In a previous post which you can view here:  https://devcentral.f5.com/weblogs/mquill/archive/2012/08/09/virtualize-absolutely-everything-deploying-f5-viprion-2400-with-flexpod-validated.aspx we provided some details on the integration between the networking components on a FlexPod with a Viprion. Although these posts cannot be termed a formal ‘Deployment Guide’ they should provide users with some idea as to how F5 can deploy with a FlexPod. In this post I would like to go over the configuration of vCMP, the setup of the two guests and review the setup of the Exchange Databases and CAS servers.  For those of you who are unfamiliar with FlexPod validated data center designs these are infrastructure packages comprised of NetApp controllers and storage, Cisco UCS, and Cisco Nexus switches.  These designs are pre-validated to support as well as tier I mission critical application deployments in a virtualized environment.

F5 BIG-IP extend and enhance the value of a FlexPod design by providing advanced traffic management, augments disaster recovery and business continuity and provides secure remote access to name a few features.

Before getting into the details of the LTM, APM and Exchange configuration, I would like to review a little bit about our lab setup at Avnet in the Toronto area:

Avnet Lab Environment

Cisco Fabric Interconnects

8 Port 1/2/4 Gbps Native FC

5108 Chassis (x2)

2104XP Fabric Extenders

B200 M2 Blade Server (x4)

2.66GHz Xeon X5650 CPU (x2)

73GB SAS Drives

48GB RAM

Nexus 5548UP w/ L3 Module

Nexus 5596UP w/ L3 Module

NetApp FAS 3210 (Redundant)

DS2246 Disk Shelf 24 x 450GB 10K RPM SAS (x2)

Cisco UCSM Version

2.0(2r)

NetApp Software

Ontap 8.0

F5 BIG-IP Version

Current software setup 11.2 HF1 Build 2451

 

ESXi Server and Guest Configuration:

ESXi1

192.168.100.10

ESXi2

192.168.100.20

ESXi3

192.168.100.30

ESXi4

192.168.100.40

EXCH01

172.16.20.1

DC12K8 (AD Server)

172.16.20.253

EXCH03

172.16.20.3

Internal Client

10.10.17.30

External Client

203.0.113.30

We configured 4 ESXi servers for this validation as well as vSphere for global management. 2 Exchange CAS servers were provisioned in ESX and we also provisioned 2 Windows 7 devices to simulate internal as well as external access. 

NetApp Controller and Storage Configuration

The Avnet Lab environment was setup with an HA pair of NetApp 3210 controllers as well as 2 DS2246 shelves. In order to ensure a high level of performance 450GB 10SAS disk technology was utilized. We setup and configured the NetApp device with 4 FCOE volumes for booting ESX and one shared 2TB NFS volume for the ESX guests. For additional information on the setup and configuration of the NetApp 3210 controller please reference the NetApp website at www.netapp.com.

 

 

/vol/vol_ESXi_Boot_1 (40GB)

ESXi Host 192.168.100.10 (FCOE)

/vol/vol_ESXi_Boot_2 (40GB)

ESXi Host 192.168.100.20 (FCOE)

/vol/vol_ESXi_Boot_3 (40GB)

ESXi Host 192.168.100.30 (FCOE)

/vol/vol_ESXi_Boot_4 (40GB)

ESXi Host 192.168.100.40 (FCOE)

/vol/NFS_F5 (2TB)

VMware Guest ESX Mount

 

Configure F5 BIG-IP VCMP

F5 BIG-IP Setup

VCMP Host

192.168.1.200

Blade 1

192.168.1.201

Blade 2

192.168.1.202

LTM 1

192.168.1.203

APM

192.168.1.204

LTM1

10.10.16.5

A BIG-IP Viprion 2400 with 2 blades was deployed in the Avnet labs for the purpose of this validation. In VCMP we will provision 2 guests, EXCHLB01 for LTM and EDGE01 for APM. In this demonstration we will show both local and remote clients accessing the Microsoft Exchange via Outlook as well as Outlook Web Access (OWA). For additional details on deploying Exchange 2010 iApp please reference the F5 Exchange 2010 iApp Deployment Guide: http://www.f5.com/pdf/deployment-guides/microsoft-exchange2010-iapp-dg.pdf

image

Figure 1:  vCMP Provisioning on the Viprion

Once VCMP has been provisioned we will configure two guests one EXCHLB01 and EDGE01. The EXCHLB01 guest will be configured for the Local Traffic Management and the EDGE01 guest will be the APM guest. We have provisioned both internal and external customers in order to simulate a distributed setup where users will access email both internally as well as externally.

image

 

Figure 2: vCMP Guest Configuration View

image

Figure 3:  Details on the Configuration of Exchlb01 Guest (LTM)

Configuration of Guest 1: EXCHLB01

After the provisioning of the guests in VCMP we will need to verify networking setup and configure the Exchange 2010 iApp on EXCHLB01. The VLANs assigned to this guest in VCMP should automatically convey and should first be verified on the guest. (See Figure 3 above) We will also configure two self IPs on EXCHLB01 as well as EDGE01

image

Figure 4: VLAN Setup on EXCHLB01

image

Figure 5: Self IP Setup on EXCHLB01

Deploy Exchange iApp

In this section we will review the deployment of the Exchange 2010 iApp on the EXCHLB01 guest. For additional details, please consult the F5 Exchange 2010 iApp deployment guide. We setup an Exchange environment with 2 CAS servers (Exch01 and Exch01). An Exchange DB was configured on the first EXCH01 server with 10 mailboxes. We used the flexpod1 mailbox to test and validate the configuration and will access Exchange locally both via the Outlook client as well as OWA. We also configured the gateway on the Exchange servers to use the F5 BIG-IP.

image

Figure 6: View of Exchange DB Setup EXCHDB02

Once the configuration of the Exchange servers is completed we now can configure the Exchange 2010 iApp for Local Traffic Management. You will need to download the latest version of the Exchange 2010 iApp at http://downloads.f5.com to ensure your iApp is compatible with your version of code. After downloading and importing the Exchange 2010 iApp template we configured the Exchange. The table below shows our iApp configurations. For addition details on deploying Exchange 2010 please refer to the Exchange 2010 iApp deployment guide.

iApp Configuration Details
 

Menu Item

User Input

iApp Name

FlexPod_Exchange_2010

Which scenario describes how you will use BIG-IP in your environment?

LTM will load balance and optimize CAS traffic

Will traffic arrive at this BIG-IP encrypted or unencrypted?

Encrypted

Which SSL certificate do you want to use?

star.scalarlabs.ca

Which SSL key do you want to use?

star.scalarlabs.ca

Do you want to re-encrypt traffic to your Client Access Servers?

Do not re-encrypt (SSL Offload)

Will Clients Connect to this BIG-IP virtual server primarily via a LAN or WAN?

LAN

Where will your BIG-IP virtual servers be in relation to your Client Access Servers?

Different subnet for BIG-IP virtual servers and Client Access Servers

Have you configured routing on your Client Access Servers?

CAS servers use BIG-IP as their default gateway

Will you use a single IP address for all CAS connections or will you use multiple IP addresses?

Single IP Address

How are you distributing the CAS protocols between Servers?

All services will be handled by the same set of Client Access Servers

Would you like to customize your server pool settings?

Use Settings Recommended by F5

What IP address do you want to use for your virtual server?

10.10.16.100

Are you deploying OWA?

Yes

Are you deploying ActiveSync?

Yes

What is the URI for reaching OWA?

/owa/

Are you deploying Outlook Anywhere? (Includes EWS and OAB)

Yes

Are you deploying ActiveSync?

Yes

Are you deploying Autodiscover?

Yes

Are you deploying RPC Client Access (MAPI)?

Yes

Would you like to set static ports for RPC Client Access traffic or use the default dynamic range of ports?

Dynamic

Are you deploying POP3?

No

Are you deploying IMAP4?

No

What are the IP addresses of your Client Access Servers?

172.16.20.1

172.16.20.3

How often (in seconds) do you want to check the health of your servers?

5

Do you want to use advanced or simple monitors to check server status?

Use advanced monitors

What email address do you want to monitor for Autodiscover?

flexpod1@scalarlabs.ca

Which mailbox account should be used for monitors?

flexpod1

Do you want to monitor a second mailbox?

Yes

Which mailbox should be used for the second mailbox account?

flexpod2

What is the domain name of the second account you will use for monitors?

SCALARTEST

What authentication method have you configured for OWA?

OWA uses the default forms based authentication

Are you using the same FQDN for all HTTP-based services?

One FQDN for all services

What is the FQDN for all your mail based services?

mail.scalarlabs.ca

 

After the iApp is configured we will need to create a second iApp on the EXCHLB01 guest. This iApp will be configured to accept incoming connections from the EDGE01 virtual running APM. This will allow remote clients to access Exchange via both Outlook Web Access (OWA) as well as the outlook client. The table below shows our configuration. A separate virtual server will be configured to accept incoming unencrypted traffic from our EDGE01 BIG-IP. For additional details or explanation of the configuration please refer to the F5 BIG-IP iApp Exchange 2010 Deployment Guide.

Configuration of APM iApp on EXCHLB01

Menu Item

User Input

Name

FlexPod_Exchange_2010_APM

Which scenario describes how you will use the BIG-IP in your CAS deployment?

LTM will receive HTTP-based CAS traffic forwarded by a BIG-IP Edge

Will incoming traffic arrive at this BIG-IP encrypted or unencrypted?

Unencrypted

Where will your BIG-IP virtual servers be in relation to your CAS servers?

Different subnet for BIG-IP virtual servers and Client Access Servers

How have you configured routing on your Client Access Servers?

Client Access Servers use the BIG-IP as their default gateway

How are you distributing the CAS protocols between servers?

All services will be handled by the same set of Client Access Servers

Would you like to customize your server pool settings?

Use settings recommended by F5

What IP address do you want to use for your BIG-IP virtual servers?

10.10.16.101

Are you deploying OWA (includes ECP)?

Yes

What is the URI for reaching OWA?

/owa/

Are you deploying Outlook Anywhere (includes EWS and OAB)

Yes

Are you deploying ActiveSync?

Yes

Are you deploying Autodiscover

Yes

Are you deploying RPC access (MAPI)?

Yes

Would you like to set static ports for RPC Client Access traffic or would you like to use the default dynamic range of ports?

Dynamic

Are you deploying POP3?

No

Are you deploying IMAP4?

No

What are the IP addresses of your Client Access Servers?

172.16.20.1

172.16.20.3

image

Figure 7:  Virtual Server Configuration on EXCHLB01

Validation of Outlook Client Access and OWA

Once we have completed the configuration of both iApps for Exchange we will now test connectivity via the internal client to both the Outlook client as well as OWA. As referenced above we have configured the flexpod1 mailbox for the purpose of running this validation. We will first configure our connection to the Exchange server via the internal client desktop. For additional details on the setup and configuration of Exchange 2010 please visit the Microsoft site at www.microsoft.com

image

Figure 8:  Exchange and Outlook Setup from Client

Access Exchange Mailbox via Outlook Client

Once the configuration was complete we opened the Outlook client to access our Exchange mailbox. We verified the configuration by sending a few test messages. We then exited from the Outlook desktop client and accessed our Exchange mailbox via OWA. It is important to note that in both circumstances, we are pointing to the virtual server on the BIG-IP and the connection is being proxied to one of the Exchange CAS servers.

image

Figure 9:  Outlook Access to Exchange

image

Figure 10:  Outlook OWA Access

So folks there you have it.  In two days time at Avnet in Toronto in coordination with Sam Bilko from Avnet and Robin Mordasiewicz from Scalar decisions.  We configured a FlexPod, installed and configured ESX, setup Exchange and provisioned a Viprion with vCMP with two guests. It is a testament to their professionalism and expertise in configuring end to end data center solutions but also that a combination of F5 with iApps and a FlexPod can enable such a rapid deployment of enterprise applications.  In the final post I will review the setup and configuration of APM for secure remote access.  As always comments, and feedback are welcome.