Configure Microsoft Azure load balancers

Topics

Before you begin

Have the following available before configuring a Microsoft Azure load balancer for Access Gateway.

  • A previously configured Access Gateway high availability cluster with at least one worker.
  • Internal IP addresses for all Access Gateway cluster members including admin node.
  • VPC(s) being used by the Access Gateway cluster.
  • The external domain for the load balancer. For example oag-external.com.
  • Credentials for your DNS Service provider to create required CNAME entries.

To configure a Microsoft Azure load balancer

Connect to the Microsoft Azure portal and configure basic load balancer settings

  1. Open a browser to Microsoft Azure portal at https://portal.azure.com.
  2. Sign in to the portal.
  3. Under Azure services, click Create a resource.
  4. In the search bar enter Load Balancer. From the list select Load Balancer.  The Load Balancer page will display.
  5. Click Create.
  6. In the Create Load Balancer pane specify the following:

    Field

    Value

    Resource Group

    The name of the Access Gateway resource group. for example AccessGateway.

    Name

    An appropriate name such as AccessGatewayExternalLB.

    Region

    Select the region which hosts Access Gateway nodes.

    Type

    Public

    Sku

    Standard
    Note Load balancers created using the Basic sku will work but do not support health probes using HTTPS/443.

    Public IP Address

    Create new

    Public IP address name

    Associated external name. For example www.externalfacingdomain.com.

    Assignment

    Static

  7. Click Next:Tags.
  8. Enter any relevant tags and click Next: Review and Create.
    The Load balancer will be created. This could take several minutes.
  9. Connect to the Microsoft Azure portal and configure basic settings.

Create backend pool

Backend Pools specify the instances of Access Gateway being fronted by the load balancer.

  1. Click the name of the load balancer.
  2. In the Settings section click Backend Pools.
  3. Click the plus sign to add a new backend pool.
  4. Specify the following:

    Field

    Value

    Name

    An appropriate name such as AccessGatewayLBBackendPool.

    Virtual network

    From the dropdown select the virtual network containing the Access Gateway instances.

    IP Version

    Ensure IPV4 is selected.

    Associated to

    Virtual machines

  5. Click Add. The new virtual machines dialog will display.
  6. Select each Access Gateway node which should be used by the load balancer.
  7. When complete click Add.
  8. Click Save.

Configure health probes

Load Balancers must be able to tell the health of the instances they interact with.
To configure health probes:

  1. Click the name of the load balancer.
  2. In the Settings section click Health Probes.
  3. Click the plus sign to add a health probe.
  4. Specify the following:

    Field

    Value

    Name

    An appropriate name such as AccessGatewayLBHealthProbe.

    Protocol

    HTTPS

    Port

    443

    Path

    /

    Interval

    20

    Unhealthy threshold

    2

  5. Click Add. The new health probe will be created.
Important Note

Important

Microsoft Azure load balancer probes determine health based on a return code of 200. Access Gateway will return a code of 400 by default. An no-auth application can be created to return a 200 result as described in the next section.

Create no-auth applications

For each high availability node, we will create a no-auth application associated with the private IP address. These applications return a value of 200 on success. 200 is the default HTTP return code for a healthy instance.
  1. Return to or open a browser to the Access Gateway Admin UI console.
  2. Select the Applications tab.
  3. For each IP address create an associated application:
    1. Click Add.
    2. select no-auth.
    3. In the Essentials tab specify:
      FieldValue
      NameAn appropriate name for the application, such as LBHealth-Admin. Where the name suffix distinguishes the application from other health monitoring applications.
      Public DomainEnter the associated IP address.
      GroupsEveryone
    4. Click Next. The Attributes tab will open.
    5. Click Next. The Policies tab will open.
    6. Click Done.

Enable session affinity

Load balancers must specify session affinity, or as it is often referred to sticky sessions.
Microsoft Azure specifies sticky sessions using a load balancer rule.

To configure session affinity.

  1. Return to the Microsoft Azure portal.
  2. Click the name of the load balancer.
  3. Click Load Balancing rules.
  4. Click the plus sign to add a new load balancer rule.
  5. Specify the following:

    Field

    Value

    Name

    An appropriate name such as SessionAffinityRule.

    IP Version

    IPV4

    Front end address

    Leave unchanged.

    Port

    443

    Back end port

    443

    Backend poolName of previously created pool.

    Health probe

    Previously created health probe.

    Session persistence

    Client IP

Register load balancer with DNS service provider


Steps to associate a load balancer with DNS will vary by DNS provider.
  1. In the Microsoft Azure console, click Home and then under Recent resources, click the name of the load balancer just created.
  2. In the essentials pane click View frontend IP configuration.
  3. Note the front end IP address of the load balancer.
  4. Connect to your DNS Service provider and add a CNAME record mapping the front end IP address to
    the external name.
    For example: CNAME host: www.[your external name], target: front end ip address.
  5. Return to the MS Azure console.

Test

Load Balancers can be tested using a header based application.
Complete this section if an application does not already exist for www.[external domain].com.

  1. Return to the or sign in to the Access Gateway Admin UI console.
  2. Select the Applications tab.
  3. Click Add.
  4. Select Sample Header.
  5. In the Essentials tab specify the following:
    FieldValue
    NameAn appropriate name for the application, such as Load Balancer Header Test
    Public Domainwww.[external domain]. For example www.oag-external.com.
    GroupsEveryone
  6. Click Next. The Attributes tab will open.
  7. Click Next. The Policies tab will open.
  8. Click Done.
  9. Open a new browser or an Chrome incognito window.
  10. Enter the URL associated with the application.
  11. The Access Gateway sample header app page should display.

See Also