Security
Reader small image

You're reading from  Learn Azure Administration - Second Edition

Product typeBook
Published inDec 2023
PublisherPackt
ISBN-139781837636112
Edition2nd Edition
Concepts
Cybersecurity
Right arrow
Author (1)
Kamil Mrzygłód
Kamil Mrzygłód
author image
Kamil Mrzygłód

Kamil Mrzygłód is a technical lead and technology advisor, working with multiple companies on designing and implementing Azure-based systems and platforms. He's a former Microsoft Azure Microsoft Most Valuable Professional (MVP) and certified trainer, who shares his knowledge via various channels, including conference speeches and open source projects and contributions. Kamil lives in Poland with his two cats and one dog, dedicating some of his time to video games, cooking, and traveling.
Read more about Kamil Mrzygłód

Right arrow

Exploring Azure Load Balancer

In the previous chapter, we discussed topics related to networking in general but didn’t focus on distributing incoming load across various Azure services. This part of this book is meant to give you a detailed overview of Azure Load Balancer – a managed solution that allows you to quickly configure how incoming network traffic should reach different parts of your infrastructure. Knowledge from this chapter will help you when you’re managing more complex infrastructure setups that require low-level load-balancing solutions and focus on raw packets.

In this chapter, we’re going to cover the following main topics:

  • Overview of Azure Load Balancer
  • Differences between public and internal load balancers
  • Delving into backend pools
  • Understanding load balancer rules
  • Comprehending health probes

Technical requirements

To perform the exercises in this chapter, you’ll need the following:

The Code in Action video for this book can be viewed at: https://packt.link/GTX9F

Overview of Azure Load Balancer

When building software or computer systems in general, you may face a problem where a single instance of your server is just not enough. You may think about scaling that server up (that is, adding more compute power to it), but every machine has its physical limits. At some point, there’s no more possibility to go up – you need to balance the load across multiple machines.

Once you deploy more machines to handle the load, a new problem arises – you have the infrastructure necessary to receive incoming traffic, but how do you point each connection to the appropriate machine? If you think about it, multiple challenges need to be overcome in such a scenario:

  • Distributing the load evenly
  • Making sure that the user is linked to a single server for the duration of their session (so-called sticky sessions)
  • Redistributing the load in case one of your machines goes down
  • Ensuring the machine responsible for distributing...

The differences between public and internal load balancers

At the very beginning of this chapter, we mentioned that you can assign both private and public IP addresses to your instance of Azure Load Balancer. Depending on your configuration, we may talk about one of two types of load balancer:

  • A public load balancer, which is used to provide outbound connections for VMs that don’t have public IP addresses themselves.
  • An internal (or private) load balancer (ILB), which is used to handle load balancing within a virtual network. This is helpful in hybrid infrastructure scenarios where on-premises infrastructure is involved as well.

Important note

An ILB can also be used in cloud-only scenarios, so there’s no need to have an on-premises setup integrated with your cloud environment.

Both types of load balancers can coexist, as shown in the following diagram:

Figure 4.1 – Two types of load balancers in the same network

Figure 4.1 – Two types of load balancers in the same network...

Delving into backend pools

To get started with backend pools (or any other components in general), we need an instance of Azure Load Balancer we can configure. To deploy it, use the following command:

az network lb create -g <resource-group-name> \
  -n <load-balancer-name> \
  --sku Basic \
  --vnet-name <vnet-name> \
  --subnet default

This command will create a load balancer and a virtual network that will integrate with it. Of course, it’s possible to create Azure Load Balancer with the existing network if you need to – in that scenario, make sure you’re passing either its name or full resource identifier with the --vnet-name parameter.

Important note

The command we’re using will only create a new virtual network if it cannot find another network with the name we provided in the same resource group.

Once created, your instance of Azure Load Balancer will already contain one front...

Understanding load balancer rules

So far, we have defined frontend and backend pools for our load balancer. Now, we need to connect those components by providing a set of rules that will tell Azure Load Balancer how to distribute the load. A rule is a simple map of values that links our frontend IP address with the set of machines defined for a given backend pool. In the upcoming sections, you’ll create a rule and configure it. We’ll also discuss more advanced topics, such as Floating IP and high-availability ports.

Creating a load balancer rule

Let’s create our first rule using the following command:

az network lb rule create \
  -g <resource-group-name> \
  --lb-name <load-balancer-name> \
  -n WebServer \
  --protocol Tcp \
  --frontend-ip LoadBalancerFrontEnd \
  --frontend-port 80 \
  --backend-pool-name SecondPool \
  --backend-port 80

The rule we’...

Comprehending health probes

Azure Load Balancer needs to know which instances of our VMs are healthy so that it can safely distribute load there. The simplest idea is to just send a request to each machine and see whether it responds within the expected time frame. Health probes are exactly such a feature – it’s an inbuilt component of Azure Load Balancer that, once configured, will automatically discover healthy instances.

Health probes have slightly different capabilities, depending on the selected stock keeping unit (SKU), which is the selected tier of our load balancer:

  • Basic SKU supports TCP and HTTP only
  • Standard SKU supports the TCP, HTTP, and HTTPS protocols

There are also different behaviors for established TCP flows once the probe is down. For the Basic SKU, once the probe fails, TCP flows to the given backend pool will be terminated. The Standard SKU load balancer is much more forgiving and will maintain a connection, assuming there’...

Summary

This chapter was dedicated to Azure Load Balancer and gave you a detailed introduction to the topic of load balancing in Azure. Remember that this service is not the only Azure component that can be used for load balancing. However, as we’re focusing on low-level infrastructure and administrative tasks in general, being familiar with the basics of Azure Load Balancer is crucial to be able to effectively manage resources in Azure. The topics that were presented in this chapter (setting up Azure Load Balancer, its configuration, health probes, and load balancing rules) will come in handy when you’re setting up IaaS-based infrastructure in your projects.

This was also the last chapter of Part 2 of this book. The next chapter will begin Part 3 – Administration of Azure Virtual Machines. Everything you’ve learned so far will be extremely important in the upcoming chapters, as lots of things related to Azure VMs are rooted in their networking components...

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 7 of 23
Next Chapter
You have been reading a chapter from
Learn Azure Administration - Second Edition
Published in: Dec 2023Publisher: PacktISBN-13: 9781837636112
© 2023 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at AU $19.99/month. Cancel anytime

Author (1)

author image
Kamil Mrzygłód

Kamil Mrzygłód is a technical lead and technology advisor, working with multiple companies on designing and implementing Azure-based systems and platforms. He's a former Microsoft Azure Microsoft Most Valuable Professional (MVP) and certified trainer, who shares his knowledge via various channels, including conference speeches and open source projects and contributions. Kamil lives in Poland with his two cats and one dog, dedicating some of his time to video games, cooking, and traveling.
Read more about Kamil Mrzygłód

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages
Automotive Cybersecurity Engineering Handbook

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages
Cloud Penetration Testing for Red Teamers

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages5
Burp Suite Cookbook

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages
Building and Automating Penetration Testing Labs in the Cloud

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages
Ethical Hacking Workshop

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages
Windows Forensics Analyst Field Guide

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages
Implementing DevSecOps Practices

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages