In Exchange 2010, system functionality is split into five server roles (Mailbox, Client Access (CAS), Unified Messaging, Hub Transport (HT) and Edge Transport). Mandatory roles are Mailbox, Client Access and Hub Transport. The Edge Transport and Unified Messaging roles are optional and depend on the infrastructure and operational requirements. The CAS role does not have any built-in load balancing functionality. The HT role does provide load balancing functionality for server to server mail traffic, but not external SMTP traffic that arrives from other applications or from outside the organization directly to the HT server.
Based on this, it is a common requirement to load balance both the CAS and HT roles. In some cases only the CAS role is load balanced. The exact load balancing requirements depend on the number of servers in use and how / where the roles are deployed.
LOAD BALANCING CONSIDERATIONS:
Load Balancer Deployment Method
As with several other Microsoft applications, the load balancer for Exchange 2010 is deployed in one-arm SNAT mode (Source Network Address Translation) at layer 7 using HAProxy. This mode is recommended by Microsoft and also has the advantage that it requires no changes to the Exchange 2010 servers.
Persistence (aka Server Affinity) Requirements
Some Exchange 2010 protocols require affinity and others do not. For more details please refer to this Microsoft Technet article.
For additional information on the various affinity options, please refer to this Microsoft Technet article:
Summary of Persistence Requirements:
| Persistence – Required | Persistence – Recommended | Persistence – Not Required |
| Outlook Web App | Outlook Anywhere | Offline Address Book |
| Exchange Control Panel | ActiveSync | AutoDiscover |
| Exchange Web Service | Address Book Service | POP3 |
| RPC Client Access Service | Remote PowerShell | IMAP4 |
Virtual Server/Service (VIP) Requirements
- CAS role – HTTPS & HTTP services
- CAS role – RPC services
- CAS role – IMAP4 or POP3 services (if used / required)
- HT role – SMTP services
Using multiple VIPs for the CAS role allows the settings for each VIP to be customized (e.g. persistence/affinity options) to suit the service being load balanced and also ensures more granular health-checks.
Port Requirements
The following table shows the port list that must be load balanced for the CAS and HT roles. Note that some services such as IMAP4 or POP3 may not be used in your environment.
| TCP Port | Role(s) | Uses |
| 25 | HT | SMTP |
| 80 | CAS | HTTP – various |
| 110 | CAS | POP3 clients |
| 135 | CAS | RPC end point mapper |
| 143 | CAS | IMAP4 clients |
| 443 | CAS | HTTPS – various |
| 993 | CAS | Secure IMAP4 clients |
| 995 | CAS | Secure POP3 clients |
| 60200* | CAS | Static port for RPC client access service |
| 60201* | CAS | Static port for Exchange address book service |
*These ports have been chosen as the static RPC ports. Microsoft recommends that any port within the range 59531 to 60554 should be used, and that the same ports should be used on all Client Access Servers within the same AD site.
For a full Exchange Server 2010 port list, please refer to this Microsoft Technet article.
Deployment Architecture
There are multiple ways to deploy Exchange, but in this example two servers are used. Each server hosts the CAS & HT roles, as well as the Mailbox role in a DAG configuration. This provides high availability for these three key Exchange roles and uses a minimum number of Exchange servers.
Note: The load balancer can be deployed as a single unit, although Loadbalancer.org strongly recommends a clustered pair for resilience & high availability.
More Information
For more information please refer to our complete deployment guide available here.