Azure HA Configuration Load Balancing Help

Brad 61 Reputation points
2021-06-07T09:07:02.467+00:00

Hi,

I'm planning a move to Azure for one of our production environments and currently building a proof of concept with my VS Credits. My goal is to implement HA as my predecessor didn't implement on our on-prem env.

The server uses IIS and window services that listen for traffic externally. Unfortunately, the windows services that accept traffic are not DNS resolved but IIS is. The server also has a SQL DB.

I've created two VMs in an Availability Zone. I've configured an ILB with two frontend IPs. One IP has a rule for the SQL Listener and another as a generic IP using HA Ports for all other traffic. The HA Port will be reached by other internal servers. Both Rules use a Health Probe to route traffic to 59999 - Active/Passive Setup. Due to the age of this product and the type of traffic it receives I’m unsure if I can break this product out to n-tier to have active active but I will try that after a basic configuration.

My goal is to achieve 99.99% and when we move to Azure, we will use Azure FW so I can potentially see this as viable? But I’ve become stuck as now that I’ve built this, I realise I cannot route external traffic to the ILB without a FW or NVA which will wipe out my credits.

My questions are - as an Azure newbie are below.

1) To complete my POC, I'm thinking I can use a ILB for SQL AG. For the external traffic, run a ELB with a bunch of LB Rules for Web and the custom windows services externally. Going to give this a go now but maybe there’s a better way?

2) My plan regarding two frontend IPs and two rules (SQL Listener and one HA Ports) on the ILB sharing the same health probe with an Azure FW when we move to production. Is that best practise? Or again, is there a better way?

Appreciate any help as always!

Many Thanks,

Brad

Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
432 questions
0 comments No comments
{count} votes

Accepted answer
  1. TravisCragg-MSFT 5,681 Reputation points Microsoft Employee
    2021-06-17T02:59:19.807+00:00

    Hello @Brad ,

    If you are new to Azure, there are some best practices and documentation you should review before you continue.

    First, make sure to keep your SQL server & IIS server off of the OS drive. Put them on data drives (not the temp drive D:/) is the best practice in Azure.

    Depending upon your SQL & IIS load, you might also want to consider running SQL & IIS on different VMs. I know this will double your VM need to 4 VMs, but it might be necessary for performance depending upon the load. You can also check out Azure SQL DB!. Here is a great doc about Azure SQL server on VM best practices.

    To begin, Here is a how-to article about setting up an Always on Availability Group for SQL on Azure VMs. This can be a complicated process and has a lot of limits in what you can do inside Azure, so I highly recommend following and beginning with this doc.

    For your 2nd question, This is a setup that you can do, but keep in mind that Azure Firewall creates an asymmetric routing issue, and Here is a doc that describes how to integrate an Azure Load Balancer with an Azure firewall. I would highly recommend reading the azure sql docs for more info on best practices. Here is also a great Azure Architecture center doc around generalized web applications using Azure SQL.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.