Before configuring a load balancer to connect to the Office Communications Server 2007 R2 Enterprise pool, you must configure the following:

• A static IP address for servers within your pool.
  
  
• For each server within the pool, a certificate issued for server authentication by a certification authority in the pools local domain.
  
  
• A virtual IP (VIP) address and a DNS record for the load balancer.
  
  
• Test users created and SIP-enabled in the pool.
  
  
• Install root certificate from the certification authority (CA) in the domain (or trusted CA) on client computers.
  
  
• Log on to all servers in the pool using TLS to ensure certificates are working.
  
  

A load balancer for the Office Communications Server 2007 R2 Enterprise pool must meet the following requirements:

• Must expose a VIP Address through ARP (Address Resolution Protocol).
  
  
• The VIP must have a single DNS entry, called Pool FQDN.
  
  
• The VIP must be a static IP address.
  
  
• Must allow multiple ports to be opened on the same VIP. Specifically, it must expose the ports described in the following table.
  
  

  Ports Required	Port Use
  5060	SIP communication over TCP.
  5061	SIP communication over TLS.
  135	To move users from a pool and other remote DCOM-based operations.
  443	HTTPS traffic to the pool URLs.
  444	Communication between the focus (Office Communications Server 2007 R2 component that manages conference state) and the conferencing servers.
  5065	SIP listening requests for Application Sharing.
  5069	Monitoring Server.
  5071	SIP listening requests for Response Group Service.
  5072	SIP listening requests for Conferencing Attendant.
  5073	SIP listening requests for Conferencing Announcement Server.
  5074	SIP listening requests for Outside Voice Control.
  8404	TLS (remoting over MTLS) listening for inter-server communications for Response Group Service.

• The load balancer must provide TCP-level affinity. This means that the load balancer must ensure that TCP connections can be established with one Office Communications Server 2007 R2 in the pool and all traffic on that connection destined for that same Office Communications Server 2007 R2.
  
  
• The load balancer must provide a configurable TCP idle-timeout interval with a maximum value greater than or equal to the minimum of the REGISTER refresh or SIP Keep-Alive interval of 30 minutes.
  
  
• The load balancer should support a rich set of metrics (round robin, least connections, weighted, and so forth). A weighted least connections-based load balancing mechanism is recommended for the load balancer. This means that the load balancer will rank all Office Communications Servers 2007 R2 based on the weight assigned to them and the number of outstanding connections. This rank will then be used to pick the Office Communications Server 2007 R2 to be used for the next connection request.
  
  
• The load balancer must be able to detect Office Communications Server 2007 R2 availability by establishing TCP connections to either port 5060 (SIP over TCP), 5061 (SIP over TLS), and 444 (conferencing over HTTPS), depending on which is active (often called a heartbeat or monitor). The polling interval must be a configurable value with a minimum value of at least five seconds. The load balancer must not select an Office Communications Server 2007 R2 that shuts down until a successful TCP connection (heartbeat) can be established again.
  
  
• Every Office Communications Server 2007 R2 must have exactly one network adapter. Multihoming an Office Communications Server 2007 R2 is not supported.
  
  
• The network adapter must have exactly one static IP address. This IP address will be used for the incoming load-balanced traffic.
  
  
• The computer must have a registered FQDN. The IP address registered for this FQDN must be publicly accessible from within the enterprise.
  
  
• The load balancer must allow for adding and removing servers to the pool without shutting down.
  
  
• The load balancer must be NAT (network address translation) capable.
  
  

When you configure the load balancer, you need to request the relevant network and DNS administrator for a VIP (virtual IP) address for the load balancer, as well as a static IP address for every server that you plan to deploy in the Enterprise pool.

Most load balancers can be configured to operate in either Secure Network Address Translation (SNAT) mode or Destination Network Address Translation (DNAT) mode. With SNAT, both the source and IP destinations are changed as a TCP request passes through the Load Balancer. With DNAT, only the destination IP address is changed and the source IP address is passed through intact.

Destination network address translation (DNAT) is not supported for load balancing of an Enterprise pool or Communicator Web Access, but both DNAT and source network address translation (SNAT) are supported for load balancing of Edge Servers and HTTP The issues with DNAT are related to inter-server communication within a pool (specifically, members of a pool trying to connect to their own VIP), which will fail in a DNAT configuration. For details about load balancing pools, see Enterprise Editionin the Planning and Architecture documentation. For details about load balancing Edge Servers, see External User Access Componentsin the Planning and Architecture documentation. For details about load balancing Communicator Web Access, see Communicator Web Access Supportin the Planning and Architecture documentation. For details about Directors, see Director Componentin the Supported Topologies and Infrastructure Requirements documentation. For details about load balancing support in Office Communications Server 2007 R2, see Environmental Requirementsin the Supported Topologies and Infrastructure Requirements documentation.

Also, Direct Server Return is a third variant of NAT. Direct Server Return is not supported.