The company F5 was kind enough to provide me with a demo version of the current LTM version 11.4. Many thanks at this point for the friendly support from F5. The provided demo license contains not only the loadbalancing feature, but also some other very interesting features. This article is about load balancing for now, more will follow.
I am using the same test environment for this test that I used for the Kemp environment, so the setup is described here:
https://www.frankysweb.de/?p=1684
Preparations
After deploying the VM on an ESXi host, you can get started right away. You can log in as "root" with the password "default"
The "config" command starts a wizard with which the IP address can be configured
I want to assign a static IP address, in my case it is 192.168.200.254 (due to the test environment I have to change the IP again, so don't be surprised)
and the corresponding subnet, in my case 255.255.255.0
I would also like to specify a router
In my case, this is 192.168.200.1
After the summary, you will be returned to the console. You can log out with "logout"
Now the preparations are done, 2 monitor users are created with which the function of the server can be monitored, so I create one user in the database MBDB01 and one in MBDB02. I call the users "f5monitor1" and "f5monitor2"
For the user "f5monitor2" I proceed as shown above. It should then look like this:
Now we still need a certificate for the LTM, the certificate can be issued as described here must be configured. The certificate should contain the following DNS names:
autodiscover.domain.tld
outlook.domain.tld
The certificate must now be exported so that it can be imported later on the F5. To do this, click on Export in the certificate MMC:
The private key must also be exported
The certificate can only be exported as PFX
Enter your password and the usual "Next"...
Once a storage location has been defined, the wizard can be completed
Continue via the browser. After installation, the load balancer can be accessed at https://192.168.200.254, where you can log in with the user "admin" and the password "admin"
After logging in, I first enter the demo license using the wizard
After the license key has been entered, the configuration is updated, which takes a short moment
After the license has been activated, an overview of the modules is displayed, kindly a demo license for the AFM module is also included, so that could still be exciting, I'll test it, but now I'm only interested in the LTM module.
Time to carry out the basic configuration, the wizard helps with this. I first assign an IP for the management network, this is not in the internal network. I choose 192.168.10.254, as mentioned above I change the IP of the management network here, this is because I have rebuilt my test environment in the meantime, so don't get confused, management, internal and external network should have their own subnets.
After logging in again, you can continue
I don't have an HA
For the internal network, I specify the network in which the Exchange servers are also located, since I have no VLANs in my test environment, but only different subnets, the VLANs are untagged
Some external network, I don't need that for the time being, but maybe when I test AFM, so I'll add it right away.
Configuration completed, now we import the certificate that we have previously created, under the tab "System" -> "File Management" -> "SSL Certificate List" the certificate can be uploaded. PKCS 12 IIS" must be selected as the "Import Type":
Assign a name and enter a password, then click on "Import".
The preparations have been completed, and the next step is the template.
Template
F5 offers templates for Exchange 2010 and 2013, the templates can be downloaded here:
To install the templates (don't forget to unzip them), go to the iApp -> Templates tab and click on the "Import" button on the right.
Select the template in the dialog and click on "Upload"
As soon as the template has been installed, it can be found in the template overview
We can now create a new iApp from the template via iApp -> Application Services -> "Create"
A name is assigned to the iApp and the corresponding template is selected; after a short loading time, the settings are displayed
First, the Exchange Server version is specified, in this case Exchange 2013 of course:
The previously imported certificate is now selected
In the next settings, "LAN" is selected for the setting "Will clients be connecting to this BIG-IP LTM virtual server primarily...", furthermore the setting "Where will your BIG-IP virtual servers be in relation to your Client Access Server", in this case it is set to "Same subnet...".
The next step is to configure the Virtual IP, I select 192.168.200.250 as the IP for the Virtual Service and enter my two Client Access Servers with the IPs 192.168.200.101 and 102
Now the two monitor users are used, the corresponding data is entered in the fields
For my test environment, I set the health check value to 10 seconds, but 30 seconds is fine for productive environments. Finally, I enter the FQDN and click on "Finished"
In the overview of Application Services it should now look like this, at the bottom of "FrankysWeb_Exchange2013_combined_http" it says "Unknown", this is normal, because no HTTP connections are allowed, only HTTPS:
I immediately started a small test and switched off the "Default Website" on the EX2 server, F5 LTM notices this a short time later and switches the server offline
OWA still works:
Not bad for a first test 
