In a recent Lync deployment, we were installing a new Kemp Technologies LoadMaster and a new license type was shown:
This is great news since we can use it for test/lab environments without having the previous 30 days limitation. Also, in the End User Licence Agreement terms, the 18-i) states that we can deploy it in a production environment if we don’t get direct revenue from it:
18. ONLY APPLICABLE TO FREE LOADMASTER – The Free LoadMaster is a derivative of the LoadMaster product line with unique end user requirements.
i) The Free LoadMaster may be deployed in a production environment exclusively under the condition that no direct revenue is derived from its use.
ii) The Free LoadMaster will only continue to operate when able to Call Home to an internet-located KEMP server to provide non-personally identifiable data about the appliance configuration including usage statistics, enabled features and general configuration. KEMP expressly disclaims any liability for non-performance in the event that Call Home communication is disrupted. For more information on Call Home visit www.kemptechnologies.com/callhome
Although it’s free, there’s no such thing as a free lunch, and in this case to get a full core feature LoadMaster we must agree and enable the CallHome feature.
The CallHome requires internet access and it will send statistics and config information back to Kemp Technologies. In spite of that, it won’t send any personal or network traffic information.
Here is a summarized list of the limitations that we consider relevant:
- No Commercial use – It makes sense; if we want to use it for commercial purposes it’s only fair to buy a license;
- CallHome – A really “small price” for the features we get in return;
- 20Mbps throughput – It’s a good limit; if we need more we can upgrade it, for instance, to a Virtual LoadMaster VLM-200. This one allows up to 200 Mbps throughput;
- No in-place Upgrade – We can export the configuration and import it in an updated version;
- No High Availability – Lync deployments without any HA requirements; this would be more than enough.
For a complete list, please check the following links:
Free LoadMaster – About
Free LoadMaster – Key Load Balancer Features and Frequently Asked Questions
It’s also good to know that LoadMaster is qualified for Lync Server 2013:
October 13th, 2014 – KEMP LoadMaster Is Now Fully Validated for Microsoft Lync 2013
Infrastructure qualified for Microsoft Lync – Load Balancers
So let’s configure LoadMaster.
Step 1 – Download and Install
To download it, we need to create a Kemp ID (or use an existing one).
Download the Free LoadMaster
Then select the hypervisor, read the End User Licence Agreement terms and check the box if we agree with the terms:
After downloading, import the Virtual Machine. Alternatively, we can configure a new one (2x Virtual processors and 2GB RAM) and attach the VHD:
Note: The first network adapter will be the eth0 for LoadMaster. If we use a dual homed, this will be the interface with the default gateway.
Step 2 – LoadMaster Basic Configuration
When the LoadMaster boots, we will get the following screen:
The default login is:
We need to configure eth0 IP address – in our Lab it’s 172.20.0.2/24:
Then, the default gateway configuration:
Finally, the DNS server. Please use a valid DNS, since the CallHome feature will require DNS:
Now we can use the web interface to continue with the deployment. Simply click Yes:
Step 3 – Free LoadMaster Activation
Open the web browser and access https://172.20.0.2 (replace this with the IP address that was configured on LoadMaster eth0 network interface).
In the first page, we can choose which licence we want to use. In this case, we select Free LoadMaster:
If we try to activate Free LoadMaster without Internet access, we will get the following message:
On the other hand, if the LoadMaster has Internet access, it will ask to enter a valid Kemp ID:
And after a successful activation:
Now we need to change the password:
The next steps are also described in the MS Lync 2013 – Deployment Guide provided by Kemp Technologies:
MS Lync 2013 – Deployment Guide
Step 4 – Configuring the remaining settings
Internal Network eth1
To configure eth1, we need to access System Configuration > Interfaces > eth1:
In our Lab, the IP address is 172.20.13.126/25. After that, click Set Address:
As a good practice, let’s disable the remote access from the external interface and only enable it on the internal interface. Next, access System Configuration > Miscellaneous Options > Remote Access:
Then change the Allow Web Administrative Access to the eth1:
A warning message will be displayed because after this change we will need to use the internal network interface IP in order to access the web interface:
Now we need to connect to the internal IP and then go to System Configuration > Miscellaneous Options > Network Options:
There are some differences in the deployment guide, but the following settings are valid for most of the environments:
Subnet Originating Requests is really important when using dual homed configuration and the subnets aren’t routable between each other.
Additionally, we could enable Enable Non-Local Real Servers option. This will allow to add Real Servers that don’t belong to any of the subnets present in the LoadMaster network interfaces.
We also need to change the L7 Configuration (System Configuration > Miscellaneous Options > L7 Configuration):
Step 5 – Adding Lync 2013 Template
Kemp Technology also provides a complete set of templates. In this particular case, we are going to use the Lync Template because it will simplify the deployment. We can download the template here:
LoadMaster Load Balancer Documentation
To import a template, select Virtual Services > Manage Templates:
Then, select the downloaded file from Kemp Technologies website and use the Add New Template button:
In this example, even though 11 templates were loaded for Reverse Proxy and HTTP/HTTPS Load Balancer, we will need only Lync Reverse Proxy 2013 and Lync Internal 2013 DNS:
Step 6 – Adding the Virtual Services
To add a Virtual Service, go to Virtual Services > Add New:
For the Reverse Proxy, we will use the external IP address 172.20.0.2 and select the Lync Reverse Proxy 2013 template:
And for the internal load balancing, 172.20.13.125 and this time Lync Internal 2013 DNS template:
After adding both Lync Templates, we will have 4 Virtual Services:
The first two services are related to the Reverse Proxy and the other two to the internal Load Balancing.
Step 7 – Configuring Virtual Services
#1 Reverse Proxy HTTP
Modify the first Virtual Service and then expand the Real Servers:
The port 5061 is used for checking if the Real Servers are running, because if the Lync Front End Service is down, it doesn’t make sense to forward any request to it.
Click Add New… and then add the Front End servers, changing the port to 8080:
After adding all servers, they will be listed in the Virtual Service settings:
#2 Reverse Proxy HTTPS
Select the second Virtual Service, add new Real Servers and don’t forget to change the port to 4443:
#3 Internal LB HTTP
The third Virtual Service is a little different, because an additional port is already added:
Now, as before, add the Real Servers but with the port 80, used for the internal load balancing:
#4 Internal LB HTTPS
In this Virtual Service, the certificate will be on the Real Servers and not on the LoadMaster:
Also, an additional port (4443) was configured:
Add the Real Servers and use the port 443:
Step 8 – Adding Certificates
In order to manage certificates, we need to access Certificates > SSL Certificates:
Then click Import Certificate:
Select the proper certificate, type the password and friendly name (without spaces or special characters):
After adding the certificate, select the Virtual Service and assign it with the >:
To submit, use the Save Changes and the certificate will be assigned:
Also, we need to make sure to install all Intermediate CA certificates – otherwise we will get this message:
To install a Intermediate CA certificate, go to Certificates > Intermediate Certs:
Select the Intermediate CA certificate file and a friendly name:
All certificates will be listed:
Now the certificate chain will be displayed correctly:
After all these steps, we should get this in the Virtual Service:
Using LoadMaster – or other Load Balancer as Reverse Proxy – is a good TMG/ARR alternative, especially because we need less resources to achieve the same. The LoadMaster disk, for instance, is configured to 16GB max.
In this case, we use the same LoadMaster for Reverse Proxy and the internal load balancing. However, since Kemp Technologies doesn’t limit the number of Free LoadMaster that we can activate, we can use 2 LoadMaster and split the roles.