Create and configure an Azure load balancer

In this lab, you will create an internal load balancer for the fictional Exceedlabs Ltd organization.

The steps to create an internal load balancer, are very similar to those you have already learned about in this module, to create a public load balancer. The key difference is that with a public load balancer the front end is accessed via a public IP address, and you test connectivity from a host which is located outside your virtual network; whereas, with an internal load balancer, the front end is a private IP address inside your virtual network, and you test connectivity from a host inside the same network.

The diagram below illustrates the environment you will be deploying in this lab.

In this lab, you will:

• Task 1: Create the virtual network
• Task 2: Create backend servers
• Task 3: Create the load balancer
• Task 4: Create load balancer resources
• Task 5: Test the load balancer

Prerequisites for this labs : Azure Account / Download Labs Files here

Task 1: Create the virtual network

In this section, you will create a virtual network and a subnet.

• Log in to the Azure portal.

On the Azure portal home page, navigate to the Global Search bar and search Virtual Networks and select virtual networks under services.

Select Create on the Virtual networks page.

• On the Basics tab, use the information in the table below to create the virtual network.

Setting	Value
Subscription	Select your subscription
Resource group	Select Create new Name: Int-exceedlabs-LB-RG
Name	Int-exceedlabs-LB-VNet
Region	(US) East US

• Click Next : IP Addresses.
• On the IP Addresses tab, in the IPv4 address space box, remove the default and type 10.1.0.0/16.
• On the IP Addresses tab, select + Add subnet.
• In the Add subnet pane, provide a subnet name of exceedlabsBackendSubnet, and a subnet address range of 10.1.0.0/24.
• Click Add.
• Click Add subnet, provide a subnet name of exceedlabsFrontEndSubnet, and a subnet address range of 10.1.2.0/24. Click Add
• Click Next : Security.
• Under BastionHost select Enable, then enter the information from the table below.

Setting	Value
Bastion name	exceedlabsBastionHost
AzureBastionSubnet address space	10.1.1.0/24
Public IP address	Select Create new Name: exceedlabsBastionIP

• Click Review + create.

• Click Create.

Task 2: Create backend servers

In this section, you will create three VMs, that will be in the same availability set, for the backend pool of the load balancer, add the VMs to the backend pool, and then install IIS on the three VMs to test the load balancer.

• In the Azure portal, open the PowerShell session within the Cloud Shell pane.
• In the toolbar of the Cloud Shell pane, click the Upload/Download files icon, in the drop-down menu, click Upload and upload the following files azuredeploy.json, azuredeploy.parameters.vm1.json, azuredeploy.parameters.vm2.json and azuredeploy.parameters.vm3.json into the Cloud Shell home directory.
• Deploy the following ARM templates to create the virtual network, subnets, and VMs needed for this exercise:

code

$RGName = "Int-exceedlabs-LB-RG"
   
New-AzResourceGroupDeployment -ResourceGroupName $RGName -TemplateFile azuredeploy.json -TemplateParameterFile azuredeploy.parameters.vm1.json

New-AzResourceGroupDeployment -ResourceGroupName $RGName -TemplateFile azuredeploy.json -TemplateParameterFile azuredeploy.parameters.vm2.json

New-AzResourceGroupDeployment -ResourceGroupName $RGName -TemplateFile azuredeploy.json -TemplateParameterFile azuredeploy.parameters.vm3.json

Task 3: Create the load balancer

In this section, you will create an internal Standard SKU load balancer. The reason we are creating a Standard SKU load balancer here in the exercise, instead of a Basic SKU load balance, is for later exercises that require a Standard SKU version of the load balancer.

• On the Azure portal home page, click Create a resource.
• In the search box at the top of the page, type Load Balancer, then press Enter (Note: do not select one from the list).
• On the results page, locate and select Load Balancer (the one that says ‘Microsoft’ and ‘Azure Service’ under the name).

Click Create.

• On the Basics tab, use the information in the table below to create the load balancer.

Setting	Value
Subscription	Select your subscription
Resource group	Int-exceedlabs-LB-RG
Name	exceedlabsIntLoadBalancer
Region	(US) East US
Type	Internal
SKU	Standard

• Click Next: Frontend IP configurations.
• Click Add a frontend IP
• On the Add frontend IP address blade, enter the information from the table below.

Setting	Value
Name	LoadBalancerFrontEnd
Virtual network	Int-exceedlabs-LB-VNet
Subnet	exceedlabsFrontEndSubnet
Assignment	Dynamic

• Click Review + create.

• Click Create.

Task 4: Create load balancer resources

In this section, you will configure load balancer settings for a backend address pool, then create a health probe and a load balancer rule.

Create a backend pool and add VMs to the backend pool

The backend address pool contains the IP addresses of the virtual NICs connected to the load balancer.

• On the Azure portal home page, click All resources, then click on exceedlabsIntLoadBalancer from the resources list.
• Under Settings, select Backend pools, and then click Add.

• On the Add backend pool page, enter the information from the table below.

Setting	Value
Name	exceedlabsBackendPool
Virtual network	Int-exceedlabs-LB-VNet

• Under Virtual machines, click Add.

Select the checkboxes for all 3 VMs (exceedlabsVM1, exceedlabsVM2, and exceedlabsVM3), then click Add.

Click Add.

Create a health probe

The load balancer monitors the status of your app with a health probe. The health probe adds or removes VMs from the load balancer based on their response to health checks. Here you will create a health probe to monitor the health of the VMs.

• Under Settings, click Health probes, then click Add.

• On the Add health probe page, enter the information from the table below.

Setting	Value
Name	exceedlabsHealthProbe
Protocol	HTTP
Port	80
Path	/
Interval	15
Unhealthy threshold	2

Click Add.

Create a load balancer rule

A load balancer rule is used to define how traffic is distributed to the VMs. You define the frontend IP configuration for the incoming traffic and the backend IP pool to receive the traffic. The source and destination port are defined in the rule. Here you will create a load balancer rule.

• From the Backend pools page of your load balancer, under Settings, click Load balancing rules, then click Add.

• On the Add load balancing rule page, enter the information from the table below.

Setting	Value
Name	exceedlabsHTTPRule
IP Version	IPv4
Frontend IP address	LoadBalancerFrontEnd
Protocol	TCP
Port	80
Backend port	80
Backend pool	exceedlabsBackendPool
Health probe	exceedlabsHealthProbe
Session persistence	None
Idle timeout (minutes)	15
Floating IP	Disabled

• Click Add.

Task 5: Test the load balancer

In this section, you will create a test VM, and then test the load balancer.

Create test VM

• On the Azure portal home page, click Create a resource, then Compute, then select Virtual machine (if this resource type is not listed on the page, use the search box at the top of the page to search for it and select it).
• On the Create a virtual machine page, on the Basics tab, use the information in the table below to create the first VM.

Setting	Value
Subscription	Select your subscription
Resource group	Int-exceedlabs-LB-RG
Virtual machine name	exceedlabsTestVM
Region	(US) East US
Availability options	No infrastructure redundancy required
Image	Windows Server 2019 Datacenter – Gen 1
Size	Standard_DS2_v3 – 2 vcpu, 8 GiB memory
Username	TestUser
Password	TestPa$$w0rd!
Confirm password	TestPa$$w0rd!

• Click Next : Disks, then click Next : Networking.
• On the Networking tab, use the information in the table below to configure networking settings.

Setting	Value
Virtual network	Int-exceedlabs-LB-VNet
Subnet	exceedlabsBackendSubnet
Public IP	Change to None
NIC network security group	Advanced
Configure network security group	Select the existing exceedlabsNSG
Place this virtual machine behind an existing load balancing solution?	Off (unchecked)

• Click Review + create.

• Click Create.
• Wait for this last VM to be deployed before moving forward with the next task.

Connect to the test VM to test the load balancer

• On the Azure portal home page, click All resources, then click on exceedlabsIntLoadBalancer from the resources list.
• On the Overview page, make a note of the Private IP address, or copy it to the clipboard. Note: you may need to select See more in order to see the Private IP address field.

• Click Home, then on the Azure portal home page, click All resources, then click on the exceedlabsTestVM virtual machine that you just created.
• On the Overview page, select Connect, then Bastion.
• Click Use Bastion.
• In the Username box, type TestUser and in the Password box, type TestPa$$w0rd!, then click Connect.

• The exceedlabsTestVM window will open in another browser tab.
• If a Networks pane appears, click Yes.
• Click the Internet Explorer icon in the task bar to open the web browser.
• Click OK on the Set up Internet Explorer 11 dialog box.
• Enter (or paste) the Private IP address (e.g. 10.1.2.4) from the previous step into the address bar of the browser and press Enter.
• The default web home page of the IIS Web server is displayed in the browser window. One of the three virtual machines in the backend pool will respond.

If you click the refresh button in the browser a few times, you will see that the response comes randomly from the different VMs in the backend pool of the internal load balancer.

Reminder: Don’t forget to delete or shutdown all unused Azure resources after your labs for cost saving