Configure Microsoft Azure load balancers

During this task you will:

Before you begin

Ensure that you have:

  • A previously configured Access Gateway high availability cluster with at least one worker.
  • Internal IP addresses for all Access Gateway cluster members including admin node.
  • VPC(s) being used by the Access Gateway cluster.
  • The external domain for the load balancer. For example oag-external.com.
  • Credentials for your DNS Service provider to create required CNAME entries.

Steps

  1. Connect to the Microsoft Azure portal and configure basic load balancer settings:
    1. Open a browser to Microsoft Azure portal at https://portal.azure.com.
    2. Sign in to the portal.
    3. Under Azure services, click Create a resource.
    4. In the search bar, enter Load Balancer. From the list, select Load Balancer.  The Load Balancer page displays.
    5. Click Create.
    6. In the Create Load Balancer pane, specify the following:

      Field

      Value

      Resource Group

      The name of the Access Gateway resource group. for example AccessGateway.

      Name

      An appropriate name such as AccessGatewayExternalLB.

      Region

      Select the region which hosts Access Gateway nodes.

      Type

      Public

      Sku

      Standard
      Note Load balancers created using the Basic sku will work but do not support health probes using HTTPS/443.

      Public IP Address

      Create new

      Public IP address name

      Associated external name. For example www.externalfacingdomain.com.

      Assignment

      Static

      Availability Zone

      Select an appropriate availability zone.

    7. Click Next:Tags.
    8. Enter any relevant tags and click Next: Review and Create.
      The load balancer is created. This could take several minutes.
    9. Connect to the Microsoft Azure portal and configure basic settings.
  2. Create a back-end pool
    Back-end pools specify the instances of Access Gateway being fronted by the load balancer.
    1. Click the name of the load balancer.
    2. In the Settings section, click Backend Pools.
    3. Click the Add to add a new back-end pool.
    4. Specify the following:

      Field

      Value

      Name

      An appropriate name such as AccessGatewayLBBackendPool.

      Virtual network

      From the drop-down box, select the virtual network containing the Access Gateway instances.

      IP Version

      Ensure IPV4 is selected.

      Associated to

      Virtual machines

    5. Click Add. The new virtual machines dialog will display.
    6. Select each Access Gateway node that should be used by the load balancer.
    7. Click Add.
    8. Click Save.
  3. Configure health probes
    Load balancers must be able to tell the health of the instances they interact with.
    1. Click the name of the load balancer.
    2. In the Settings section, click Health Probes.
    3. Click the Add to add a health probe.
    4. Specify the following:

      Field

      Value

      Name

      An appropriate name such as AccessGatewayLBHealthProbe.

      Protocol

      HTTPS

      Port

      443

      Path

      /

      Interval

      20

      Unhealthy threshold

      2

    5. Click Add. The new health probe is created.

    Microsoft Azure load balancer probes determine health based on a return code of 200. Access Gateway returns a code of 400 by default. An no-auth application can be created to return a 200 result as described in the next section.

  4. Create no-auth applications

      For each high availability node, create a no-auth application associated with the private IP address. These applications return a value of 200 on success. 200 is the default HTTP return code for a healthy instance.

      1. Return to or open a browser to the Access Gateway Admin UI console.
      2. Select the Applications tab.
      3. For each IP address, create an associated application:
        1. Click Add.
        2. Select No-auth.
        3. In the Essentials tab, specify:
          FieldValue
          NameAn appropriate name for the application, such as LBHealth-Admin, where the suffix distinguishes the application from other health monitoring applications.
          Public DomainEnter the associated public IP address.

          Protected Web Resource

          Leave unchanged as initially populated by wizard.

          GroupsEveryone
        4. Click Next. The Attributes tab opens.
        5. Click Next. The Policies tab opens.
        6. Click Done.
  5. Enable session affinity
    Load balancers must specify session affinity, or as it is often referred to sticky sessions.
    Microsoft Azure specifies sticky sessions using a load balancer rule.
    1. Return to the Microsoft Azure portal.
    2. Click the name of the load balancer.
    3. Click Load Balancing rules.
    4. Click the Add to add a new load balancer rule.
    5. Specify the following:

      Field

      Value

      Name

      An appropriate name, such as SessionAffinityRule.

      IP Version

      IPV4

      Front end address

      Leave unchanged.

      Port

      443

      Back end port

      443

      Backend poolName of previously created pool.

      Health probe

      Previously created health probe.

      Session persistence

      Client IP

  6. Register load balancer with DNS service provider:
    Steps to associate a load balancer with DNS will vary by DNS provider.
    1. In the Microsoft Azure console, click Home and then under Recent resources, click the name of the load balancer just created.
    2. In the Essentials pane, click View frontend IP configuration.
    3. Note the front end IP address of the load balancer.
    4. Connect to your DNS Service provider and add a CNAME record mapping the front end IP address to
      the external name.
      For example, CNAME host: www.[your external name], target: front end ip address.
    5. Return to the MS Azure console.
  7. Test
    1. Return to or sign in to the Access Gateway Admin UI console.
    2. Select the Applications tab.
    3. Click Add.
    4. Select Sample Header.
    5. In the Essentials tab, specify the following:
      FieldValue
      NameAn appropriate name for the application, such as Load Balancer Header Test
      Public Domainwww.[external domain]. For example www.oag-external.com.
      GroupsEveryone
    6. Click Next. The Attributes tab will open.
    7. Click Next. The Policies tab will open.
    8. Click Done.
    9. Open a new browser or an Chrome incognito window.
    10. Enter the URL associated with the application.
    11. The Access Gateway sample header app page should display.

Related resources

About load balancers