots, we will get the following screen:

freekemploadmaster05

The default login is:

Username: bal
Password: 1fourall

We need to configure eth0 IP address – in our Lab it’s 172.20.0.2/24:

freekemploadmaster06

Then, the default gateway configuration:

freekemploadmaster07

Finally, the DNS server. Please use a valid DNS, since the CallHome feature will require DNS:

freekemploadmaster08

Now we can use the web interface to continue with the deployment. Simply click Yes:

freekemploadmaster09

Step 3 – Free LoadMaster Activation

Open the web browser and access https://172.20.0.2 (replace this with the IP address that was configured on LoadMaster eth0 network interface).

In the first page, we will need to sign in with the KEMP ID:

Now we select Free LoadMaster:

We also need to allow the Call Home:

And after a successful activation:

Now we need to change the password:

The next steps are also described in the Deployment Guides provided by Kemp Technologies:

Microsoft Lync 2010 – Deployment Guide
https://support.kemptechnologies.com/hc/en-us/articles/203123439-Microsoft-Lync-2010

Microsoft Lync 2013 – Deployment Guide
https://support.kemptechnologies.com/hc/en-us/articles/203123449-Microsoft-Lync-2013

Microsoft Skype For Business – Deployment Guide
https://support.kemptechnologies.com/hc/en-us/articles/206151706-Microsoft-Skype-for-Business

Step 4 – Configuring the remaining settings

Internal Network eth1

To configure eth1, we need to access System Configuration > Interfaces > eth1:

In our Lab, the IP address is 172.20.13.126/25. After that, click Set Address:

 

Now we need to connect to the internal IP and then go to System Configuration > Miscellaneous Options > Network Options:

There are some differences in the deployment guide, but the following settings are valid for most of the environments:

Subnet Originating Requests is really important when using dual homed configuration and the subnets aren’t routable between each other.
Additionally, we could enable Enable Non-Local Real Servers option. This will allow to add Real Servers that don’t belong to any of the subnets present in the LoadMaster network interfaces.

We also need to change the L7 Configuration (System Configuration > Miscellaneous Options > L7 Configuration):

Step 5 – Adding Lync/SfB Template

Kemp Technology also provides a complete set of templates. In this particular case, we are going to use the Lync/SfB Template because it will simplify the deployment. We can download the template here:

LoadMaster Load Balancer Documentation
http://kemptechnologies.com/uk/loadMaster-documentation/

To import a template, select Virtual Services > Manage Templates:

Then, select the downloaded file from Kemp Technologies website and use the Add New Template button:

In this example, even though 12 templates were loaded for Reverse Proxy and HTTP/HTTPS Load Balancer, we will need only Lync/SfB Reverse Proxy and Lync/SfB Internal DNS:

Step 6 – Adding the Virtual Services

To add a Virtual Service, go to Virtual Services > Add New:

For the Reverse Proxy, we will use the external IP address 172.20.0.20 and select the Lync/SfB Reverse Proxy template:

And for the internal load balancing, 172.20.13.20 and this time Lync/SfB Internal DNS template:

After adding both Lync/SfB Templates, we will have 4 Virtual Services:

The first two services are related to the Reverse Proxy and the other two to the internal Load Balancing.

Step 7 – Configuring Virtual Services

#1 Reverse Proxy HTTP

Modify the first Virtual Service and then expand the Real Servers:

The port 5061 is used for checking if the Real Servers are running, because if the Lync/SfB Front End Service is down, it doesn’t make sense to forward any request to it.

Click Add New… and then add the Front End servers, changing the port to 8080:

After adding all servers, they will be listed in the Virtual Service settings:

#2 Reverse Proxy HTTPS

Select the second Virtual Service, add new Real Servers and don’t forget to change the port to 4443:

#3 Internal LB HTTP

In the third Virtual Service make sure that 8080 is configured as additional port:

Now, as before, add the Real Servers but with the port 80, used for the internal load balancing:

#4 Internal LB HTTPS

In this Virtual Service, the certificate will be on the Real Servers and not on the LoadMaster:

Please make sure that an additional port (4443) is configured:

Add the Real Servers and use the port 443:

Step 8 – Adding Certificates

In order to manage certificates, we need to access Certificates & Security > SSL Certificates:

Then click Import Certificate:

Select the proper certificate, type the password and friendly name (without spaces or special characters):

After adding the certificate, select the Virtual Service and assign it with the >:

To submit, use the Save Changes and the certificate will be assigned:

Also, we need to make sure to install all Intermediate CA certificates – otherwise we will get this message:

freekemploadmaster47

To install a Intermediate CA certificate, go to Certificates > Intermediate Certs:

Select the Intermediate CA certificate file and a friendly name:

All certificates will be listed:

Now the certificate chain will be displayed correctly:

freekemploadmaster51

Final notes

After all these steps, we should get this in the Virtual Service:

Using LoadMaster – or other Load Balancer as Reverse Proxy – is a good TMG/ARR alternative, especially because we need less resources to achieve the same. The LoadMaster disk, for instance, is configured to 16GB max.

In this case, we use the same LoadMaster for Reverse Proxy and the internal load balancing. However, since Kemp Technologies doesn’t limit the number of Free LoadMaster that we can activate, we can use 2 LoadMaster and split the roles.