- The 45+ best Black Friday phone deals 2024: Sales on iPhones, Samsung, and more
- I recommend this 15-inch MacBook Air to most people, and it's $255 off for Black Friday
- The 40+ best Black Friday PlayStation 5 deals 2024: Deals available now
- Traditional EDR won't cut it: why you need zero trust endpoint security
- This futuristic espresso machine could be a great gift for your family -- and it's $500 off for Black Friday
Integrating Azure Application Gateway for Load Balancing workloads in AVS (Step by Step Guide) – VMware Cloud Community
With Azure VMware Solution (AVS), now available globally in Microsoft Azure as a native Azure Cloud offering from Microsoft, customers around the globe can enjoy the same world class industry leading VMware technologies in Azure cloud.
In this article, I will be discussing and highlighting how we can leverage and integrate Azure Native Cloud services such as Azure Application Gateway (AAG) with VMware based workload that are hosted in Azure VMware Solution (AVS). I will then provide step by step instructions on how AAG can be integrated with AVS and how it can load balance workloads sitting right inside AVS Virtual Machines. Before we dive into the details around the integration piece of Azure Application Gateway (AAG) with AVS VMs, let’s touch briefly on what AVS actually is and how workloads can be migrated and run in AVS.
Brief Introduction to Azure VMware Solution
Azure VMware Solution (AVS) is a VMware Software Defined Data Center (SDDC) based solution; sold, operated, managed and supported by Microsoft. As a first-class citizen to Microsoft Azure, Azure VMware Solutions (AVS) is available in Azure portal as any other Azure Native service offerings. With AVS, VMware and Microsoft customers can build, run, operate, manage and protect vSphere-based workloads natively in Azure environments in an Azure Private Cloud Infrastructure. Customers can seamlessly move workloads from/to their data centers to/from AVS. Customers can continue leveraging their existing investment in VMware product portfolio, employee skill sets and consistent workload operations, management and security in the AVS.
Picture Source: Microsoft Azure VMware Solutions Documentation
Running workloads in AVS environment
With AVS, you get the same industry leading technology and SDDC stack that you love and run in your on-premises environment. When you deploy your Azure Private Cloud Infrastructure in Azure, you get VMware Cloud Foundation (VCF) composed of vSphere (for compute), vSAN (for Storage) and NSX-T (for Networking). Once the Azure Private Cloud Infrastructure is deployed, you can continue running the VMs and workloads in the same way as you would in your on-premises environment. Using VMware HCX (Advanced version) which comes for free with AVS, you can then start migrating your workloads to AVS without requiring any downtime.
Depending upon your application profile and uptime requirements, your workloads can be migrated live, warm or cold, giving choice and flexibility to the customers for their workload migration and placements. As per our experience, many customers have been able to fulfil their Cloud first mandate leveraging AVS and HCX in record time, reducing costs and risks associated with it, and cutting down the migration times from many months to mere few weeks.
Azure VMware Solution (AVS) and Azure Native Cloud Services
One of the major value propositions of running VMware workloads in Azure VMware Solution is its adjacency to Azure Native Cloud Services such as Azure Blob Storage, Azure SQL, Azure Application Gateway, Azure File Services and so on.
All of these Azure native cloud services are highly available, resilient and available to customers on a pay as you go (on demand) model to the customers. Integrating these Azure services with AVS is very simple and convenient and can be done from the same Azure portal or API interfaces. With proximity to these services and low latency and high bandwidth connections, our customers can build a plethora of modern applications that are tightly integrated with Azure Native Cloud services and the VMware workloads sitting in AVS.
For the purpose of this blog, we’ll be integrating AVS workloads with Azure Application Gateway.
Integrating Azure Application Gateway (AAG) with AVS for load balancing
Azure Application Gateway is a web traffic load balancer that provides an Azure-managed HTTP load-balancing solution based on layer-7 load balancing. The AAG service is highly available and metered. As with all Azure Services, AAG sits adjacent to AVS workloads with high bandwidth low latency network connection. This means applications and services hosted in AVS can be integrated tightly with AAG and make use of all of its cloud native load balancing feature sets.
You can add and remove backend targets from your load balancer as your needs change without disrupting the overall flow of requests to your application. As traffic to your application changes over time, AAG scales your load balancer – with the vast majority of workloads scaled automatically. You can also configure health checks for AAG so the load balancer only sends requests to healthy targets.
Below are few of the benefits of using AAG as an application load balancers for AVS workloads:
- AAG as a managed cloud service, is by design, a highly available service with redundancy for failure built in.
- Customers can provision an AAG and start consuming this service in an on-demand/pay-as-you-go model.
- Cloud load balancing with AAG ensures maximum throughput in minimum response time, resulting in high-performing applications that can handle sudden traffic spikes.
- AAG comes with various industry grade advanced features such as Web Application Firewall (WAF) with DDOS protection, Autoscaling, Zone redundancy, Multi-Site hosting support, URL based routing, Session Affinity, Connection Draining, SSL/TLS termination etc. All of these features can be utilized for AVS workloads as needed.
In our case, the web applications configured as backend pool, are hosted in virtual machines (VMs) residing in Azure Private Cloud Infrastructure in AVS. Below diagram shows how the traffic is routed from the users on the internet to internet facing AAG and to the web applications hosted in AVS VMs
Picture source: Microsoft Azure VMware Solution Documentation
For the purposes of this blog and for the sake of simplicity, we are not using the Web Application Firewall (WAF) feature of AAG. The requests from the users are directly routed to AAG with frontend Public IP. Once the AAG receives the traffic is evaluated, if the request is valid, it is routed to the backend pool consisting of AVS VMs.
To learn more about AAG, its features and capabilities and how it works check this link.
Now, let’s dive into the details of configuring Azure Application Gateway as a load balancer for web applications in AVS VMs.
.1. Once you are logged in to Azure Portal, Click on “Create a resource” link on the top of the page under Azure Services section.
2. In the Search bar look for “Application Gateway” and select it from the list.
3. In Application Gateway creation page, Click on “Create” button
4. On the displayed page, fill in appropriate details including Subscription, Resource Group, Application gateway name, Region, Tier and so on. Since we’re not using WAF capability of AAG for this blog, we’ll be going with “Standard V2” as “Tier”, “No” for “Auto Scaling” and “Instance count” set to 2 for the load balancer instances. I’ve filled my Application Gateway details as below:
5. Once all the details are properly filled, Click on Next: Frontends> Button
6. On Frontends configuration page, select Frontend IP address type as Public, and for Public IP address field, click on Add New. We’ll be adding a new Public IP address that will get attached to this AAG.
7. In “Add a Public IP” section, provide appropriate Name for the Public IP address and click OK.
8. Once the new Public IP is created, click on Next: Backends > button
9. In the Backends page, click on Add a backend pool
10. On the Add a backend pool section, give appropriate Name for the backend pool, Choose No for “Add backend pool without targets” option, select “IP addresses or FQDN” in “Target Type” and add your backend web server’s IP addresses in “Target” field. In this example, we’re adding 2 web server’s IP addresses (192.168.91.200 and 192.168.91.201) in the “Target” field. Click on Add Once done.
11. These IP addresses for Target web servers are the VMs residing in Azure Private Cloud Infrastructure in AVS. The vCenter view of VMs that are configured as the target above looks like the image below.
12. Once everything looks good, Click on Next: Configuration > button
13. Click on “Add a routing rule” button to configure Routing Rules, add required rules appropriately.
14. For “Listener Configuration”, we are using a basic HTTP with a single site, so use settings as shown in the screenshot.
15. For “Backend Targets” configuration, choose the “Backend target” created in Step 10 and for “HTTP Settings”, click on “Add new” to create a new “HTTP Settings”.
16. On “Add a HTTP setting”, select “HTTP” for “Backend protocol” and “80” for “Backend port”. We’ll not use keep “Additional Settings” as Disabled and other field values at default. Click “Add” when done.
17. Once new “HTTP Settings” is created and selected, click on “Add”.
18. Click on “Next: Tags>” to add some tags (optional).
19. In the “Tags” page, add appropriate tags for your Application Gateway. When done, click on “Next: Review + create>”.
20. On the “Create application gateway” page validate all the details and click on “Create” to create the Application Gateway.
21. Once the Application Gateway is created, you’ll be presented with the screen below with “Your deployment is complete”. You can click on the Application Gateway URL to check the resource details.
22. To test out the Application Gateway, copy the “Frontend public IP address” attached to the Application Gateway and test it out in the web browser.
23. The Frontend public IP address of this Application Gateway fetches web page as below. If we refresh the web browser, the Application Gateway sends the request to the next web server (registered as backend pool in earlier steps above).
Conclusion
Azure Application Gateway (AAG), as a highly available and resilient native cloud load balancer, can be a good alternative to traditional load balancers when it comes to load balancing VMware based workloads. In this blog, we discussed how virtual machines in Azure VMware Solutions (AVS), which sits adjacent to all native Azure services, can leverage Azure services such as AAG for application load balancing requirements. With this type of Azure native services integration with VMware based workloads, possibilities to create innovative hybrid cloud applications are endless. Start building your hybrid cloud applications now.
Learn More
Looking to better understand VMware’s unique approach to multi-cloud architecture? Get the definitive guide here.
References
Microsoft Azure VMware Solution Documentation
Microsoft Azure Application Gateway Documentation
Microsoft Azure VMware Solutions Regional Availability