Goal
Our customer require a secure and flexible way to connect to different types of applications, such as Skype for Business, ExchangeRemote Desktop Services, Intranet, etc.
The solution must support application high availability, as well as be highly available itself. It also must be affordable and easy to manage.
Users are geographically dispersed and use On Premises or Cloud services from different time zones. Users require services to be highly available and be accessible in a secure manner from corporate PCs, from BYOD, from inside LAN or from Internet.
Solution
To help find the good solution, the customer turned to Microsoft Gold Partner Lambert Consulting.
Lambert Consulting is a certified partner of KEMP Technologies and provides expertise for, but not limited to, Microsoft platforms.
Proof of concept
The customer had already a virtualized environment, and so the choice of KEMP appliance between hardware or virtual was an easy one. KEMP virtual appliance can be deployed at no cost. There are two options for PoC: free or trial. It is a nice and risk free way to get familiar with the product. For Production a licensed version must be purchased.
The main component of KEMP solution is a load balancer, it is typically used to load balance internal LAN traffic between several servers in a farm. As example if you have 3 Exchange servers, KEMP can send user requests to the least loaded Exchange server . In case of failure of a server, KEMP will redirect user traffic to another node without any impact to user application experience.
Another component is a Reverse Proxy. It is typically used to publish securely internal applications to Internet. KEMP will handle user authentication, Single Sign on, SSL offload, deep protocol inspection, DDoS protection, HTML rewrite and other security related functions. KEMP's SSL re-encryption allows to publish securely legacy applications, like those not compatible with modern TLS 1.2 protocol.
Optionally, we can add Web Application firewall, GEO DNS, management console functions as well.
Planning
The customer and Lambert Consulting began planning the deployment of KEMP load balancers with a start of Microsoft UCC project and then gradually added more functionality and more applications at a later stage.
Deployment
KEMP highly available cluster that consist of two virtual appliances was deployed on VMWare ESX cluster and has two network interfaces - one for DMZ and one for LAN subnets.
KEMP load balances internal LAN connections to Skype for Business farm and does Secure Reverse Proxy for Skype for Business external users.
ServiceNow is a cloud service that is delivered as client_instance.servicenow.com, but this customer wanted to preserve brand and provide service under its domain name: Servicenow.domain.org
In order to do that a KEMP virtual service was created that accepts request for servicenow.domain.org, then rewrites and redirects request to cloud. This way users have a clean and consistent way to access any application regardless where they are located - cloud or on prems.
Applications added later as KEMP Virtual services in the frame of individual customer project implementations:
- Exchange farm
- Intranet portal
- Microsoft Remote Desktop services farm
- Single sign-on for open source CRM
- Multifactor authentication self-service portal
- Microsoft Office Web Apps
Benefits
- Provided Unified, Security-Enhanced Connectivity: Provide highly secure service for internal and external users.
- Supports applications' high availability by load balancing traffic between several server nodes.
- Affordable costs: a competing products like F5 BigIP or Citrix Netscaler are more expensive .
We share your challenges, we accompany your changes
If you have a question or a suggestion, we are at your disposal to answer it by email or by phone.
Sign up
Receive notifications about our latest projects
*Only professional emails can be subscribed to this newsletter