Lync Server 2013 的硬體負載平衡器需求Hardware load balancer requirements for Lync Server 2013

 

主題上次修改日期: 2015-05-11Topic Last Modified: 2015-05-11

Lync Server 2013 調整式合併 Edge 拓撲已針對新部署的 DNS 負載平衡進行優化,主要與使用 Lync Server 的其他組織合作。The Lync Server 2013 scaled consolidated Edge topology is optimized for DNS load balancing for new deployments federating primarily with other organizations using Lync Server. 如果在下列任一情況下需要高可用性,則必須在 Edge Server 集區上使用硬體負載平衡器予以因應:If high availability is required for any of the following scenarios, a hardware load balancer must be used on Edge Server pools for the following:

  • 與使用 Office 通訊伺服器 2007 R2 或 Office 通訊伺服器2007的組織同盟Federation with organizations using Office Communications Server 2007 R2 or Office Communications Server 2007

  • Exchange 2010 與 SP1 前使用 Exchange UM 的遠端使用者 exchange UMExchange UM for remote users using Exchange UM prior to Exchange 2010 with SP1

  • 公用 IM 使用者的連線Connectivity to public IM users

重要

不支援在一個介面上使用 DNS 負載平衡,而在另一個介面上使用硬體負載平衡。您必須同時針對這兩個介面使用硬體負載平衡或 DNS 負載平衡。Using DNS load balancing on one interface and hardware load balancing on the other is not supported. You must use hardware load balancing for both interfaces or DNS load balancing for both.

注意

在您使用硬體負載平衡器時,針對內部網路的連線所部署的負載平衡器必須經過設定,使其僅對流向執行 Access Edge Service 與 A/V Edge Service 之伺服器的流量執行負載平衡。對於流向內部 Web Conferencing Edge Service 或內部 XMPP Proxy 服務的流量,不可執行負載平衡。If you are using a hardware load balancer, the load balancer deployed for connections with the internal network must be configured to load balance only the traffic to servers running the Access Edge service and the A/V Edge service. It cannot load balance the traffic to the internal Web Conferencing Edge service or the internal XMPP Proxy service.

注意

Lync Server 2013 不支援 direct server return (DSR) NAT。The direct server return (DSR) NAT is not supported with Lync Server 2013.

若要判斷您的硬體負載平衡器是否支援 Lync Server 2013 所需的必要功能,請參閱 at 中的「Lync Server 2010 負載平衡器合作夥伴」 https://go.microsoft.com/fwlink/p/?linkId=202452To determine whether your hardware load balancer supports the necessary features required by Lync Server 2013, see "Lync Server 2010 Load Balancer Partners" at https://go.microsoft.com/fwlink/p/?linkId=202452.

執行 A/V Edge Service 之 Edge Server 的硬體負載平衡器需求Hardware Load Balancer Requirements for Edge Servers Running the A/V Edge Service

以下是執行 A/V Edge service 之 Edge Server 的硬體負載平衡器需求:Following are the hardware load balancer requirements for Edge Servers running the A/V Edge service:

  • 關閉內部及外部連接埠 443 的 TCP Nagling。Nagling 是一種程序,將數個小型封包合併為較大型的單一封包以進行有效傳輸。Turn off TCP nagling for both internal and external ports 443. Nagling is the process of combining several small packets into a single, larger packet for more efficient transmission.

  • 關閉外部連接埠範圍 50,000 - 59,999 的 TCP Nagling。Turn off TCP nagling for external port range 50,000 – 59,999.

  • 不要在內部或外部防火牆上使用 NAT。Do not use NAT on the internal or external firewall.

  • Edge 內部介面必須與 Edge 外部介面位在不同的網路上,而且必須停用在它們之間進行的路由傳送作業。The edge internal interface must be on a different network than the Edge Server external interface and routing between them must be disabled.

  • 執行 A/V Edge Service 之 Edge Server 的外部介面必須使用可公開路由傳送的 IP 位址,而且任何 Edge 外部 IP 位址上都沒有 NAT 或埠轉譯。The external interface of the Edge Server running the A/V Edge Service must use publicly routable IP addresses and no NAT or port translation on any of the edge external IP addresses.

硬體負載平衡器需求Hardware Load Balancer Requirements

在 Web 服務的 Lync Server 2013 中,會大幅減少 Cookie 基礎的親近性需求。Cookie-based affinity requirements are greatly reduced in Lync Server 2013 for Web services. 如果您部署的是 Lync Server 2013,而且不會保留任何 Lync Server 2010 前端伺服器或前端集區,則不需要以 cookie 為基礎的持久性集。If you are deploying Lync Server 2013 and will not retain any Lync Server 2010 Front End Servers or Front End pools, you do not need cookie-based persistence. 不過,如果您暫時或永久保留任何 Lync Server 2010 前端伺服器或前端集區,您仍會使用以 cookie 為基礎的持久性,因為它是針對 Lync Server 2010 部署及設定。However, if you will temporarily or permanently retain any Lync Server 2010 Front End Servers or Front End pools, you still use cookie-based persistence as it is deployed and configured for Lync Server 2010.

注意

如果您決定使用 Cookie 型相似性 (即使您的部署不需要它),則這樣做並不會產生任何負面影響。If you decide to use cookie-based affinity even though your deployment does not require it, there is no negative impact to doing so.

針對不使用 Cookie 型相似性的部署:For deployments that will not use cookie-based affinity:

  • 在連接埠 4443 的反向 Proxy 發行規則上,將 [轉送主機標頭] 設為 True。這會確保轉送原始 URL。On the reverse proxy publishing rule for port 4443, set Forward host header to True. This will ensure that the original URL is forwarded.

針對將使用 Cookie 型相似性的部署:For deployments that will use cookie-based affinity:

  • 在連接埠 4443 的反向 Proxy 發行規則上,將 [轉送主機標頭] 設為 True。這會確保轉送原始 URL。On the reverse proxy publishing rule for port 4443, set Forward host header to True. This will ensure that the original URL is forwarded.

  • 硬體負載平衡器 Cookie「絕不能」標示為 httpOnlyHardware load balancer cookie MUST NOT be marked httpOnly

  • 硬體負載平衡器 Cookie「絕不能」有到期時間Hardware load balancer cookie MUST NOT have an expiration time

  • 硬體負載平衡器 Cookie「必須」命名為 MS-WSMAN (此為 Web 服務預期的值且無法變更)Hardware load balancer cookie MUST be named MS-WSMAN (This is the value that the Web services expect, and cannot be changed)

  • 無論該相同 TCP 連線上先前的 HTTP 回應是否已取得 Cookie,在傳入 HTTP 要求沒有 Cookie 的每個 HTTP 回應中,都「必須」設定硬體負載平衡器 Cookie。如果負載平衡器將 Cookie 插入最佳化成針對每個 TCP 連線只出現一次,則「絕不能」使用該最佳化Hardware load balancer cookie MUST be set in every HTTP response for which the incoming HTTP request did not have a cookie, regardless of whether a previous HTTP response on that same TCP connection had already obtained a cookie. If the load balancer optimizes cookie insert to only occur once per TCP connection, that optimization MUST NOT be used

注意

一般硬體負載平衡器設定會使用來源位址親近性和20分鐘的 TCP 會話壽命,這對 Lync Server 和 Lync 2013 用戶端而言是很好的,因為會話狀態是透過用戶端使用方式和/或應用程式互動來維護。Typical hardware load balancer configurations use source-address affinity and a 20 min. TCP session lifetime, which is fine for Lync Server and Lync 2013 clients because session state is maintained through client usage and/or and application interaction.

如果您正在部署行動裝置,硬體負載平衡器就必須能夠在 TCP 工作階段中負載平衡個別要求 (實際上,您必須能夠根據目標 IP 位址來負載平衡個別要求)。If you are deploying mobile devices, your hardware load balancer must be able to load balance individual request within a TCP session (in effect, you must be able to load balance an individual request based on the target IP address).

警告

F5 硬體負載平衡器有一項叫做 OneConnect 的功能,可以確保 TCP 連線中的每個要求都能個別負載平衡。如果您正在部署行動裝置,請確定硬體負載平衡器廠商支援相同的功能。最新版的 Apple iOS 行動應用程式需要傳輸層安全性 (TLS) 版本 1.2。F5 提供適用於此版本的特殊設定。F5 hardware load balancers have a feature called OneConnect that ensures each request within a TCP connection is individually load balanced. If you are deploying mobile devices, ensure your hardware load balancer vendor supports the same functionality. The latest Apple iOS mobile apps require Transport Layer Security (TLS) version 1.2. F5 provides specific settings for this.
如需協力廠商硬體負載平衡器的詳細資訊,請參閱 https://go.microsoft.com/fwlink/p/?linkId=230700For details on third party hardware load balancers, see https://go.microsoft.com/fwlink/p/?linkId=230700

下面是 Director 與前端集區 Web 服務的硬體負載平衡器需求:Following are the hardware load balancer requirements for Director and Front End pool Web Services:

  • 針對 [內部 Web 服務] Vip,設定 _ 硬體負載平衡器上的 [來源位址] 持久性 (內部埠80,443) 。For internal Web Services VIPs, set Source_addr persistence (internal port 80, 443) on the hardware load balancer. 針對 Lync Server 2013,來源 _ 位址暫留表示來自單一 IP 位址的多個連線,永遠會傳送至一部伺服器以維護會話狀態。For Lync Server 2013, Source_addr persistence means that multiple connections coming from a single IP address are always sent to one server to maintain session state.

  • 使用 TCP 閒置逾時:1800 秒。Use TCP idle timeout of 1800 seconds.

  • 在反向 Proxy 與下一個躍點集區之硬體負載平衡器間的防火牆上,建立允許 https 的規則:連接埠 4443 上從反向 Proxy 到硬體負載平衡器的流量。硬體負載平衡器必須設定成接聽連接埠 80、443 及 4443。On the firewall between the reverse proxy and the next hop pool’s hardware load balancer, create a rule to allow https: traffic on port 4443, from the reverse proxy to the hardware load balancer. The hardware load balancer must be configured to listen on ports 80, 443, and 4443.

重要

如需硬體負載平衡器設定的進一步閱讀,請參閱通訊 埠摘要-調整式合併 edge (在 Lync Server 2013 中使用硬體負載平衡器)。For further reading on configuration of the hardware load balancer, please review Port summary - Scaled consolidated edge with hardware load balancers in Lync Server 2013.

硬體負載平衡器相似性需求摘要Summary of Hardware Load Balancer Affinity Requirements

用戶端/使用者位置Client/user location 外部 Web 服務 FQDN 相似性需求External web services FQDN affinity requirements 內部 Web 服務 FQDN 相似性需求Internal web services FQDN affinity requirements

Lync Web App (內部及外部使用者) Lync Web App (internal and external users)

行動裝置 (內部和外部使用者)Mobile device (internal and external users)

無相似性No affinity

來源位址相似性Source address affinity

Lync Web App (僅限外部使用者) Lync Web App (external users only)

行動裝置 (內部和外部使用者)Mobile device (internal and external users)

無相似性No affinity

來源位址相似性Source address affinity

Lync Web App (僅限內部使用者) Lync Web App (internal users only)

行動裝置 (未部署)Mobile device (not deployed)

無相似性No affinity

來源位址相似性Source address affinity

適用於硬體負載平衡器的連接埠監控Port Monitoring for Hardware Load Balancers

您可以在硬體負載平衡器上定義連接埠監控,以判斷特定的服務何時因為發生硬體或通訊失敗而無法使用。You define port monitoring on the hardware load balancers to determine when specific services are no longer available due to hardware or communications failure. 例如,如果前端伺服器服務 (RTCSRV) 停止,因為前端伺服器或前端集區失敗,則 HLB 監視也應停止接收 Web 服務的流量。For example, if the Front End Server service (RTCSRV) stops because the Front End Server or Front End pool fails, the HLB monitoring should also stop receiving traffic on the Web Services. 您可以在 HLB 上實作連接埠監控以監控下列各項:You implement port monitoring on the HLB to monitor the following:

前端伺服器使用者集區– HLB 內部介面Front End Server User Pool – HLB Internal Interface

虛擬 IP/連接埠Virtual IP/Port 節點連接埠Node Port 節點電腦/監視器Node Machine/Monitor 持續性設定檔Persistence Profile 注意事項Notes

<集區 > web int_mco_443_vs<pool>web-int_mco_443_vs

443443

443443

前端Front End

50615061

來源Source

HTTPS:HTTPS

<集區 > web int_mco_80_vs<pool>web-int_mco_80_vs

8080

8080

前端Front End

50615061

來源Source

HTTP:HTTP

前端伺服器使用者集區– HLB 外部介面Front End Server User Pool – HLB External Interface

虛擬 IP/連接埠Virtual IP/Port 節點連接埠Node Port 節點電腦/監視器Node Machine/Monitor 持續性設定檔Persistence Profile 注意事項Notes

<集區 > web_mco_443_vs<pool>web_mco_443_vs

443443

44434443

前端Front End

50615061

None

HTTPS:HTTPS

<集區 > web_mco_80_vs<pool>web_mco_80_vs

8080

80808080

前端Front End

50615061

None

HTTP:HTTP