In a previous post I’ve talked about Hardware Load Balancing a Relay Connector. I’ve explained why this could be an issue when the clients and the Exchange servers are in the same subnet.
The option “client impersonation” is called Layer 7 Transparent Mode by Kemp Technologies. There are two modes Non-Transparent and Transparent. Just to be clear the difference is that with Non-Transparent the Kemps IP Address is passed on to the Exchange server. With Transparent mode enabled the client’s IP Address is passed on to the Exchange server.
Until firmware version 6 it was not possible to set an allow list which could make it difficult or maybe even impossible to use the LoadMaster to balance the Relay traffic in this type of environment. I’ve known a few customers that wanted to use application awareness and therefor Layer 7 but because of this issue they couldn’t. I’ve contacted Kemp a couple of times regarding this issue and they have offered me to test the new version 6 beta. After signing a Non Disclosure Agreement I’ve updated my LoadMaster in the test environment and started testing. Happy to see that they’ve added this feature. By the time I’m publishing this article version 6 is released and I’ve had the approval of Kemp to publish.
With the new firmware Kemp has released for it’s LoadMaster it is now possible to set Access Control on a Virtual Service. You can do this for each Virtual Service. Under Standard Options there’s a new option.
It’s probably a good idea to deny access from every IP Address and only allow the ones you want.
Now you know how to set up the Relay Connector and the Load Balancer with a Kemp in this type of configuration. This was definitely something I was hoping for in the new version. Thanks to Kemp and there research department, they are aware of there customers and are happy to help or implement new features when requested.
Special thanks to Ekkehard Gümbel from Kemp Technologies for the review.