Configure Microsoft Azure load balancers
Configure a Microsoft Azure load balancer.
- Connect to the Microsoft Azure portal and configure basic load balancer settings
- Create back-end pool
- Configure health probes
- Create no-auth applications
- Enable session affinity
- Register load balancer with DNS service provider
- Test
Before you begin
Ensure that you have:
- An Access Gateway high availability cluster with at least one worker.
- Internal IP addresses for all Access Gateway cluster members including the admin node.
- The Virtual Private Clouds (VPCs) used by the Access Gateway cluster.
- The external domain for the load balancer (for example, oag-external.com).
- Credentials for your DNS service provider to create required CNAME entries.
Steps
- Connect to the Microsoft Azure portal and configure basic load balancer settings:
- Open the Microsoft Azure portal (https://portal.azure.com) in a browser.
- Sign in to the portal.
- Under Azure services, click Create a resource.
- In the search bar, enter Load Balancer. From the list, select Load Balancer.
- Click Create.
- In the Create Load Balancer pane, specify the following:
Field
Value
Resource Group
The name of the Access Gateway resource group (for example, AccessGateway).
Name
A name for the balancer (for example, AccessGatewayExternalLB).
Region
Select the region that hosts the Access Gateway nodes.
Type
Public
Sku
Standard
While you can create load balancers that use the Basic Sku, those load balancers don't support health probes using HTTPS/443.
Public IP Address
Create new
Public IP address name
Associated external name (for example, www.externalfacingdomain.com).
Assignment
Static
Availability Zone
Select an appropriate availability zone.
- Click Next:Tags.
- Enter any relevant tags. Click Next: Review and Create. The load balancer is created. This could take several minutes.
- Connect to the Microsoft Azure portal and configure basic settings.
-
Create a back-end pool. Back-end pools specify the instances of Access Gateway that the load balancer acts as a front end for.
- Click the name of the load balancer.
- In the Settings section, click Backend Pools.
- Click the Add to add a new back-end pool.
- Specify the following:
Field
Value
Name
A name for the pool (for example, AccessGatewayLBBackendPool).
Virtual network
From the dropdown, select the virtual network that contains the Access Gateway instances.
IP Version
Select IPV4.
Associated to
Virtual machines
- Click Add.
- Select each Access Gateway node that the load balancer should use.
- Click Add.
- Click Save.
-
Configure health probes. Load balancers must be able to tell the health of the instances they interact with.
- Click the name of the load balancer.
- In the Settings section, click Health Probes.
- Click Add to add a health probe.
- Specify the following information for the new probe:
Field
Value
Name
A name (for example, AccessGatewayLBHealthProbe).
Protocol HTTPS
Port
443
Path
/
Interval
20
Unhealthy threshold
2
- Click Add. A health probe is created.
Microsoft Azure load balancer probes determine health based on a return code of 200. Access Gateway returns a code of 400 by default. A no-auth application can be created to return a 200 result as described in the next section.
- Create no-auth applications.
- Return to or open a browser to the Access Gateway Admin UI console.
- Select the Applications tab.
- For each IP address, create an associated application:
- Click Add.
- Select No-auth.
- In the Essentials tab, specify:
Field Value Name An appropriate name for the application, such as LBHealth-Admin, where the suffix distinguishes the application from other health monitoring applications. Public Domain Enter the associated public IP address. Protected Web Resource
Leave unchanged as initially populated by wizard.
Groups Everyone - Click Next. The Attributes tab opens.
- Click Next. The Policies tab opens.
- Click Done.
For each high availability node, create a no-auth application associated with the private IP address. These applications return a value of 200 on success. 200 is the default HTTP return code for a healthy instance.
- Enable session affinity.
Load balancers must specify session affinity, which is also referred to as sticky sessions. Microsoft Azure specifies sticky sessions using a load balancer rule.
- Return to the Microsoft Azure portal.
- Click the name of the load balancer.
- Click Load Balancing rules.
- Click Add to create a load balancer rule.
- Specify the following values for the load balancer rule:
Field
Value
Name
A name for the rule (for example, SessionAffinityRule).
IP Version IPV4
Front end address
Leave unchanged.
Port
443
Back end port 443
Backend pool Name of previously created pool. Health probe
Name of previously created health probe.
Session persistence
Client IP
- Register load balancer with DNS service provider. The following steps to associate a load balancer with DNS may vary by DNS provider:
- In the Microsoft Azure console, click Home. Under Recent resources, click the name of the load balancer.
- In the Essentials pane, click View frontend IP configuration.
- Note the front-end IP address of the load balancer.
- Connect to your DNS Service provider and add a CNAME record mapping the front-end IP address to the external name. For example: CNAME host: www.[your external name], target: front-end IP address.
- Return to the Azure console.
- Test
- Return to or sign in to the Access Gateway Admin UI console.
- Select the Applications tab.
- Click Add.
- Select Sample Header.
- In the Essentials tab, specify the following:
Field Value Name A name for the application (for example, Load Balancer Header Test). Public Domain www.[external domain] (for example, www.oag-external.com) Groups Everyone - Click Next.
- Click Next.
- Click Done.
- Open a new browser or an incognito (private browsing) window.
- Enter the URL associated with the application.
- The Access Gateway sample app page should display.