Deploying Kemp Technologies Free LoadMaster as Lab Load Balancer/Reverse Proxy

In a recent Lync deployment, we were installing a new Kemp Technologies LoadMaster and a new license type was shown:

freekemploadmaster01

This is great news since we can use it for test/lab environments without having the previous 30 days limitation. Also, in the End User Licence Agreement terms, the 18-i) states that we can deploy it in a production environment if we don’t get direct revenue from it:

18. ONLY APPLICABLE TO FREE LOADMASTER – The Free LoadMaster is a derivative of the LoadMaster product line with unique end user requirements.

i) The Free LoadMaster may be deployed in a production environment exclusively under the condition that no direct revenue is derived from its use.

ii) The Free LoadMaster will only continue to operate when able to Call Home to an internet-located KEMP server to provide non-personally identifiable data about the appliance configuration including usage statistics, enabled features and general configuration. KEMP expressly disclaims any liability for non-performance in the event that Call Home communication is disrupted. For more information on Call Home visit www.kemptechnologies.com/callhome

Although it’s free, there’s no such thing as a free lunch, and in this case to get a full core feature LoadMaster we must agree and enable the CallHome feature.

The CallHome requires internet access and it will send statistics and config information back to Kemp Technologies. In spite of that, it won’t send any personal or network traffic information.

freekemploadmaster02

Here is a summarized list of the limitations that we consider relevant:

  1. No Commercial use – It makes sense; if we want to use it for commercial purposes it’s only fair to buy a license;
  2. CallHome – A really “small price” for the features we get in return;
  3. 20Mbps throughput – It’s a good limit; if we need more we can upgrade it, for instance, to a Virtual LoadMaster VLM-200. This one allows up to 200 Mbps throughput;
  4. No in-place Upgrade – We can export the configuration and import it in an updated version;
  5. No High Availability – Lync deployments without any HA requirements; this would be more than enough.

For a complete list, please check the following links:

Free LoadMaster – About
http://freeloadbalancer.com/#about

Free LoadMaster – Key Load Balancer Features and Frequently Asked Questions
http://freeloadbalancer.com/features/

It’s also good to know that LoadMaster is qualified for Lync Server 2013:

October 13th, 2014 – KEMP LoadMaster Is Now Fully Validated for Microsoft Lync 2013
http://kemptechnologies.com/news/kemp-loadmaster-now-fully-validated-microsoft-lync-2013/

Infrastructure qualified for Microsoft Lync – Load Balancers
https://technet.microsoft.com/en-us/office/dn788945.aspx

So let’s configure LoadMaster.

Step 1 – Download and Install

To download it, we need to create a Kemp ID (or use an existing one).

Download the Free LoadMaster
http://freeloadbalancer.com/download/

Then select the hypervisor, read the End User Licence Agreement terms and check the box if we agree with the terms:

freekemploadmaster03

After downloading, import the Virtual Machine. Alternatively, we can configure a new one (2x Virtual processors and 2GB RAM) and attach the VHD:

freekemploadmaster04

Note: The first network adapter will be the eth0 for LoadMaster. If we use a dual homed, this will be the interface with the default gateway.

Step 2 – LoadMaster Basic Configuration

When the LoadMaster boots, we will get the following screen:

freekemploadmaster05

The default login is:

Username: bal
Password: 1fourall

We need to configure eth0 IP address – in our Lab it’s 172.20.0.2/24:

freekemploadmaster06

Then, the default gateway configuration:

freekemploadmaster07

Finally, the DNS server. Please use a valid DNS, since the CallHome feature will require DNS:

freekemploadmaster08

Now we can use the web interface to continue with the deployment. Simply click Yes:

freekemploadmaster09

Step 3 – Free LoadMaster Activation

Open the web browser and access https://172.20.0.2 (replace this with the IP address that was configured on LoadMaster eth0 network interface).

In the first page, we can choose which licence we want to use. In this case, we select Free LoadMaster:

freekemploadmaster10

If we try to activate Free LoadMaster without Internet access, we will get the following message:

freekemploadmaster11

On the other hand, if the LoadMaster has Internet access, it will ask to enter a valid Kemp ID:

 freekemploadmaster12

And after a successful activation:

freekemploadmaster13

Now we need to change the password:

 freekemploadmaster14

The next steps are also described in the MS Lync 2013 – Deployment Guide provided by Kemp Technologies:

MS Lync 2013 – Deployment Guide
https://support.kemptechnologies.com/hc/en-us/articles/203123449-Microsoft-Lync-2013

Step 4 – Configuring the remaining settings

Internal Network eth1

To configure eth1, we need to access System Configuration > Interfaces > eth1:

 freekemploadmaster15

In our Lab, the IP address is 172.20.13.126/25. After that, click Set Address:

freekemploadmaster16

As a good practice, let’s disable the remote access from the external interface and only enable it on the internal interface. Next, access System Configuration > Miscellaneous Options > Remote Access:

freekemploadmaster17

Then change the Allow Web Administrative Access to the eth1:

freekemploadmaster18

A warning message will be displayed because after this change we will need to use the internal network interface IP in order to access the web interface:

freekemploadmaster19

Now we need to connect to the internal IP and then go to System Configuration > Miscellaneous Options > Network Options:

freekemploadmaster20

There are some differences in the deployment guide, but the following settings are valid for most of the environments:

freekemploadmaster21

Subnet Originating Requests is really important when using dual homed configuration and the subnets aren’t routable between each other.
Additionally, we could enable Enable Non-Local Real Servers option. This will allow to add Real Servers that don’t belong to any of the subnets present in the LoadMaster network interfaces.

We also need to change the L7 Configuration (System Configuration > Miscellaneous Options > L7 Configuration):

freekemploadmaster22

Step 5 – Adding Lync 2013 Template

Kemp Technology also provides a complete set of templates. In this particular case, we are going to use the Lync Template because it will simplify the deployment. We can download the template here:

LoadMaster Load Balancer Documentation
http://kemptechnologies.com/uk/loadMaster-documentation/

To import a template, select Virtual Services > Manage Templates:

freekemploadmaster23

Then, select the downloaded file from Kemp Technologies website and use the Add New Template button:

freekemploadmaster24

In this example, even though 11 templates were loaded for Reverse Proxy and HTTP/HTTPS Load Balancer, we will need only Lync Reverse Proxy 2013 and Lync Internal 2013 DNS:

freekemploadmaster25

Step 6 – Adding the Virtual Services

To add a Virtual Service, go to Virtual Services > Add New:

freekemploadmaster26

For the Reverse Proxy, we will use the external IP address 172.20.0.2 and select the Lync Reverse Proxy 2013 template:

freekemploadmaster27

And for the internal load balancing, 172.20.13.125 and this time Lync Internal 2013 DNS template:

freekemploadmaster28

After adding both Lync Templates, we will have 4 Virtual Services:

freekemploadmaster29

The first two services are related to the Reverse Proxy and the other two to the internal Load Balancing.

Step 7 – Configuring Virtual Services

#1 Reverse Proxy HTTP

Modify the first Virtual Service and then expand the Real Servers:

freekemploadmaster30

The port 5061 is used for checking if the Real Servers are running, because if the Lync Front End Service is down, it doesn’t make sense to forward any request to it.

Click Add New… and then add the Front End servers, changing the port to 8080:

freekemploadmaster31

After adding all servers, they will be listed in the Virtual Service settings:

freekemploadmaster32

#2 Reverse Proxy HTTPS

Select the second Virtual Service, add new Real Servers and don’t forget to change the port to 4443:

freekemploadmaster33

freekemploadmaster34

#3 Internal LB HTTP

The third Virtual Service is a little different, because an additional port is already added:

freekemploadmaster35

Now, as before, add the Real Servers but with the port 80, used for the internal load balancing:

freekemploadmaster36

freekemploadmaster37

#4 Internal LB HTTPS

In this Virtual Service, the certificate will be on the Real Servers and not on the LoadMaster:

freekemploadmaster38

Also, an additional port (4443) was configured:

freekemploadmaster39

Add the Real Servers and use the port 443:

freekemploadmaster40

freekemploadmaster41

Step 8 – Adding Certificates

In order to manage certificates, we need to access Certificates > SSL Certificates:

freekemploadmaster42

Then click Import Certificate:

freekemploadmaster43

Select the proper certificate, type the password and friendly name (without spaces or special characters):

freekemploadmaster44

After adding the certificate, select the Virtual Service and assign it with the >:

freekemploadmaster45

To submit, use the Save Changes and the certificate will be assigned:

freekemploadmaster46

Also, we need to make sure to install all Intermediate CA certificates – otherwise we will get this message:

freekemploadmaster47

To install a Intermediate CA certificate, go to Certificates > Intermediate Certs:

freekemploadmaster48

Select the Intermediate CA certificate file and a friendly name:

freekemploadmaster49

All certificates will be listed:

freekemploadmaster50

Now the certificate chain will be displayed correctly:

freekemploadmaster51

Final notes

After all these steps, we should get this in the Virtual Service:

freekemploadmaster52

Using LoadMaster – or other Load Balancer as Reverse Proxy – is a good TMG/ARR alternative, especially because we need less resources to achieve the same. The LoadMaster disk, for instance, is configured to 16GB max.

In this case, we use the same LoadMaster for Reverse Proxy and the internal load balancing. However, since Kemp Technologies doesn’t limit the number of Free LoadMaster that we can activate, we can use 2 LoadMaster and split the roles.