Co-locate Application proxy connector with application server

Sir A 126 Reputation points
2021-06-24T11:00:01.82+00:00

I did not find anything about this in the App Proxy Connector docs. All it says is that Connector and application should be installed close to each other.

Has anyone co-located Connectors with application servers in this manner,

Server1: Application + App Proxy Connector
Server2: Application + App Proxy Connector

Loadbalancer that points to Server1 and Server 2.

  1. User accesses Application through external endpoint (App Proxy Service).
  2. Connector on Server1 picks up the connection and then uses the loadbalancer to forward it to application on either Server 1 or Server 2.

Will such a setup work well?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
16,654 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Siva-kumar-selvaraj 15,431 Reputation points
    2021-06-25T13:45:06.717+00:00

    Hello @Sir A ,

    Thanks for reaching out.

    I hope you are referring back-end application as multiple servers (such as server farm) on Server 1 and 2, if so then user request may end up in an infinite loop between connector and application with above manner as AAD proxy connector relay on DNS resolution which point it to backend application.

    Therefore, the best practices for load balancing among multiple app servers, When the connector group that's assigned to the Application Proxy application has two or more connectors, and you’re running the back-end web application on multiple servers (server farm), a good load-balancing strategy is required. A good strategy ensures that servers pick up client requests evenly and prevents over- or under-utilization of servers in the server farm.

    To learn more, refer : https://learn.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-high-availability-load-balancing#best-practices-for-load-balancing-among-multiple-app-servers

    **Scenarios : **

    The simplest scenario is where the back-end web application doesn’t require session stickiness (session persistence). Any request from the user can be handled by any back-end application instance in the server farm. You can use a layer 4 load balancer and configure it with no affinity

    You can Install one or more Azure AD proxy connect on individual server (server X) which is close to each back-end server (Server 1 and 2) and then create localhost or DNS entry which to point it to load balancer as shown below by this way load balancer ensures that servers pick up client requests evenly and prevents over- or under-utilization of servers in the server farm.

    109434-image.png

    Hope this helps.

    -------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments

  2. Sir A 126 Reputation points
    2021-06-25T20:30:30.963+00:00

    Thanks for replying.

    Yes, I am referring to back-end application. This is for a Remote Desktop Services solution, and I've read that some people have indeed implemented this solution, to attain best possible user experience. The solution is implemented in the following manner,

    RDS Web, RDS Gateway and App Proxy Connector are installed on Server1 and Server2
    A record for App.domain.com is created in internal DNS, which points to the IP Address of a Load Balancer
    The Load Balancer will send traffic to either Server1 or Server2
    Interal (and External) URL of the Enterprise Application associated with the AAD App Proxy is https://app.domain.com

    The flow would be like this,

    109447-appproxyconnector2.png

    1 (blue arrow) User accesses the application at https://app.domain.com
    2 (red arrows) App Proxy Connector on Server1 (or Server2) connects to the Proxy Service and downloads user data
    3 (green arrow) App Proxy Connector on Server1 contacts Load Balancer to find App.domain.com
    4. (orange arrow) Load Balancer points it to itself (Server1)
    5. App Proxy Connector retrieves data and sends it back to the App Proxy service, where the user can receieve it

    I'm curious to know, how this would end up in an infinite loop between connector and application? :)

    1 person found this answer helpful.
    0 comments No comments

  3. Sir A 126 Reputation points
    2021-06-27T22:04:43.027+00:00

    Would love to hear why the above configuration would end up in an infinite loop between connector and application? :)