Array Networks & Microsoft Exchange Server 2010

Array Networks & Microsoft Exchange Server 2010 Array Networks Enables Highly Optimized Microsoft Exchange Server 2010 Services Microsoft Exchange Server is the industry leading messaging platform for businesses today. With Exchange Server 2010, Microsoft has extended this platform to enable users to access e-mail, voice mail and instant messaging from any device anywhere, mobile or fixed, using industry standard protocols. Microsoft also made a major architecture change requiring that all user access must go through Client Access Servers (CAS) and recommends the use of hardware load balancers. Application Delivery Controllers (ADC) with their core load balancing, SSL offloading and other service optimizing capabilities, are now an integral component of any enterprise Exchange deployment. These ADCs are used to intelligently load balance and optimize Exchange traffic across CAS servers for the best local and global user experience. Remote Users External Internal Edge Transport Servers SPX Server Load Balancing Internet APV Array Networks has worked closely with Microsoft to create a joint solution which accelerates, secures and optimizes the delivery of Exchange services. This joint solution enables organizations to gain the greatest value from their Exchange investment and to deliver business critical Exchange services. The Array solution also addresses the problem of securely accessing Exchange email from anywhere on any device. To help customers quickly realize the benefits of our joint solution, Array has created a detailed step-by-step deployment guide which can be downloaded from our website at: http://www.arraynetworks.com/ exchange-server-2010-qualification.html Remote Users Global Load Balancing Server Load Balancing Client Access Servers Other App Servers Solution Highlights: At Array Networks, we empower our customers to deliver better application services without compromising simplicity, security or value. Our solution with Microsoft optimizes Exchange services delivery while maximizing value: Intelligent load balancing of Exchange services. Secure access to Exchange services from any device. Accelerated performance and globally availability. What s inside: Improve Exchange User Experience Always-On Exchange Services Stop Network Attacks Before It Stops Exchange Services Scale Exchange Services Without Adding Servers Secure Access Anywhere From Any Device Built for Simplicity, Scale and Performance Better Economics Users

Key Solution Benefits Improve Exchange User Experience Ensures employees always have access to Exchange services while in the office, on-the-go, from hotels, at home or from remote locations. Improve user response time and experience by intelligently load balancing requests across Exchange servers, caching frequently accessed files and compressing network data. Automatically direct external users to the best global site for Exchange services by intelligently making use of proximity, latency, site availability, and performance statistics. Always-On Exchange Services Local availability of Exchange services so that a server failure does not interrupt Exchange services. Global availability of Exchange services so that a site or ISP link failure does not interrupt Exchange services. Automatically checks the health of Exchange services and directs users to the best server or site. Stop DDoS Attacks Before It Stops Exchange Services Improve security by protecting your Exchange environment from malicious network and server attacks, e.g. Distributed Denial of Service (DDoS) attacks, SYN floods, TCP port scans, UDP floods and UDP port scans, etc. The full reverse proxy core feature of ADCs helps mitigate Exchange and other applications vulnerabilities. Scale Exchange Services Without Adding Servers Intelligently load balances Exchange traffic and offloads non-core application tasks such as compute intensive SSL processing, network connection handling and compression from application servers increasing server utilization and freeingup server capacity to do as much as 50% more. Universal Secure Access Anywhere From Any Device Enforce security policies at the edge of the network so only legitimate remote users can access Exchange and other corporate services. Security features include access controls, two factor authentication, device integrity checks prior to start of the session, and device cache cleaning at the end of the session. Built for Simplicity, Scale and Performance Simplify administration and optimize performance with these tightly integrated hardware and software purpose built appliances. Enables scaling from 10 to tens of thousands concurrent users on a single appliance, with the ability to cluster from 2 to 32 appliances for massive scalability. Simplify SSL certificate management and offloading of this function from Exchange CAS servers. Better Economics Better CapEx and OpEx by reducing server footprint, software licensing, bandwidth and energy costs through better utilization of Exchange servers and by off-loading compute intensive tasks from servers, e.g. SSL encryption/decryption, compression, caching, etc. 2 Cost-effective, secure, scalable and highly available Exchange 2010 services

Benefits and Value of Array Networks Solution for Exchange Server 2010 Array Networks solution for Microsoft Exchange Server 2010 enables a cost-effective, secure, scalable and highly available deployment. In this section we expand on how IT architects, managers and administrators can provide the following important benefits to their organizations and end-users. Improving Exchange User Experience One of the primary benefits of the Array Networks Solution for Microsoft Exchange Server 2010 is the improvement in both on-site and remote user experience with Exchange services. The following are some examples of the built-in features of Array s Application Delivery Controllers and how they improve the user experience: Server Load Balancing - Improve end-user experience by intelligently load balancing requests across Exchange servers. This helps to intelligent distribute requests across available resources to deliver the best performance. Several load balancing methods can be deployed from the simple round robin to more complex methods which check latency, CPU utilization and more. Improved end-user experience by intelligently load balancing requests across Exchange servers User Session Persistence - User session persistence is maintained to ensure that requests are directed to the same server for the duration of the session. This ensures a consistent seamless experience especially when users are connecting remotely using different device types and over networks which may have poor or inconsistent quality. Content Caching - Frequently access data is cached in the Array ADC appliance so requests for the same content are served directly from the cache without incurring the round trip delay to setup connections and fetch data from back-end servers. This results in better response times to end-users while reducing the load on both backend network and servers. 3

Data Compression - With both software and hardware assisted compression features, the Array ADC appliance can be configured to automatically compress email messages and attachments so less LAN and WAN bandwidth is consumed. This improves end-user response times since fewer bits have to be transferred across the network. This is especially beneficial for mobile and remote user accessing Exchange services over low quality or congested networks. Always-On Exchange Services Always-on Exchange services are critical to the modern organization; any disruption in Exchange services can significantly impact productivity and slow down the pace of business. This is especially true for businesses with a globally distributed workforce and partners where an always-on email services is probably the most important requirement from both the business and end-user perspective. Knowing the importance of always-on Exchange services, Array worked with Microsoft to ensure that no single server or site failure would result in lost services. After availability, response time is one of the most important requirements for end-users. With this in mind, Array built intelligence into the solution to detect slow or overload servers (or sites) and to automatically reroute users to the least loaded server or site. Always-on Exchange services so your employees stay productive regardless of where they are Local Availability of Exchange Services - With Array s ADC advanced server load balancing capability, end-users can benefit from 99.999% availability of Exchange services. The Array ADC automatically detect failed or overloaded servers, and automatically and transparently routes user requests to healthy servers or the least loaded server to deliver the best performance. In addition, health checks are routinely performed on the Exchange application itself to determine if a component of the service is slow or just not responding. For example, health check of CAS servers can detect a hung or poor performing CAS server and automatically route users to active or better performing servers. Global Service Resiliency - Because email service is business critical, users must be able to access these services in the event of a site failure caused by human error, natural events, or acts of war. To meet these requirements enterprises typically deployed multisite Exchange environments. 4

The Array ADC solution for Exchange enables the deployment of a highly to resilient email service by leveraging the ADC global load balancing feature provide realtime access to the best globally available site. With this feature, failed sites, or just congested sites are automatically detected and users are transparently redirected to active sites or to better performing sites. Array has built-in probes (health checks) which make intelligent routing decisions based on proximity, language, capacity, load and response times to take users to the best site base on their profile. In addition, in times of disasters or unplanned outages, users can gain secure access from remote locations using Outlook Web App email services. With Array s Universal Access Security appliance, the device can instantaneously support huge spikes in concurrent users (tens of thousands) without the need to make a phone call to activate licenses or perform hardware/software upgrades. ISP Link Availability and Cost Optimization - Since an ISP link or network failure can cripple Exchange services to and from a site, multiple links and ISPs are often used to ensure service availability. In addition, there are often cost and performance differences between ISPs which can be exploited for cost optimizations. Intelligent cost and performance optimization across multiple WAN connections The Array ADC link load balancing feature, with advanced link failover and bandwidth management capabilities, can help businesses optimize availability, security, cost and performance of Exchange services across multiple WAN connections. Stop DDoS Attacks before It Stops Exchange Services Since email is such a ubiquitous communication tool, it is constantly exploited by attackers to disrupt email and other services. If Distributed Denial of Service (DDoS) attacks are not handled correctly they can bring the corporate network and services to their knees by clogging the network and overloading application servers. This can have a direct negative impact to the flow of legitimate business email, access to general application services, employee productivity and user experience. 5

In our joint solution, the Array Networks ADC sits in front of the email servers and only lets through emails from legitimate sources while blocking email from non-trusted sources. This feature limits or blocks malicious DDoS attacks (SYN floods, TCP port scans, UDP floods and UDP port scans), ensuring that only legitimate business emails gets onto the corporate network and to the backend email servers. In addition, the ADC walls-off backend servers and networks since all incoming network traffic is terminated on the ADC. For legitimate traffic, the ADC opens new connections to the backend servers so it can be processed. By protecting both backend servers and network, these resources can be used efficiently for legitimate business traffic and application services. Scale Exchange Services without Adding Servers One of the main benefits of Array s ADC appliances is offloading of non-application specific compute intensive tasks from servers. This offloading capability means that Exchange services can be scaled and/or accelerated by simply adding a pair of these purpose-built appliances in front of Exchange Client Access (CAS) servers. Scale your services without scaling your budget This capability, along with the architecture changes Microsoft made with Exchange 2010 requiring that all traffic must go through CAS servers, makes ADCs a fundamental requirement for enterprise customers upgrading to Exchange 2010 or having to deal with increased service demands due to growth or datacenter consolidation. Adding Array s ADCs to these environments can defer or eliminate expensive server upgrade and licenses cost enabling businesses to do more with their existing resources. Better Utilization of CAS Servers - Intelligent load balancing of Exchange traffic enables IT to make the best use of existing Client Access Server capacity and to increased server utilization. A variety of load balancing methods are supported by Array s advanced ADCs, from simple round robin to more sophisticated shortest response time or server CPU utilization methods. This ensures that users are automatically directed to the best server to handle their request. SSL Offloading - SSL processing is one of the most compute intensive tasks servers do, consuming up to 30% of server compute capacity. Since most email 6

communication is encrypted for security and regulatory compliance, this can place a heavy burden on application servers. ADCs are often used to off-load SSL processing from application servers, freeing-up valuable capacity for them to do what they do best application processing. Array s ADC appliances are purpose built with SSL hardware processing engines which offloads both 1024-bit and 2048-bit SSL encryption/decryption from application servers. This result in improved Exchange service performance and a reduction in the number of Exchange 2010 servers required. SSL Certificate Consolidation & Centralized Management - SSL certificates can be consolidated and managed on the ADC, eliminating the need for SSL software and certificates for each application server. This significantly simplifies certificate administration and cost. TCP Connection Off-load and Multiplexing - Setting up and tearing down TCP connections is a very common compute intensive task which servers are not optimized for; and since this has nothing to do the core functioning of most applications it can be readily offloaded. Offload compute intensive functions from Exchange servers Since Array s ADCs front-ends the Exchange servers, it can offload the compute intensive task of setting up and tearing down TCP connections for these servers freeing up capacity for Exchange services. In addition, the ADC appliances uses a technique called TCP multiplexing which reduces the number of connections established with the back-end Exchange servers so application servers have to manage fewer connections. The net benefit of TCP connections off-load and multiplexing is increased Exchange throughput and performance. Compression Offload & Bandwidth Reduction - Compressing data has the benefit of reducing the network bandwidth required to move information between the Exchange server and the users consuming this information. However, like SSL encryption/decryption compression is another very compute intensive task which is best off-loaded to ADCs. 7

Depending on the Array ADC model deployed, customers can benefit from software compression, or from hardware assisted compression when performance is important. Offloading compression to Array s ADCs can free-up up to 20% of an application server capacity. Caching for Faster Response - Caching eliminates the repeated application server processing and round trip delays incurred for each user request, i.e. opening connections to application servers, fetching the data from backend storage devices, and terminating these connections. Caching significantly reduces the load on servers and network bandwidth consumed. From a end-user perspective, caching results in significant improvements in response time when accessing cacheable data, e.g. PowerPoint presentations, Excel files, images, etc. Universal Secure Access Secure access from any device, anywhere In business today, mobile access to corporate resources is no longer a luxury available for a select few. Mobility has become a fundamental method by which we all stay connected and communicate -- by voice, messaging and email. In addition, we are doing so increasingly from our own personal devices -- be it a smart phone, tablet or laptop. These trends in mobility and IT consumerization creates unprecedented security challenge which goes beyond tradition user access controls end-user devices must be authenticated, data on the wire must be encrypted and data leakage must be prevented. In the wrong hands these smart powerful devices can be very destructive tools which can be used to exploit corporate vulnerabilities which can significantly increase business risks. Array s Access Security appliances have been designed to meet this challenge, providing edge security for Exchange, other application services, and access to corporate networks. These purpose-built appliances enforce security policies at the edge of the network so only legitimate users can access corporate resources. 8

Securing Access for Remote Users - Since security attacks are most likely to come for the outside, enforcing strict security policies on who can access valuable corporate assets, end-point integrity checks to only allow trusted device access, and ensuring that nothing is left behind on these end-user devices are important requirements for the enterprise. Array s Universal Access Security appliances establish this critical first line of defense for the modern enterprise. Secure features includes access controls, integration with AAA servers, two factor authentication for higher levels of security, single sign-on for simplicity, device verification so only authorized devices are allowed access, device integrity checks prior at the start of each session so an infected device does not contaminate the corporate network and device cache cleaning at the end of each session so no data is left behind -- browser history, forms, cookies, auto-complete information and more. For additional security, users and their devices must log-on and be authenticated for each session, and sessions are automatically terminated during periods of inactivity. This limits the attack window available to potential attackers. Encrypt network traffic for security and regulatory compliance Network Security Using Virtual LANs & SSL Encryption - Security can also be enhanced at the network level by creating and assigning a virtual LAN (VLAN) to specific services and users. This allows administrators, users, partners or even departments to have their own sandbox to work within and to be confident that sensitive data remains within their secure sandbox. Network traffic can be securely encrypted as it leaves the corporate network or traverse the corporate network using either 1024-bit or 2048-bit keys so data in transit is always protected. Enhancing User Experience & Productivity - To improve the user experience and to make them instantly productive, Array s single sign-on feature provides fast hassle-free access to the corporate network and approved services. 9

Our application publishing service enables administrators to publish specific applications to individual users and block other applications. For example, a user can gain access to Microsoft Outlook Web App for secure access to their email from a browser but not to financial applications. Centralize Access Control for Cloud, Datacenter and Hybrid Datacenters - Array s Universal Access Security appliances acts as gateways to datacenter and cloud assets regardless of how these assets are deployed traditional, private cloud, public cloud or hybrid. These appliances are designed for performance and scale, with built-in SSL hardware assisted SSL processing and the ability to managing from 10 to tens of thousands of concurrent connections per a single appliance; and to massively scale horizontally by clustering up to 32 appliances. Having a single product with the scale, performance and administrative controls to seamlessly support small to large enterprise, cloud and hybrid environments simplifies both the design decision for IT architects and investment decision for management. Custom administrative portals so administrators have their own sandbox Custom Administrative Portals - To simplify administration and enforce administrative privileges, individual administrators or groups of administrators can be assigned their own dedicated portal for the service or group of services they manage. Up to 256 unique portals can be created for each appliance. Logging for Compliance and Troubleshooting - Array s Universal Access Security appliances maintain detail logs which can be invaluable when debugging issues and verifying compliance. Logs are maintained with timestamps of all user and administrative activities, e.g. successful logins/failure, logouts, idle session timeouts, appliance configurations changes, etc. This information can be accessed directly from the appliance or extracted using SNMP and integrated with more comprehensive security and compliance management tools. 10

Better Economics While the ability to deliver accelerated, always-on, scalable and secure Exchange services are important IT design and operations considerations, the economics of the solution is also important. This is especially true when there are competing IT projects and budget constraints. Array s ADCs and Universal Access Security appliances creates economic leverage which optimizes TCO of the Exchange solution by reducing or limiting IT spends on servers, software license and network bandwidth. These savings are a direct result of the following: Offloading of Non-Core Application Functions - Depending on which ADC functions are enabled, up to 80% of application server workloads can be off-load to Array s ADCs, e.g. SSL encryption/decryption, SSL certificate management, compression, caching, and TCP connection management. Intelligent Traffic Management - By intelligently managing traffic between the users and backend Exchange environment, servers and bandwidth can be efficiently utilized. Server and network attacks can be minimized, legitimate traffic can be directed to the best server to process use requests, and outbound traffic can be routed to the most cost effective WAN/ISP link. Gain economic leverage while optimizing Exchange services Better Utilization of IT Resources - Since non-core application workloads are offloaded to the ADCs, business can scale and meet user expectations with the most efficient application backend. This has a direct cost impact due to the reduced number and size of application servers, software licenses, datacenter footprint, and energy consumed. Centralize Access Control for Cloud, Datacenter and Hybrid Datacenters - Array s Universal Access Security appliances provides the scale, performance and administrative controls to seamlessly support small to large enterprise, cloud and hybrid environments. This eliminates the need for multiple point products, simplifies datacenter design for architects, and reduces both CapEx and OpEx. 11

Summary Array has facilitated the deployment of our joint solutions with Microsoft for Exchange 2010 by providing a Microsoft qualified step-by-step deployment guide which was fully tested and verified by our engineers at Array Networks. This guide will significantly reduce the time and effort required for customers to deploy or upgrade their Exchange environment and start experiencing the benefits of this solution. Planning for and integrating Array s ADCs and Universal Access Security appliances for Exchange deployments creates economic leverage and enables customers to get the most out of their Exchange investments while delivering excellent service. More Information Learn more about Array Networks and Array s solution for Microsoft Exchange Server 2010 at www.arraynetworks.com Web Page: Array Networks Solution for Microsoft Exchange 2010 http://www.arraynetworks.com/exchange-server-2010-qualification.html Deployment Guide: Array Networks Solution for Microsoft Exchange 2010 http://www.arraynetworks.com/compliance/dg-apv-exchange2010-sept-2011-rev-i.pdf About Array Networks Array Networks is a global leader in application, desktop and cloud service delivery with over 5000 worldwide customer deployments. Powered by award-winning SpeedCore software, Array solutions are recognized by leading enterprise, service provider and public sector organizations for unmatched performance and total value of ownership. Array is headquartered in Silicon Valley, is backed by over 300 employees worldwide and is a profitable company with strong investors, management and revenue growth. Poised to capitalize on explosive growth in the areas of mobile and cloud computing, analysts and thought leaders including Deloitte, Red Herring and Frost & Sullivan have recognized Array Networks for its technical innovation, operational excellence and market opportunity. Corporate Headquarters info@arraynetworks.com 408-240-8700 1 866 MY-ARRAY www.arraynetworks.com Belgium +32 2 6336382 China support@arraynetworks.com.cn +010-84446688 France infosfrance@arraynetworks.com +33 (0) 180 886 086 India isales@arraynetworks.com +91-080-41329296 Japan sales-japan@arraynetworks.com +81-45-664-6116 Korea array-sales@arraynetwork.co.kr +82(2)3461-8124 Taiwan support.taiwan@arraynetworks.com 886-2-7718-2750 UK infoseurope@arraynetworks.com +44 (0) 7717 153 159 To purchase Array Networks Solutions, please contact your Array Networks representative at 1-866 MY-ARRAY (692-7729) or authorized reseller. Copyright 2011 Array Networks, Inc. All rights reserved. Array Networks, the Array Networks logo, AppVelocity, NetVelocity, and SpeedCore are all trademarks of Array Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Array Networks assumes no responsibility for any inaccuracies in this document. Array Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Oct-2011 rev. a