Configure Microsoft Azure load balancers
During this task you will:
- Connect to the Microsoft Azure portal and configure basic load balancer settings
- Create back-end pool
- Configure health probes
- Create no-auth applications
- Enable session affinity
- Register load balancer with DNS service provider
- Test
Before you begin
Ensure that you have:
- A previously configured Access Gateway high availability cluster with at least one worker.
- Internal IP addresses for all Access Gateway cluster members including admin node.
- VPC(s) being used by the Access Gateway cluster.
- The external domain for the load balancer. For example oag-external.com.
- Credentials for your DNS Service provider to create required CNAME entries.
Steps
- Connect to the Microsoft Azure portal and configure basic load balancer settings:
- Open a browser to Microsoft Azure portal at https://portal.azure.com.
- Sign in to the portal.
- Under Azure services, click Create a resource.
- In the search bar, enter Load Balancer. From the list, select Load Balancer. The Load Balancer page displays.
- Click Create.
- In the Create Load Balancer pane, specify the following:
Field
Value
Resource Group
The name of the Access Gateway resource group. for example AccessGateway.
Name
An appropriate name such as AccessGatewayExternalLB.
Region
Select the region which hosts Access Gateway nodes.
Type
Public
Sku
Standard
Note Load balancers created using the Basic sku will work but do not support health probes using HTTPS/443.Public IP Address
Create new
Public IP address name
Associated external name. For example www.externalfacingdomain.com.
Assignment
Static
Availability Zone
Select an appropriate availability zone.
- Click Next:Tags.
- Enter any relevant tags and click Next: Review and Create.
The load balancer is created. This could take several minutes. Connect to the Microsoft Azure portal and configure basic settings.
-
Create a back-end pool
Back-end pools specify the instances of Access Gateway being fronted by the load balancer.- Click the name of the load balancer.
- In the Settings section, click Backend Pools.
- Click the Add to add a new back-end pool.
- Specify the following:
Field
Value
Name
An appropriate name such as AccessGatewayLBBackendPool.
Virtual network
From the drop-down box, select the virtual network containing the Access Gateway instances.
IP Version
Ensure IPV4 is selected.
Associated to
Virtual machines
- Click Add. The new virtual machines dialog will display.
- Select each Access Gateway node that should be used by the load balancer.
- Click Add.
- Click Save.
-
Configure health probes
Load balancers must be able to tell the health of the instances they interact with.- Click the name of the load balancer.
- In the Settings section, click Health Probes.
- Click the Add to add a health probe.
- Specify the following:
Field
Value
Name
An appropriate name such as AccessGatewayLBHealthProbe.
Protocol HTTPS
Port
443
Path
/
Interval
20
Unhealthy threshold
2
- Click Add. The new health probe is created.
Microsoft Azure load balancer probes determine health based on a return code of 200. Access Gateway returns a code of 400 by default. An no-auth application can be created to return a 200 result as described in the next section.
- Create no-auth applications
- Return to or open a browser to the Access Gateway Admin UI console.
- Select the Applications tab.
- For each IP address, create an associated application:
- Click Add.
- Select No-auth.
- In the Essentials tab, specify:
Field Value Name An appropriate name for the application, such as LBHealth-Admin, where the suffix distinguishes the application from other health monitoring applications. Public Domain Enter the associated public IP address. Protected Web Resource
Leave unchanged as initially populated by wizard.
Groups Everyone - Click Next. The Attributes tab opens.
- Click Next. The Policies tab opens.
- Click Done.
For each high availability node, create a no-auth application associated with the private IP address. These applications return a value of 200 on success. 200 is the default HTTP return code for a healthy instance.
- Enable session affinity
Load balancers must specify session affinity, or as it is often referred to sticky sessions.
Microsoft Azure specifies sticky sessions using a load balancer rule.- Return to the Microsoft Azure portal.
- Click the name of the load balancer.
- Click Load Balancing rules.
- Click the Add to add a new load balancer rule.
- Specify the following:
Field
Value
Name
An appropriate name, such as SessionAffinityRule.
IP Version IPV4
Front end address
Leave unchanged.
Port
443
Back end port 443
Backend pool Name of previously created pool. Health probe
Previously created health probe.
Session persistence
Client IP
- Register load balancer with DNS service provider:
Steps to associate a load balancer with DNS will vary by DNS provider.- In the Microsoft Azure console, click Home and then under Recent resources, click the name of the load balancer just created.
- In the Essentials pane, click View frontend IP configuration.
- Note the front end IP address of the load balancer.
- Connect to your DNS Service provider and add a CNAME record mapping the front end IP address to
the external name.
For example, CNAME host: www.[your external name], target: front end ip address. - Return to the MS Azure console.
- Test
- Return to or sign in to the Access Gateway Admin UI console.
- Select the Applications tab.
- Click Add.
- Select Sample Header.
- In the Essentials tab, specify the following:
Field Value Name An appropriate name for the application, such as Load Balancer Header Test Public Domain www.[external domain]. For example www.oag-external.com. Groups Everyone - Click Next. The Attributes tab will open.
- Click Next. The Policies tab will open.
- Click Done.
- Open a new browser or an Chrome incognito window.
- Enter the URL associated with the application.
- The Access Gateway sample header app page should display.