Lync Server 2013 的硬件负载平衡器要求Hardware load balancer requirements for Lync Server 2013

 

上次修改的主题: 2015-05-11Topic Last Modified: 2015-05-11

Lync Server 2013 扩展的合并边缘拓扑经过优化,用于新部署的 DNS 负载平衡主要与使用 Lync Server 的其他组织联盟。The Lync Server 2013 scaled consolidated Edge topology is optimized for DNS load balancing for new deployments federating primarily with other organizations using Lync Server. 如果下列任何方案要求高可用性,则必须在边缘服务器池上对以下内容使用硬件负载平衡器:If high availability is required for any of the following scenarios, a hardware load balancer must be used on Edge Server pools for the following:

  • 与使用 Office 通信服务器 2007 R2 或 Office 通信服务器2007的组织进行联盟Federation with organizations using Office Communications Server 2007 R2 or Office Communications Server 2007

  • Exchange 2010 之前使用 Exchange UM 的远程用户的 exchange UM (SP1)Exchange UM for remote users using Exchange UM prior to Exchange 2010 with SP1

  • 与公共 IM 用户的连接Connectivity to public IM users

重要

不支持对一个接口使用 DNS 负载平衡,而对另一个接口使用硬件负载平衡。必须对两个接口都使用硬件负载平衡,或者对两个接口都使用 DNS 负载平衡。Using DNS load balancing on one interface and hardware load balancing on the other is not supported. You must use hardware load balancing for both interfaces or DNS load balancing for both.

备注

如果使用硬件负载平衡器,则为内部网络连接部署的负载平衡器必须配置为仅对发往运行访问边缘服务和 A/V 边缘服务的服务器的流量进行负载平衡。它不能对发往内部 Web 会议边缘服务或内部 XMPP 代理服务的流量进行负载平衡。If you are using a hardware load balancer, the load balancer deployed for connections with the internal network must be configured to load balance only the traffic to servers running the Access Edge service and the A/V Edge service. It cannot load balance the traffic to the internal Web Conferencing Edge service or the internal XMPP Proxy service.

备注

Lync Server 2013 不支持直接服务器返回 (DSR) NAT。The direct server return (DSR) NAT is not supported with Lync Server 2013.

若要确定您的硬件负载平衡器是否支持 Lync Server 2013 所需的必要功能,请参阅 at 中的 "Lync Server 2010 负载平衡器合作伙伴" https://go.microsoft.com/fwlink/p/?linkId=202452To determine whether your hardware load balancer supports the necessary features required by Lync Server 2013, see "Lync Server 2010 Load Balancer Partners" at https://go.microsoft.com/fwlink/p/?linkId=202452.

运行 A/V 边缘服务的边缘服务器的硬件负载平衡器要求Hardware Load Balancer Requirements for Edge Servers Running the A/V Edge Service

以下是运行 A/V 边缘服务的边缘服务器的硬件负载平衡器要求:Following are the hardware load balancer requirements for Edge Servers running the A/V Edge service:

  • 对内部和外部端口 443 关闭 TCP nagling。Nagling 是将若干小数据包整合到单个大数据包以提高传输效率的过程。Turn off TCP nagling for both internal and external ports 443. Nagling is the process of combining several small packets into a single, larger packet for more efficient transmission.

  • 对端口范围为 50,000 – 59,999 的外部端口关闭 TCP nagling。Turn off TCP nagling for external port range 50,000 – 59,999.

  • 请不要对内部或外部防火墙使用 NAT。Do not use NAT on the internal or external firewall.

  • 边缘内部接口与边缘服务器外部接口必须位于不同的网络上,且必须禁用它们之间的路由。The edge internal interface must be on a different network than the Edge Server external interface and routing between them must be disabled.

  • 运行 A/V 边缘服务的边缘服务器的外部接口必须使用可公开路由的 IP 地址,并且没有任何边缘外部 IP 地址上的 NAT 或端口转换。The external interface of the Edge Server running the A/V Edge Service must use publicly routable IP addresses and no NAT or port translation on any of the edge external IP addresses.

硬件负载平衡器要求Hardware Load Balancer Requirements

Lync Server 2013 for Web 服务中的基于 Cookie 的相关性要求大大减少。Cookie-based affinity requirements are greatly reduced in Lync Server 2013 for Web services. 如果要部署 Lync Server 2013,并且不会保留任何 Lync Server 2010 前端服务器或前端池,则不需要基于 cookie 的持久性。If you are deploying Lync Server 2013 and will not retain any Lync Server 2010 Front End Servers or Front End pools, you do not need cookie-based persistence. 但是,如果您将临时或永久保留任何 Lync Server 2010 前端服务器或前端池,您仍将使用基于 cookie 的持久性,因为它是为 Lync Server 2010 部署和配置的。However, if you will temporarily or permanently retain any Lync Server 2010 Front End Servers or Front End pools, you still use cookie-based persistence as it is deployed and configured for Lync Server 2010.

备注

如果您决定使用基于 Cookie 的相关性,但您的部署不需要它,如此做没有任何负面影响。If you decide to use cookie-based affinity even though your deployment does not require it, there is no negative impact to doing so.

对于不使用基于 Cookie 的相关性的部署:For deployments that will not use cookie-based affinity:

  • 在端口 4443 的反向代理发布规则上,将“转发主机头”**** 设置为 True。这可确保转发原始 URL。On the reverse proxy publishing rule for port 4443, set Forward host header to True. This will ensure that the original URL is forwarded.

对于将使用基于 Cookie 的相关性的部署:For deployments that will use cookie-based affinity:

  • 在端口 4443 的反向代理发布规则上,将“转发主机头”**** 设置为 True。这可确保转发原始 URL。On the reverse proxy publishing rule for port 4443, set Forward host header to True. This will ensure that the original URL is forwarded.

  • 不得将硬件负载平衡器 Cookie 标记为 httpOnlyHardware load balancer cookie MUST NOT be marked httpOnly

  • 硬件负载平衡器 Cookie 不得具有过期时间Hardware load balancer cookie MUST NOT have an expiration time

  • 硬件负载平衡器 Cookie 必须名为 MS-WSMAN(这是 Web 服务预期的值,不能更改)Hardware load balancer cookie MUST be named MS-WSMAN (This is the value that the Web services expect, and cannot be changed)

  • 必须在其传入 HTTP 请求没有 Cookie 的每个 HTTP 响应中设置硬件负载平衡器 Cookie,无论该同一 TCP 连接上的上一个 HTTP 响应是否已获得 Cookie 都是如此。如果负载平衡器将 Cookie 插入优化为每个 TCP 连接只发生一次,则不得使用该优化Hardware load balancer cookie MUST be set in every HTTP response for which the incoming HTTP request did not have a cookie, regardless of whether a previous HTTP response on that same TCP connection had already obtained a cookie. If the load balancer optimizes cookie insert to only occur once per TCP connection, that optimization MUST NOT be used

备注

典型的硬件负载平衡器配置使用源地址关联和20分钟的 TCP 会话生存期,这对 Lync Server 和 Lync 2013 客户端来说是很好的,因为会话状态是通过客户端使用情况和/或应用程序交互来维护的。Typical hardware load balancer configurations use source-address affinity and a 20 min. TCP session lifetime, which is fine for Lync Server and Lync 2013 clients because session state is maintained through client usage and/or and application interaction.

如果部署移动设备,则您的硬件负载平衡器必须能对 TCP 会话中的单个请求进行负载平衡(实际上,您必须能基于目标 IP 地址对单个请求进行负载平衡)。If you are deploying mobile devices, your hardware load balancer must be able to load balance individual request within a TCP session (in effect, you must be able to load balance an individual request based on the target IP address).

警告

F5 硬件负载平衡器具有一个名为 OneConnect 的功能,这可确保一个 TCP 连接中的每个请求是单独进行负载平衡的。如果部署的是移动设备,请确保您的硬件负载平衡器供应商支持这一相同功能。最新的 Apple iOS 移动应用程序要求传输层安全性 (TLS) 1.2 版。F5 提供专门针对这一要求的设置。F5 hardware load balancers have a feature called OneConnect that ensures each request within a TCP connection is individually load balanced. If you are deploying mobile devices, ensure your hardware load balancer vendor supports the same functionality. The latest Apple iOS mobile apps require Transport Layer Security (TLS) version 1.2. F5 provides specific settings for this.
有关第三方硬件负载平衡器的详细信息,请参阅 https://go.microsoft.com/fwlink/p/?linkId=230700For details on third party hardware load balancers, see https://go.microsoft.com/fwlink/p/?linkId=230700

以下是控制器和前端池 Web 服务的硬件负载平衡器要求:Following are the hardware load balancer requirements for Director and Front End pool Web Services:

  • 对于内部 Web 服务 Vip,请设置 _ 硬件负载平衡器上的源地址持久性 (内部端口80、443) 。For internal Web Services VIPs, set Source_addr persistence (internal port 80, 443) on the hardware load balancer. 对于 Lync Server 2013,源 _ 地址暂留意味着来自单个 IP 地址的多个连接将始终发送到一台服务器,以维护会话状态。For Lync Server 2013, Source_addr persistence means that multiple connections coming from a single IP address are always sent to one server to maintain session state.

  • 使用 TCP 空闲超时 1800 秒。Use TCP idle timeout of 1800 seconds.

  • 在反向代理和下一个跃点池的硬件负载平衡器之间的防火墙上,创建一条支持端口 4443 上从反向代理到硬件负载平衡器的 HTTPS 流量的规则。必须将硬件负载平衡器配置为侦听端口 80、443 和 4443。On the firewall between the reverse proxy and the next hop pool’s hardware load balancer, create a rule to allow https: traffic on port 4443, from the reverse proxy to the hardware load balancer. The hardware load balancer must be configured to listen on ports 80, 443, and 4443.

重要

有关硬件负载平衡器配置的进一步阅读,请 在 Lync Server 2013 中查看带硬件负载平衡器的端口摘要-扩展的合并边缘For further reading on configuration of the hardware load balancer, please review Port summary - Scaled consolidated edge with hardware load balancers in Lync Server 2013.

硬件负载平衡器关联要求的摘要Summary of Hardware Load Balancer Affinity Requirements

客户端/用户位置Client/user location 外部 Web 服务 FQDN 关联要求External web services FQDN affinity requirements 内部 Web 服务 FQDN 关联要求Internal web services FQDN affinity requirements

Lync Web App (内部和外部用户) Lync Web App (internal and external users)

移动设备(内部和外部用户)Mobile device (internal and external users)

无相关性No affinity

源地址相关性Source address affinity

仅 (外部用户) 的 Lync Web AppLync Web App (external users only)

移动设备(内部和外部用户)Mobile device (internal and external users)

无相关性No affinity

源地址相关性Source address affinity

Lync Web App (仅限内部用户) Lync Web App (internal users only)

移动设备(未部署)Mobile device (not deployed)

无相关性No affinity

源地址相关性Source address affinity

硬件负载平衡器的端口监控Port Monitoring for Hardware Load Balancers

在硬件负载平衡器上定义端口监控来确定特定服务何时由于硬件或通信故障而不再可用。You define port monitoring on the hardware load balancers to determine when specific services are no longer available due to hardware or communications failure. 例如,如果前端服务器服务 (RTCSRV) 因前端服务器或前端池发生故障而停止,则 HLB 监视还应停止接收 Web 服务的流量。For example, if the Front End Server service (RTCSRV) stops because the Front End Server or Front End pool fails, the HLB monitoring should also stop receiving traffic on the Web Services. 可在 HLB 上实施端口监控来监控以下各项:You implement port monitoring on the HLB to monitor the following:

前端服务器用户池– HLB 内部接口Front End Server User Pool – HLB Internal Interface

虚拟 IP/端口Virtual IP/Port 节点端口Node Port 节点计算机/监视器Node Machine/Monitor 持久性配置文件Persistence Profile 注释Notes

<池 > web-int_mco_443_vs<pool>web-int_mco_443_vs

443443

443443

前端Front End

50615061

SourceSource

IP-HTTPSHTTPS

<池 > web-int_mco_80_vs<pool>web-int_mco_80_vs

8080

8080

前端Front End

50615061

SourceSource

HTTPHTTP

前端服务器用户池– HLB 外部接口Front End Server User Pool – HLB External Interface

虚拟 IP/端口Virtual IP/Port 节点端口Node Port 节点计算机/监视器Node Machine/Monitor 持久性配置文件Persistence Profile 注释Notes

<池 > web_mco_443_vs<pool>web_mco_443_vs

443443

44434443

前端Front End

50615061

None

IP-HTTPSHTTPS

<池 > web_mco_80_vs<pool>web_mco_80_vs

8080

80808080

前端Front End

50615061

None

HTTPHTTP