About Me

My photo
TsooRad is a blog for John Weber. John is a Skype for Business MVP (2015-2018) - before that, a Lync Server MVP (2010-2014). My day job is titled "Technical Lead, MS UC" - I work with an awesome group of people at CDW, LLC. I’ve been at this gig in one fashion or another since 1988 - starting with desktops (remember Z-248’s?) and now I am in Portland, Oregon. I focus on collaboration and infrastructure. This means Exchange of all flavors, Skype, LCS/OCS/Lync, Windows, business process, and learning new stuff. I have a variety of interests - some of which may rear their ugly head in this forum. I have a variety of certifications dating back to Novell CNE and working up through the Microsoft MCP stack to MCITP multiple times. FWIW, I am on my third career - ex-USMC, retired US Army. I have a fancy MBA. One of these days, I intend to start teaching. The opinions expressed on this blog are mine and mine alone.

2016/06/17

Array Networks vAPV Review

Have you looked at the Lync Server/Skype for Business Server Open Interoperability Program (OIP)  and wondered who some of the qualified providers are?  I know I have.  And then with the advent of virtualization a few years back, I started to ponder whether or not a vendor who is qualified on the hardware list but not on the VM list would function the same.

For the last two months I have been putting the Array Networks vAPV through it’s paces.  For the above reason, I have the virtual edition rather than the physical appliance.  Just so we are on a level playing field, I have been working with this right here. Array has been on the OIP since the Lync 2010 days, and the qualified firmware version for the appliance is 8.x.  The vAPV with which I have been working is 8.5.1.6. I also have a running version of APV.8.6.0.14.  Gee, lots of periods there!

image

One of the things I have discovered is that Array is aimed a tad higher up the food chain than the SMB market.  This is not a bad thing, it just is.  In fact, I can easily make a case for this being a great thing. Price-wise, I would say that they are very competitive even for the SMB customer. Picture a company that is a bit above the SMB space, but below the “enterprise” space.  The needs are the same -  in fact even an SMB can have enterprise needs.  Array Networks has feature set in spades.  Very comprehensive – including some I had not thought were useful until I played with them.

Feature Set

Market-speak

:

The vAPV runs as an entry, small, medium or large virtual application delivery controller on Array’s AVX virtualized appliance to flexibly enable on-demand, full-featured load balancing and application delivery with guaranteed performance.

More Array Networks market speak: 

Local server load balancing, as well as both global server load balancing (GSLB)and link load balancing (LLB) ensure application uptime in the event that servers, ISP links, network segments or data centers become overburdened or unresponsive.

Upfront, this is the list of features that are available:

image

Specifications may be important to you also.  The capacity ramps up quickly – and you can see where I say that the APV is aimed at a higher market segment than the SMB (however, my previous comments still hold).

image

If you don’t like virtual load balancers, then guess what?  There is a range of physicals as indicated.  Bon appetit!  Bottom line, you need to read through this Array Networks information to get the full list of things the vAPV (or APV) can do for you.

What about me?

Well, what about me?  You’ve read the marketing material, I have presented some opinions, but what did I experience during the install and configuration and operation of the vAPV?

Installation

Because I am using VMWare workstation for my lab, I had to convert the OVA download into vmdx format.  No biggie once you have done it.  Here is the list of supported hypervisors.

image

Once that was done, there is a defined install guide that walks through the initial base configuration and then it is on to the good stuff.  Simple.  Worked first time through. What could be better?

In my time with this exercise I screwed up the entire mess.  So the support engineer had me check a box and restart.  The end result is that the box recovered with the previous known good.  So nice.

image

Speed

Speed is not an issue here.  The web UI is very snappy. Content delivery was noticeably faster than competing products.  I like that – I have zero patience for slow stuff when the resources are not being overtaxed and something is slow just because.  Array does not seem to have that problem.  Fast fast fast.  Did I mention content delivery was zippy?  And it got better with compression enabled.  I like it.  “nuff said.

Configuration

One of the issues administrators run into is configuration.  Sometimes just reading the documentation is enough, sometimes formal classroom training is almost a prerequisite to success.  The vAPV fits somewhere in between the two extremes.  Getting into the GUI and poking around was easy enough, and seeing the basic administrative function was clear also.  At that point, neither of my brain cells could figure out what was needed.  Maybe I am just a bit dense.

Luckily, there is this built-in “quick start” feature where there is an outline of the steps needed to do tasks.

image

But still, Array has so much to offer that the granularity gets in the way of the KISS method I like.  Even when using the list shown above, I was at a loss to divine the steps to get things working.  See below for “SUPPORT.”  Configuration will be much like using an AlphabetNumber product.

For you CLI types, Array also supports a full CLI that will allow you to script your configuration and work that way.

VS and Reals and Groups

Here is what we need Mr. vAPV to do for us:

image

Granular is the word of the day here.  Think of each service you need for your system.  You will need by IP by port.  So, 1.1.1.71:443 is NOT the same as 1.1.1.71:8080 – each of those needs to be separate.  And the common name is going to need to be unique also.  <sigh>  Each of these services, just for a DNSLB setup in SfB required the following.  Yes, I have my SE web services going through here also as I wanted to play with the content redirects.  Figure out your naming convention per layer before you start.

image

After you make the real servers up, you then need to lump them into groups.  Reals into groups; groups into virtual services.  Think ahead.  Maybe some UML work might be in order before you start?  Oh yes, you cannot put TCP reals into an HTTP group and hence an HTTP service.  Or, at least I could not figure out a way to do so.

image

Once you get past the real server and group setup, then you need to worry about the virtual services.  For my environment, here is what I came up with.

image

Logs

The APV has logs everywhere.  Which is right handy at times. For instance, you can drill into a group, and down at the bottom there are some basic stats listed for that group.

image

Included in the unusual plethora of admin tools is a copy of the running configuration for you CLI afficianados. And to get you really into it, the display is separated into startup config and running config.  So nice.

Monitoring of the entire mess gets granular as well.  Statistics exist for every layer of the construction.

image

Graphs?

Are you visually oriented?  You want pretty pictures to show that your virtually shiny appliance is in fact doing something?  Well, APV has you covered.

imageimage

And you can choose from the following pre-defined graphs…notice how the pre-defined collection has our configured real, virtual, and policy connections listed.  *I* did not do that – the system saved me my lunch break.

imageimage

You can also make your own definitions.  I put this beauty together in about 30 seconds. Such an artist am I.

image

Content Redirects

Near and dear to my heart is content redirects.  Not every customer of mine has entire class B subnets to work with in their public space – so we try to conserve IPV4 space as much as possible. If you read the link there, you will note that there was syntax involved, and you had to know what you wanted before you started.  Not a problem for ME…might be for an un-initiated hard-charging techie.  APV has you covered here also.  The content re-direct policy stuff in the vAPV was done on the fly, with no syntax needed other than knowing the called URL from the client perspective.  Sa-WEEET!  What you see here took about 10 minutes from start to finish.

image

Routing

Would you like to route stuff around your network?  Would you like some content to go via certain routes?  APV has you covered

(I just realized I have been using that phrase a lot.  But, in truth, APV does have all the bases covered, and then some.  Every time I look at it, there is more to appreciate.  Simply a very well done product that is continuing to evolve and get better.)

Adelante!

There is more in that networking section (basic and advanced) than my little pea-brain comprehends, but I showed this to a few networky-techy-nerd buddies, and then had to clean up drool from the monitor.  Their excitement over the possibilities was palpable.

image

Compression

Would you like some of your content delivery to get compressed and some not?  FWIW, this makes OWA 2016 pop on screen rather than ooze up there. As in a LOT faster.  I did not measure as I have no facility to do accurate measurements – Array claims 500% improvement over non-compressed.  I don’t know about that, but I know OWA flies up on screen.  OOS and OWAS scream into being rather than just oozing.  According to my setup, there has been an “87% compression ratio of compressible data” – whatever that works out into improvement percentage I do not know.  But seat-of-the-pants – mucho mejor.

IPv6 support – NAT64

When enabled, the APV can translate ipv6 to ipv4.  Or ipv4 to ipv6. You can’t mix the two in a group, but you can have both inside and both outside – you just can’t mix the group. I can think where this will come in handy down the road just a bit as (supposedly) the IPV4 pool is now exhausted.

SSL

Yes Matilda, the vAPV does SSL.  My configuration is decrypting and inspecting, then re-encrypting and sending to the real servers.  All faster than you can type about it.  The certificate import process was easy as it took .cer format directly.  I had some moments with the configuration, but read below in “support”  - we got through it.  After having it explained to me in kindergarten terms, even I grasped the simplicity (when you think about it) of how the SSL is handled.

image

image

image

 

Support

Take a look at the wealth of deployment guides here.  The only problem I see on the deployment guide page is that the Lync 2013 guide is for the full load balance solution, whereas I only deploy in that fashion when I am pushed into a corner for some business or technical reason – otherwise I am going to advocate and deploy DNSLB.  In working with Array support engineers, I am told that the SfB documentation will include both methods.

I had some difficulties due to the extreme levels of granularity of the APV. My friendly (he never cursed at me – not even once!)(and I gave him plenty of reasons – there are times I am just stupid beyond belief…) support engineer showed me how to get multiple ports into the virtual service so that you could theoretically define a real service with port 0 and then create virtual services with any ports you want.  so if you had some generic needs, like RPC Endpoint mapper and port 80, you could handle that with one assembly.  Not the most obvious solution set, but when you look at the granularity model, it makes sense.

So they get a frowny, a smiley, AND a straighty.

Sad smileSmileDisappointed smile

I will reiterate, even in the midst of my personal issues, my assigned Array Networks support engineer was extremely helpful and patient. I am not the easiest person to coexist with; whoever that guy is deserves a medal.  If the rest of the folks at Array are anywhere close to this guy, it speaks well for them as a company/staff.

The SfB / Lync Connection

I would not be doing this homework if it was not for wanting to make my customer’s Skype deployments better.  That’s the bottom line.  After configuring the APV as shown above to match the environment shown below, SfB was happy as can be.  Internal and external web services were flawless. No issues.  OWAS as mentioned popped up on screen.  LWA worked perfectly.  Mobile clients went tearing through. I saw no issues whatsoever – let alone anything that could be attributed to the compression.  Web services with the compression were “seat of the pants” faster.

lab

The Array Networks installation/deployment guide does a fine job of laying out the requirements and the “how to” part of the vAPV deployment to support Lync/SfB.  I have not yet had the chance to convert to a full load balance solution (nor do I really want to), but I would imagine that the results would be the same.

Conclusion

Let’s face it.  If you have an organization that is big enough, or perhaps small but needing the services of a load balancer – be it application delivery or just simple reverse proxy, then almost anything will work.  However; should you want to control the beast, and use your deployment for something other than just a one off, you need something more sophisticated.  As your traffic load grows and expands to cover more than just one workload, the underlying network devices become more and more important.  Enter Array Networks. The Array vAPV (and the physical APV for that matter) presents some very interesting feature sets for discussion.  Do you want simple or do you want granular control?  Are you willing to accept some sluggish performance or do you want screen-popping speed? Local load balancing is needed and you want global load balancing options for the future? If you went the caviar route on those questions, then Array Networks needs examination.

For a load balancer/application controller that offers a great feature set, is granular (seriously granular!), along with being wicked fast, then Array networks vAPV should be on your short list. 

You can get your very own vAPV here.

YMMV

No comments:

O365 Exchange Voice Mail–Oracle

I have been informed, by a source that I deem to be about 75-80% reliable, that Oracle will not be participating in gymkhana that is the 3rd...