Brief Introduction to Azure VMware Solution
In this article, I will be discussing and highlighting how we can leverage and integrate Azure Native Cloud services such as Azure Application Gateway (AAG) with VMware based workload that are hosted in Azure VMware Solution (AVS). I will then provide step by step instructions on how AAG can be integrated with AVS and how it can load balance workloads sitting right inside AVS Virtual Machines.
Before we dive into the details around the integration piece of Azure Application Gateway (AAG) with AVS VMs, let's touch briefly on what AVS actually is and how workloads can be migrated and run in AVS.
What is Azure VMware Solution?
Azure VMware Solution (AVS) is a VMware Software Defined Data Center (SDDC) based solution; sold, operated, managed, and supported by Microsoft. As a first-class citizen to Microsoft Azure, Azure VMware Solutions (AVS) is available in the Azure portal as any other Azure Native service offerings.
Leveraging AVS, VMware and Microsoft customers can build, run, operate, manage, and protect vSphere-based workloads natively in Azure environments in an Azure Private Cloud Infrastructure. Customers can seamlessly move workloads from/to their data centers to/from AVS. Customers can continue leveraging their existing investment in VMware product portfolio, employee skill sets and consistent workload operations, management and security in the AVS.
Running workloads in AVS environment
With AVS, you get the same industry leading technology and SDDC stack that you love and run in your on-premises environment. When you deploy your Azure Private Cloud Infrastructure in Azure, you get VMware Cloud Foundation (VCF) composed of vSphere (for compute), vSAN (for Storage) and NSX-T (for Networking).
Once the Azure Private Cloud Infrastructure is deployed, you can continue running the VMs and workloads in the same way as you would in your on-premises environment. Using VMware HCX (Advanced version) which comes for free with AVS, you can then start migrating your workloads to AVS without requiring any downtime.
Depending upon your application profile and uptime requirements, your workloads can be migrated live, warm or cold, giving choice and flexibility to the customers for their workload migration and placements. As per our experience, many customers have been able to fulfill their Cloud first mandate leveraging AVS and HCX in record time, reducing costs and risks associated with it, and cutting down the migration times from many months to mere few weeks.
Azure VMware Solution (AVS) and Azure Native Cloud Services
All of these Azure native cloud services are highly available, resilient and available to customers on a pay as you go (on demand) model to the customers. Integrating these Azure services with AVS is very simple and convenient and can be done from the same Azure portal or API interfaces. With proximity to these services and low latency and high bandwidth connections, our customers can build a plethora of modern applications that are tightly integrated with Azure Native Cloud services and the VMware workloads sitting in AVS.
For the purpose of this article, we'll be integrating AVS workloads with Azure Application Gateway.
Load Balancing Azure VMware Solution workloads with Azure Application Gateway
Azure Application Gateway (AAG) is a web traffic load balancer that provides an Azure-managed HTTP load-balancing solution based on layer-7 load balancing. The AAG service is highly available and metered. As with all Azure Services, AAG sits adjacent to AVS workloads with high bandwidth low latency network connection. This means applications and services hosted in AVS can be integrated tightly with AAG and make use of all of its cloud native load balancing feature sets.
You can add and remove backend targets from your load balancer as your needs change without disrupting the overall flow of requests to your application. As traffic to your application changes over time, AAG scales your load balancer – with the vast majority of workloads scaled automatically. You can also configure health checks for AAG so the load balancer only sends requests to healthy targets.
Below are few of the benefits of using AAG as an application load balancers for AVS worloads:
- AAG as a managed cloud service, is by design, a highly available service with redundancy for failure built in.
- Customers can provision an AAG and start consuming this service in an on-demand/pay-as-you-go model.
- Cloud load balancing with AAG ensures maximum throughput in minimum response time, resulting in high-performing applications that can handle sudden traffic spikes.
- AAG comes with various industry grade advanced features such as Web Application Firewall (WAF) with DDOS protection, Autoscaling, Zone redundancy, Multi-Site hosting support, URL based routing, Session Affinity, Connection Draining, SSL/TLS termination etc. All of these features can be utilized for AVS workloads as needed.
In our case, the web applications configured as backend pool, are hosted in virtual machines (VMs) residing in Azure Private Cloud Infrastructure in AVS. Below diagram shows how the traffic is routed from the users on the internet to internet facing AAG and to the web applications hosted in AVS VMs.
For the purposes of this article and for the sake of simplicity, we are not using the Web Application Firewall (WAF) feature of AAG. The requests from the users are directly routed to AAG with frontend Public IP. Once the AAG receives the traffic is evaluated, if the request is valid, it is routed to the backend pool consisting of AVS VMs.
To learn more about AAG, its features and capabilities and how it works check this link.
Now, let's dive into the details of configuring Azure Application Gateway as a load balancer for web applications in AVS VMs.
- Once you are logged in to Azure Portal, Click on "Create a resource" link on the top of the page under Azure Services section.
2. In the Search bar look for "Application Gateway" and select it from the list.
3. In Application Gateway creation page, Click on "Create" button.
4. On the displayed page, fill in appropriate details including Subscription, Resource Group, Application gateway name, Region, Tier, and so on. Since we're not using WAF capability of AAG for this article, we'll be going with "Standard V2'' as "Tier", "No" for "Auto Scaling" and "Instance count" set to 2 for the load balancer instances. I've filled my Application Gateway details as below:
5. Once all the details are properly filled, Click on Next: Frontends> Button.
6. On Frontends configuration page, select Frontend IP address type as Public, and for Public IP address field, Select existing Public IP Address or Click on Add New to create new Public IP address for AAG. We'll be selecting existing Public IP address that will get attached to this AAG.
8. Once appropriate Public IP is selected/created, click on Next: Backends > button
9. In the Backends page, click on "Add a backend pool".
10. On the Add a backend pool section, give appropriate Name for the backend pool, Choose "No" for "Add backend pool without targets" option, select "IP addresses or FQDN" in "Target Type" and add your backend web server's IP addresses in "Target" field. In this example, we're adding 3 web server's IP addresses (10.121.11.101, 10.121.11.102 and 10.121.11.103) in the "Target" field. Click on Add Once done.
11. These IP addresses for Target web servers are the VMs residing in Azure Private Cloud Infrastructure in Azure VMware Solution. The vCenter view of VMs that are configured as the target above looks like the image below.
12. Once everything looks good, Click on Next: Configuration > button.
13. Click on "Add a routing rule" button to configure Routing Rules, add required rules appropriately.
14. For "Listener Configuration", we are using a basic HTTP with a single site, so use settings as shown in the screenshot.
15. For "Backend Targets" configuration, choose the "Backend target" created in Step 10 and for "HTTP Settings", click on "Add new" to create a new "HTTP Settings".
16. On "Add Backend setting" page, select "HTTP" for "Backend protocol" and "80" for "Backend port". We'll not use keep "Additional Settings" as Disabled and other field values at default. Click "Add" when done.
17. Once new "Backend Settings" is created and selected, click on "Add".
18. Click on "Next: Tags>" to add some tags (optional).
19. In the "Tags" page, add appropriate tags for your Application Gateway. When done, click on "Next: Review + create>".
20. On the "Create application gateway" page validate all the details and click on "Create" to create the Application Gateway.
21. Once the Application Gateway is created, you'll be presented with the screen below with "Your deployment is complete". You can click on the Go to Resource button to check the resource details.
22. To test out the Application Gateway, copy the "Frontend public IP address" attached to the Application Gateway and test it out in the web browser.
23. The Frontend public IP address of this Application Gateway fetches web page as below. If we refresh the web browser, the Application Gateway sends the request to the next web server (registered as backend pool in earlier steps above) with round robin algorighm.
24. If you want to access the Application Gateway and web servers in its backend pool with DNS name, you could go ahead and configure an A records in your DNS Management console, which will make your AAG accessible in human readable form. In my case I have this Domain "knowledgeacademy.io" registered and website for "knowledgeacademy.io" hosted with Ventra IP (An Australian web hosting provider). For this example, I am demonstrating an addition of A Record called "avsappgatewaydemo.knowledgeacademy.io" in Ventra IP's DNS Management Console as shown below. 220.127.116.11 is the Public IP address of AAG in Azure.
25. In below image, you can see the AAG and Backend web servers being accessed with Domain Name rather than AAG Public IP address.
Azure Application Gateway (AAG), as a highly available and resilient native cloud load balancer, can be a good alternative to traditional load balancers when it comes to load balancing VMware based workloads in Azure VMware Solution. In this article, we discussed how virtual machines in Azure VMware Solutions (AVS), which sits adjacent to all native Azure services, can leverage Azure services such as AAG for application load balancing requirements. With this type of Azure native services integration with VMware based workloads, possibilities to create innovative hybrid cloud applications are endless. Start building your hybrid cloud applications now.
Satya is an experienced IT professional with a demonstrated history of working in the Information Technology with years of experience in multiple industry verticals. He currently works for VMware as Staff Cloud Solutions Architect. He is skilled in designing and implementing Enterprise Application Suite in Public, Private and Hybrid cloud infrastructure including AWS, VMware, VMware Cloud on AWS, Microsoft Azure, Google Cloud and the like.
Get connected with Satya: