Case Studies Archive Search Case Studies

Document Management Company Rescues Large Deployment Using F5 Solution for Exchange Server 2010

When a large document management company tried to migrate 140,000 users from Exchange Server 2003 to Exchange Server 2010, its existing Cisco ACE load balancers brought the Exchange environment to a standstill. The company immediately replaced them with F5 high-performance VIPRION devices. VIPRION handles the company’s immediate performance requirements and scales to support growth.

Business Challenges

 

Ask any business person if they could survive without email and the answer is likely to be an emphatic “no.” Today, a reliable messaging system—email, calendaring, contacts—is an essential, if not mission-critical, business productivity tool for companies of every size, especially this global document management company with 140,000 employees in 160 countries. For years, the company had relied on Microsoft Exchange Server 2003 as its corporate messaging solution.

After acquiring a large services firm in 2009, the company faced the challenge of consolidating the two organizations’ messaging systems; the plan was to upgrade the entire company to Exchange Server 2010. With two separate email infrastructures, scheduling meetings or even sending email was a challenge for all employees. Consolidating the existing infrastructures would give every employee an email address with a common domain name as well as full access to all employee contacts and calendar information.

To support this massive consolidation and migration project, the company’s IT group built a new infrastructure in its primary and backup data centers, about 1,200 miles apart. Load balancing functionality was a critical component of the new infrastructure—something Microsoft recommends for all Exchange Server 2010 installations of substantial size.

The company initially chose a Cisco ACE solution to front-end the Microsoft Forefront Threat Management Gateway (TMG) and Client Access Server (CAS) components of the Exchange Server 2010 deployment. But after migrating less than a quarter of users’ mailboxes, the project came to an abrupt halt as the ACE systems reached maximum capacity and began to fail. “The situation was critical. It wasn’t just a matter of slow performance; thousands of users could not access their email, calendar, or contact information at all,” says the company’s IT manager. “We had executives in both companies who were not able to communicate with each other.”

Several factors played into the stoppage. First, Exchange Server 2010 with Outlook Anywhere gives users the benefit of ActiveSync, and full Internet access to email, calendar, and contacts without using a VPN. But to provide these advanced, high productivity features, Exchange Server 2010 must open 7 to 10 network connections per user session—far more than the number typically seen with Exchange Server 2003. To serve 140,000 users, then, the infrastructure needed to support nearly one and a half million concurrent connections.

Secondly, the number of employees using personal laptops, smartphones, and tablets to access the network had grown over the years, and many users were simultaneously logging in to email on multiple devices. “We needed capacity to support 2-3 million concurrent connections—it was just an insane amount of traffic compared to what we had experienced previously,” says the IT manager.

Finally, to improve security through data encryption, many browsers and applications—including Exchange Server 2010—now require the use of 2048-bit key length for SSL certificates. And although 2048 bits is only double the size of the previous standard (1024 bits), it can take up to five times more CPU cycles for the load balancers to process 2048-bit SSL transactions.

The Cisco ACE load balancers were rated to handle 1 million concurrent connections but only 7,500 1024-bit SSL transactions. “It was obvious that with the increased number of network connections, the load of 2048-bit encryption, and the rise in mobile device usage, we were already overrunning the hardware capabilities after migrating only 30,000 users,” says the IT manager. He adds that the ACE systems couldn’t handle some of the advanced session persistence settings that Exchange Server 2010 requires, which decreased performance further. “One or two servers in the farm were taking the brunt of the traffic while others were doing nothing.”

“F5’s VIPRION solution was the best choice for our Exchange Server 2010 environment; there was simply nothing else that could compete with its performance or scalability.” IT Manager

Solution

 

With many employees unable to use email for days at a time, the Exchange Server migration project shot to the top of IT’s priorities list. “We needed to find a solution quickly that could handle the enormous immediate traffic load and also be highly scalable to meet anticipated growth,” says the IT manager. “Running up against this kind of performance wall in the future was just not an option.”

The company soon learned it couldn’t solve the issue by adding more ACE systems. “We would have had to replace the existing systems with a high-end chassis-based system, which would’ve been complex, expensive, and time consuming,” That’s when the company turned to other networking vendors, among them, F5, Juniper, A10, and Brocade.

F5 proposed a BIG-IP Local Traffic Manager (LTM) solution running on the F5 chassis-based VIPRION 2400 platform, designed to deliver the most compute-intensive applications and be scalable on demand. Offloading SSL and traffic compression processing, BIG-IP LTM reduces the load on application servers by up to 30 percent, improves page load time, and cuts bandwidth utilization. What’s more, F5 works extensively with its technology partner Microsoft to deliver the best possible technology and deployment guidance, ensuring that Exchange Server 2010 deployments are highly available, scalable, and secure. Deployment time can be significantly reduced by using F5 iApps, a feature of the BIG-IP system that includes a customized template for deploying Exchange Server with all of the associated security, acceleration, and traffic management settings.

“Some vendors we approached flat out told us, ‘We don’t have anything that can handle this kind of traffic volume,’” says the IT manager. “That’s when it became clear to us that F5’s VIPRION solution was the best choice for our Exchange Server 2010 environment; there was simply nothing else that could compete with its performance and scalability.”

In mid-August 2012, F5 and its gold-certified partner CentricsIT worked together to deploy a pair each of VIPRION 2400 devices in the company’s primary and backup data centers. The devices are currently configured with two blades each and have room for two additional blades. “Originally, the customer approached F5 about just managing traffic to the TMG servers, but once they learned about the capabilities of VIPRION, they realized F5 could support three environments: the TMG servers, the CAS servers, and a third tier that we created to allow internal users to bypass the TMG servers,” says F5’s field systems engineer.

Benefits

 

In addition to enabling the company to get its Exchange Server migration project back online quickly, the F5 solution delivers ample performance and scalability to meet the company’s growing needs for the next five years.

Rapid deployment at a crucial time

F5 and CentricsIT delivered the high-performance solution in record time. Within days of the company contacting F5 about a solution, both companies had field systems engineers on site working around the clock to solve the performance issues.

“F5 and CentricsIT were fantastic. F5 had equipment shipped and installed on site before we even had an approved purchase order,” say the IT manager. “Together, these companies did an outstanding job configuring the solution and taking our in-house engineers through the internal operating procedures. They also got us quickly through the user acceptance testing because they were able to do the necessary customizations on the spot.”

F5 iApps contributed significantly to the rapid deployment by providing a blueprint for all the required Exchange Server settings. Total time from installation to deployment in production was about 30 days, and the company was on track to migrate all 140,000 users by the end of the calendar year.

Over the top performance

A quick deployment would have been meaningless without the ability to meet the company’s demanding performance requirements. The VIPRION 2400 devices configured with two blades each are rated to handle 300,000 layer 7 connections per second and 20,000 2048-bit SSL transactions per second.

“Truthfully, had our requirements been as modest as we originally expected, the VIPRION solution would have been overkill; we would have used only a fraction of the level of performance VIPRION is capable of delivering,” says the IT manager. “With our revised traffic demands, however, I don’t see how we could have solved this problem without VIPRION.” In fact, the VIPRION solution is performing so well that the company is also using it to manage traffic to its SharePoint Server environment across two data centers.

The session persistence that F5 BIG-IP and VIPRION products provide is a critical feature that could easily be underestimated. “For an application like Exchange Server, it’s critical that the traffic management solution be able to persist user sessions on the same server, otherwise traffic to the servers becomes very unbalanced,” says the IT manager. OneConnect, a feature of the BIG-IP system, improves web application performance and decreases server load by reducing the concurrent connections and the connection rate on backend servers.

On-demand scalability

VIPRION was a good choice because the company can add blades easily as its user base grows. “We didn’t want to be a year or two down the road and have to redesign the entire infrastructure to meet our growing needs—much less, spend the additional money, which would have been significant,” says the IT manager.

“With VIPRION, we don’t have to worry about how we’re going to scale to meet growing user demand; we have plenty of room to add more blades,” the IT manager continues. “Even though Exchange and SharePoint are network-intensive applications, we’d be hard pressed to overrun VIPRION’s capacity in the next five years.”