Move Azure internal Load Balancer to another region using PowerShell

There are various scenarios in which you'd want to move your existing internal load balancer from one region to another. For example, you may want to create an internal load balancer with the same configuration for testing. You may also want to move an internal load balancer to another region as part of disaster recovery planning.

Azure internal load balancers can't be moved from one region to another. You can however, use an Azure Resource Manager template to export the existing configuration and virtual network of an internal load balancer. You can then stage the resource in another region by exporting the load balancer and virtual network to a template, modifying the parameters to match the destination region, and then deploy the templates to the new region. For more information on Resource Manager and templates, see Export resource groups to templates

Prerequisites

  • Make sure that the Azure internal load balancer is in the Azure region from which you want to move.

  • Azure internal load balancers can't be moved between regions. You'll have to associate the new load balancer to resources in the target region.

  • To export an internal load balancer configuration and deploy a template to create an internal load balancer in another region, you'll need the Network Contributor role or higher.

  • Identify the source networking layout and all the resources that you're currently using. This layout includes but isn't limited to load balancers, network security groups, virtual machines, and virtual networks.

  • Verify that your Azure subscription allows you to create internal load balancers in the target region that's used. Contact support to enable the required quota.

  • Make sure that your subscription has enough resources to support the addition of load balancers for this process. See Azure subscription and service limits, quotas, and constraints

Prepare and move

The following steps show how to prepare the internal load balancer for the move using a Resource Manager template, and move the internal load balancer configuration to the target region using Azure PowerShell. As part of this process, the virtual network configuration of the internal load balancer must be included and must be done first before moving the internal load balancer.

Note

We recommend that you use the Azure Az PowerShell module to interact with Azure. See Install Azure PowerShell to get started. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.

Export the virtual network template and deploy from Azure PowerShell

  1. Sign in to your Azure subscription with the Connect-AzAccount command and follow the on-screen directions:

    Connect-AzAccount
    
  2. Obtain the resource ID of the virtual network you want to move to the target region and place it in a variable using Get-AzVirtualNetwork:

    $sourceVNETID = (Get-AzVirtualNetwork -Name <source-virtual-network-name> -ResourceGroupName <source-resource-group-name>).Id
    
    
  3. Export the source virtual network to a .json file into the directory where you execute the command Export-AzResourceGroup:

    Export-AzResourceGroup -ResourceGroupName <source-resource-group-name> -Resource $sourceVNETID -IncludeParameterDefaultValue
    
  4. The file downloaded will be named after the resource group the resource was exported from. Locate the file that was exported from the command named <resource-group-name>.json and open it in an editor of your choice:

    notepad.exe <source-resource-group-name>.json
    
  5. To edit the parameter of the virtual network name, change the property defaultValue of the source virtual network name to the name of your target virtual network, ensure the name is in quotes:

        "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentmyResourceGroupVNET.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "virtualNetworks_myVNET1_name": {
        "defaultValue": "<target-virtual-network-name>",
        "type": "String"
        }
    
  6. To edit the target region where the VNET will be moved, change the location property under resources:

    "resources": [
                {
                    "type": "Microsoft.Network/virtualNetworks",
                    "apiVersion": "2019-06-01",
                    "name": "[parameters('virtualNetworks_myVNET1_name')]",
                    "location": "<target-region>",
                    "properties": {
                        "provisioningState": "Succeeded",
                        "resourceGuid": "6e2652be-35ac-4e68-8c70-621b9ec87dcb",
                        "addressSpace": {
                            "addressPrefixes": [
                                "10.0.0.0/16"
                            ]
                        },
    
    
  7. To obtain region location codes, you can use the Azure PowerShell cmdlet Get-AzLocation by running the following command:

    
    Get-AzLocation | format-table
    
    
  8. You can also change other parameters in the <resource-group-name>.json file if you choose, and are optional depending on your requirements:

    • Address Space - The address space of the VNET can be altered before saving by modifying the resources > addressSpace section and changing the addressPrefixes property in the <resource-group-name>.json file:

              "resources": [
                  {
                  "type": "Microsoft.Network/virtualNetworks",
                  "apiVersion": "2019-06-01",
                  "name": "[parameters('virtualNetworks_myVNET1_name')]",
                  "location": "<target-region",
                  "properties": {
                  "provisioningState": "Succeeded",
                  "resourceGuid": "6e2652be-35ac-4e68-8c70-621b9ec87dcb",
                  "addressSpace": {
                      "addressPrefixes": [
                      "10.0.0.0/16"
                      ]
                  },
      
      
    • Subnet - The subnet name and the subnet address space can be changed or added to by modifying the subnets section of the <resource-group-name>.json file. The name of the subnet can be changed by altering the name property. The subnet address space can be changed by altering the addressPrefix property in the <resource-group-name>.json file:

              "subnets": [
                  {
                  "name": "subnet-1",
                  "etag": "W/\"d9f6e6d6-2c15-4f7c-b01f-bed40f748dea\"",
                  "properties": {
                  "provisioningState": "Succeeded",
                  "addressPrefix": "10.0.0.0/24",
                  "delegations": [],
                  "privateEndpointNetworkPolicies": "Enabled",
                  "privateLinkServiceNetworkPolicies": "Enabled"
                  }
                  },
                  {
                  "name": "GatewaySubnet",
                  "etag": "W/\"d9f6e6d6-2c15-4f7c-b01f-bed40f748dea\"",
                  "properties": {
                  "provisioningState": "Succeeded",
                  "addressPrefix": "10.0.1.0/29",
                  "serviceEndpoints": [],
                  "delegations": [],
                  "privateEndpointNetworkPolicies": "Enabled",
                  "privateLinkServiceNetworkPolicies": "Enabled"
                  }
                  }
      
              ]
      

      In the <resource-group-name>.json file, to change the address prefix, it must be edited in two places, the section listed above and the type section listed below. Change the addressPrefix property to match the one above:

       "type": "Microsoft.Network/virtualNetworks/subnets",
         "apiVersion": "2019-06-01",
         "name": "[concat(parameters('virtualNetworks_myVNET1_name'), '/GatewaySubnet')]",
            "dependsOn": [
               "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworks_myVNET1_name'))]"
                 ],
            "properties": {
               "provisioningState": "Succeeded",
               "addressPrefix": "10.0.1.0/29",
               "serviceEndpoints": [],
               "delegations": [],
               "privateEndpointNetworkPolicies": "Enabled",
               "privateLinkServiceNetworkPolicies": "Enabled"
                }
               },
                {
                "type": "Microsoft.Network/virtualNetworks/subnets",
                "apiVersion": "2019-06-01",
                "name": "[concat(parameters('virtualNetworks_myVNET1_name'), '/subnet-1')]",
                   "dependsOn": [
                      "[resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworks_myVNET1_name'))]"
                        ],
                   "properties": {
                      "provisioningState": "Succeeded",
                      "addressPrefix": "10.0.0.0/24",
                      "delegations": [],
                      "privateEndpointNetworkPolicies": "Enabled",
                      "privateLinkServiceNetworkPolicies": "Enabled"
                       }
                }
       ]
      
  9. Save the <resource-group-name>.json file.

  10. Create a resource group in the target region for the target VNET to be deployed using New-AzResourceGroup

    New-AzResourceGroup -Name <target-resource-group-name> -location <target-region>
    
  11. Deploy the edited <resource-group-name>.json file to the resource group created in the previous step using New-AzResourceGroupDeployment:

    
    New-AzResourceGroupDeployment -ResourceGroupName <target-resource-group-name> -TemplateFile <source-resource-group-name>.json
    
    
  12. To verify the resources were created in the target region, use Get-AzResourceGroup and Get-AzVirtualNetwork:

    
    Get-AzResourceGroup -Name <target-resource-group-name>
    
    
    
    Get-AzVirtualNetwork -Name <target-virtual-network-name> -ResourceGroupName <target-resource-group-name>
    
    

Export the internal load balancer template and deploy from Azure PowerShell

  1. Sign in to your Azure subscription with the Connect-AzAccount command and follow the on-screen directions:

    Connect-AzAccount
    
  2. Obtain the resource ID of the internal load balancer you want to move to the target region and place it in a variable using Get-AzLoadBalancer:

    $sourceIntLBID = (Get-AzLoadBalancer -Name <source-internal-lb-name> -ResourceGroupName <source-resource-group-name>).Id
    
    
  3. Export the source internal load balancer configuration to a .json file into the directory where you execute the command Export-AzResourceGroup:

    Export-AzResourceGroup -ResourceGroupName <source-resource-group-name> -Resource $sourceIntLBID -IncludeParameterDefaultValue
    
  4. The file downloaded will be named after the resource group the resource was exported from. Locate the file that was exported from the command named <resource-group-name>.json and open it in an editor of your choice:

    notepad.exe <source-resource-group-name>.json
    
  5. To edit the parameter of the internal load balancer name, change the property defaultValue of the source internal load balancer name to the name of your target internal load balancer, ensure the name is in quotes:

         "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
         "contentVersion": "1.0.0.0",
         "parameters": {
            "loadBalancers_myLoadBalancer_name": {
            "defaultValue": "<target-external-lb-name>",
            "type": "String"
             },
            "virtualNetworks_myVNET2_externalid": {
             "defaultValue": "<target-vnet-resource-ID>",
             "type": "String"
             }
    
  6. To edit value of the target virtual network that was moved above, you must first obtain the resource ID and then copy and paste it into the <resource-group-name>.json file. To obtain the ID, use Get-AzVirtualNetwork:

     $targetVNETID = (Get-AzVirtualNetwork -Name <target-vnet-name> -ResourceGroupName <target-resource-group-name>).Id
    

    Type the variable and hit enter to display the resource ID. Highlight the ID path and copy it to the clipboard:

    PS C:\> $targetVNETID
    /subscriptions/7668d659-17fc-4ffd-85ba-9de61fe977e8/resourceGroups/myResourceGroupVNET-Move/providers/Microsoft.Network/virtualNetworks/myVNET2-Move
    
  7. In the <resource-group-name>.json file, paste the Resource ID from the variable in place of the defaultValue in the second parameter for the target virtual network ID, ensure you enclose the path in quotes:

         "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
         "contentVersion": "1.0.0.0",
         "parameters": {
            "loadBalancers_myLoadBalancer_name": {
            "defaultValue": "<target-external-lb-name>",
            "type": "String"
             },
            "virtualNetworks_myVNET2_externalid": {
             "defaultValue": "<target-vnet-resource-ID>",
             "type": "String"
             }
    
  8. To edit the target region where the internal load balancer configuration will be moved, change the location property under resources in the <resource-group-name>.json file:

        "resources": [
            {
                "type": "Microsoft.Network/loadBalancers",
                "apiVersion": "2019-06-01",
                "name": "[parameters('loadBalancers_myLoadBalancer_name')]",
                "location": "<target-internal-lb-region>",
                "sku": {
                    "name": "Standard",
                    "tier": "Regional"
                },
    
  9. To obtain region location codes, you can use the Azure PowerShell cmdlet Get-AzLocation by running the following command:

    
    Get-AzLocation | format-table
    
    
  10. You can also change other parameters in the template if you choose, and are optional depending on your requirements:

    • Sku - You can change the sku of the internal load balancer in the configuration from standard to basic or basic to standard by altering the sku > name property in the <resource-group-name>.json file:

      "resources": [
      {
          "type": "Microsoft.Network/loadBalancers",
          "apiVersion": "2019-06-01",
          "name": "[parameters('loadBalancers_myLoadBalancer_name')]",
          "location": "<target-internal-lb-region>",
          "sku": {
              "name": "Standard",
              "tier": "Regional"
          },
      

      For more information on the differences between basic and standard sku load balancers, see Azure Standard Load Balancer overview

    • Availability zone. You can change the zone(s) of the load balancer's frontend by changing the zone property. If the zone property isn't specified, the frontend will be created as no-zone. You can specify a single zone to create a zonal frontend or all 3 zones for a zone-redundant frontend.

       "frontendIPConfigurations": [
                {
                      "name": "myfrontendIPinbound",
                      "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_myLoadBalancer_name')), '/frontendIPConfigurations/myfrontendIPinbound')]"
                      "type": "Microsoft.Network/loadBalancers/frontendIPConfigurations",
                      "properties": {
                          "provisioningState": "Succeeded",
                          "privateIPAddress": "10.0.0.1",
                          "privateIPAllocationMethod": "Static",
                          "subnet": {
                              "id": "[concat(resourceId('Microsoft.Network/virtualNetworks', parameters('virtualNetworks_myVNET1_name')), '/subnet-1')]"
                          },
                          "privateIPAddressVersion": "IPv4"
                      },
                      "zones": [
                          "1",
                          "2",
                          "3"
                      ]
                  }
              ],
      
    • Load balancing rules - You can add or remove load balancing rules in the configuration by adding or removing entries to the loadBalancingRules section of the <resource-group-name>.json file:

      "loadBalancingRules": [
                  {
                      "name": "myInboundRule",
                      "etag": "W/\"39e5e9cd-2d6d-491f-83cf-b37a259d86b6\"",
                      "properties": {
                          "provisioningState": "Succeeded",
                          "frontendIPConfiguration": {
                              "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_myLoadBalancer_name')), '/frontendIPConfigurations/myfrontendIPinbound')]"
                          },
                          "frontendPort": 80,
                          "backendPort": 80,
                          "enableFloatingIP": false,
                          "idleTimeoutInMinutes": 4,
                          "protocol": "Tcp",
                          "enableTcpReset": false,
                          "loadDistribution": "Default",
                          "disableOutboundSnat": true,
                          "backendAddressPool": {
                              "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_myLoadBalancer_name')), '/backendAddressPools/myBEPoolInbound')]"
                          },
                          "probe": {
                              "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_myLoadBalancer_name')), '/probes/myHTTPProbe')]"
                          }
                      }
                  }
              ]
      

      For more information on load balancing rules, see What is Azure Load Balancer?

    • Probes - You can add or remove a probe for the load balancer in the configuration by adding or removing entries to the probes section of the <resource-group-name>.json file:

      "probes": [
                  {
                      "name": "myHTTPProbe",
                      "etag": "W/\"39e5e9cd-2d6d-491f-83cf-b37a259d86b6\"",
                      "properties": {
                          "provisioningState": "Succeeded",
                          "protocol": "Http",
                          "port": 80,
                          "requestPath": "/",
                          "intervalInSeconds": 15,
                          "numberOfProbes": 2
                      }
                  }
              ],
      

      For more information on Azure Load Balancer health probes, see Load Balancer health probes

    • Inbound NAT rules - You can add or remove inbound NAT rules for the load balancer by adding or removing entries to the inboundNatRules section of the <resource-group-name>.json file:

      "inboundNatRules": [
                  {
                      "name": "myInboundNATRule",
                      "etag": "W/\"39e5e9cd-2d6d-491f-83cf-b37a259d86b6\"",
                      "properties": {
                          "provisioningState": "Succeeded",
                          "frontendIPConfiguration": {
                              "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_myLoadBalancer_name')), '/frontendIPConfigurations/myfrontendIPinbound')]"
                          },
                          "frontendPort": 4422,
                          "backendPort": 3389,
                          "enableFloatingIP": false,
                          "idleTimeoutInMinutes": 4,
                          "protocol": "Tcp",
                          "enableTcpReset": false
                      }
                  }
              ]
      

      To complete the addition or removal of an inbound NAT rule, the rule must be present or removed as a type property at the end of the <resource-group-name>.json file:

      {
          "type": "Microsoft.Network/loadBalancers/inboundNatRules",
          "apiVersion": "2019-06-01",
          "name": "[concat(parameters('loadBalancers_myLoadBalancer_name'), '/myInboundNATRule')]",
          "dependsOn": [
              "[resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_myLoadBalancer_name'))]"
          ],
          "properties": {
              "provisioningState": "Succeeded",
              "frontendIPConfiguration": {
                  "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_myLoadBalancer_name')), '/frontendIPConfigurations/myfrontendIPinbound')]"
              },
              "frontendPort": 4422,
              "backendPort": 3389,
              "enableFloatingIP": false,
              "idleTimeoutInMinutes": 4,
              "protocol": "Tcp",
              "enableTcpReset": false
          }
      }
      

      For more information on inbound NAT rules, see What is Azure Load Balancer?

  11. Save the <resource-group-name>.json file.

  12. Create or a resource group in the target region for the target internal load balancer to be deployed using New-AzResourceGroup. The existing resource group from above can also be reused as part of this process:

    New-AzResourceGroup -Name <target-resource-group-name> -location <target-region>
    
  13. Deploy the edited <resource-group-name>.json file to the resource group created in the previous step using New-AzResourceGroupDeployment:

    
    New-AzResourceGroupDeployment -ResourceGroupName <target-resource-group-name> -TemplateFile <source-resource-group-name>.json
    
    
  14. To verify the resources were created in the target region, use Get-AzResourceGroup and Get-AzLoadBalancer:

    
    Get-AzResourceGroup -Name <target-resource-group-name>
    
    
    
    Get-AzLoadBalancer -Name <target-publicip-name> -ResourceGroupName <target-resource-group-name>
    
    

Discard

After the deployment, if you wish to start over or discard the virtual network and load balancer in the target, delete the resource group that was created in the target and the moved virtual network and load balancer will be deleted. To remove the resource group, use Remove-AzResourceGroup:


Remove-AzResourceGroup -Name <resource-group-name>

Clean up

To commit the changes and complete the move of the NSG, delete the source NSG or resource group, use Remove-AzResourceGroup or Remove-AzVirtualNetwork and Remove-AzLoadBalancer


Remove-AzResourceGroup -Name <resource-group-name>


Remove-AzLoadBalancer -name <load-balancer> -ResourceGroupName <resource-group-name>

Remove-AzVirtualNetwork -Name <virtual-network-name> -ResourceGroupName <resource-group-name>


Next steps

In this tutorial, you moved an Azure internal load balancer from one region to another and cleaned up the source resources. To learn more about moving resources between regions and disaster recovery in Azure, refer to: