Loadbalancer for backend Services secured with SSL

Question

Hi All,

We have load balancer in the back end pool we have added 2 VM's, on these VM's we have the services are running with https.

in this scenarios using load balacner is correct implementation? does this works.

Answer 1

Hello @Amar-Azure-Practice

Azure Load Balancer is a Layer 4 network balancer, can balance TCP and UDP traffic and doesn't support SSL offloading.
If you want to implement load balancing between your 2 VM's at the application layer(HTTPS), use Application Gateway.
https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-ssl-portal

Answer 2

Load balancer will forward all requests to your 2 VMs to 443 TCP port.
Then, you should handle SSL/TLS traffic on both VMs (e.g. your application should listen https and terminate SSL/TLS). Thus, both VMs should host the same SSL certificates.
In case Layer 4 balancer (Azure Load Balancer) session will be encrypted with SSL and forwarded to your VMs where you should terminate it.
In case Layer 7 balancer (Azure Application Gateway) session can be terminated directly on balancer and forwarded unencrypted to your VMs based on some headers, etc.
So you should find right way for your case

Answer 3

Hi Andriy

thank you so much for quick response.

We have configured security certificate on the services running on VM's.

and these VM's were added as backend pool in the Load balancer (Layer-4) load balancer.

client application calls the load balacner endpoint with the certificate, Then Load balacner should call the backend service.

Is this configuration work?

Answer 4

Hi Andriy

Thanks a lot for details explanation.

For my scenario I have explained above Load balancer with HTTPS will not work.

We have to use the Application Gateway for this scenario.