5

The tl;dr problem

The CAS server occasionally gets one or two NAT'ed IP addresses that have several hundred users behind it. That is bad for scalability.

The tl;dr solution

Have the NAT'ed outlook clients connect to more than one DNS name/IP destination. Use this in the load balancer, and the NAT issue is reduced.

More information

A majority of our Exchange customers use RPC/HTTPS and Outlook Anywhere. Many of our clients are grouped in the hundreds behind a single NAT address.

This results in the load balancer sending large NAT'ed user populations to the same CAS server. The CAS server then reaches 100% CPU and is unable to service end users.

My solution

Since there is no way to append cookie load balancing to Outlook Anywhere in a NetScaler, I think it might be good to add more DNS names. I'll explain.

In a given DAG I'm using these DNS names:

  • NYCAS01.company.com
  • Autodiscover.company.com
  • Email.company.com

What if I was able to change it so that I use more DNS names for the bulk of the traffic:

  • NYExGroup1.company.com NYExGroup2.company.com NYExGroup2.company.com
  • Autodiscover.company.com
  • Email.company.com

I would accomplish this by setting the RPC server property on each one of my Exchange databases to that of "NyExGroupX.company.com", and set a corresponding external IP. Of course this means I need to also update my external certificate.

I'm pretty sure this configuration would guarantee that a NAT source such as "SomeLargeCompany" will connect to more than one “group” DNS name. That means the load balancer will be able to use multiple target IPs and distribute traffic more evenly.

Question

  1. Can a CAS server be a member of more than one array?

  2. Can I configure a CAS array with more than one IP?

  3. Is this the right way to deal with this problem?

makerofthings7
  • 8,821
  • 28
  • 115
  • 196
  • have you looked at round robin DNS? – gravyface Jul 25 '12 at 23:46
  • I need to maintain state at the NLB level, so stateless round robin DNS won't work. @gravyface – makerofthings7 Jul 25 '12 at 23:49
  • A cas array have one or usually more then one cas servers as its members ... A cas array is created per active directory site ... So setup another cas server .. join it to your cas array..give your cas array a local DNS name and point it to your virtual ip. Out a hardware load balancer ..so your clients would hit the VIP of your cas array and load balancer will balance traffic on the members – Mutahir Nov 05 '12 at 00:05

1 Answers1

0

1.Can a CAS server be a member of more than one array? You can't create more than one CAS array per AD site.

2.Can I configure a CAS array with more than one IP? The question is wrong. CAS arrays have a FQDN. The FQDN 'could' have more than one IP, but this gets into round-robin.

3.Is this the right way to deal with this problem? I would say no. The best way if to get it to distribute them across the servers using the load balancer. e.g. do not set sticky by sessoin IP. You probably want to try something like Sessoin Cookie or HTTP cookie.

Unconn
  • 111
  • 3