Buffl

Chapter 5 Networking

as
by abdullah S.

Load Balancer

When you have more than one VM serving the application, how do you decide which VM gets a particular user? A load balancer is the answer. Imagine this scenario. Your online business for booking removals of angry llamas is going super well. You're starting to get much more traffic than you originally anticipated. The VM that you use for processing some of the old data is getting overloaded at times. You add a second VM, but how do you now manage the traffic flow and use both? Adding a load balancer in front of the two VMs to capture the traffic before it reaches them means you can manage where the traffic goes. As Microsoft puts it, load balancer distributes new inbound flows that arrive on the load balancer's frontend to backend pool instances, according to rules and health probes.


Inbound flows is any kind of traffic, whether from the internet or from a local VNet. Any inbound traffic will be received by the load balancer. The load balancer's frontend is the gatekeeper of all traffic to the VMs it manages. In effect, whoever calls the service the VMs are running only sees one access point, which is the load balancer's frontend. Backend pool instances are the VMs that are receiving the traffic from the load balancer. And rules and health probes refers to the load balancer rules for directing the traffic. More on that in just a sec. A health probe is a service that makes sure a VM is ready to receive trafficbefore the load balancer sends any. This ensures the load balancer always sends traffic to a healthy VM.

VPN Gateway

When you want to securely communicate between your Azure resources and

your on-premises network, what do you do? Well, you use a VPN gateway, of course. Before we get into the VPN gateway encryption magic, let's start with a virtual network gateway first. A virtual network gateway is composed of two or more virtual machines that are deployedto a specific subnet you create, which is called the gateway subnet. Remember, a subnet is a dedicated part of a VNet that has a specific range of IP addresses it can use. The VMs that are located in the gateway subnet are created when you create the virtual network gateway. A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public internet. Let's say you have an established company that has its own on-premises infrastructure. This is working well, but you are wanting to move parts of your system to the cloud to take advantage of the cloud goodness, such as scalability, high availability, and costs reduction. This means you'll have a hybrid solution, with some of your data on-premises and some on Azure. In order to communicate securely between the two, you create a VPN gateway, which is a specific kind of VNet gateway. A VPN gateway is a key part of having a secure and available hybrid cloud architecture. There are various ways to connect your on-premises servers with the VPN gateway, but that is outside the scope of this course. You should know the main three components of a VPN gateway setup though. An Azure VNet with a VPN gateway attached - this gateway will have its own public IP address - a secure connection called a tunnel, which has one of a number of encryption mechanisms, an on-premises network with a complementary gateway that can accept the encrypted data. And this is called a site-to-site connection. You can also have one VPN gateway with more than one on-premises network connecting to it. This is called a multi-site connection. For the exam, you need to know about VPN gateways as they are critical for efficient cloud computing in a hybrid architecture. A VPN gateway is a specific kind of VNet gateway, which is two or more machines deployed to a specific subnet. A VNet gateway of type VPN becomes a VPN gateway. And a VPN gateway is used to send encrypted data from Azure to on-premises. There are three parts to a VPN gateway use case scenario. Azure gateway subnet of two or more machines, a secure tunnel for data to be transmitted, and an on-premises gateway to connect to as well. Up next, a different type of gateway.


Application Gateway


What do you get if you take a load balancer and sprinkle a little cloud on it?

An application gateway, of course! If you recall, a load balancer receives your internet

and network traffic and, based on an IP address and a port, it will send that data to one of the VMs in the backend pool. But what if you want to route the traffic based on other parameters than simply IP address and port number? With Application Gateway, you can make routing decisions based on additional attributes of an HTTP request, such as URI path or host headers. An HTTP request is the data format that is received from any kind of internet traffic. The URI path is the web address for the request, and a host header is a piece of information that is sent with the request. This means you can send traffic from a specific web address to a specific machine. For example, if you have a request for a URL that is images, you could send that to a specific pool of machines that are better at handling images. The same can be done for videos. One of the great things about a lot of Azure services is that they work so well together, and for the Application Gateway, that is no difference. A few of the benefits for using an application gateway are that an application gateway can scale up or down based on the traffic that comes to it. As always this can cost more, but it also means you don't have to worry about managing the resources needed to serve your application. An application gateway has end-to-end encryption for all traffic, meaning you can comply with any requirements about securing the traffic. If not needed, you can disable secure transfer to the backend pool to improve processing times too. Zone redundancy - this is an application gateway that can span multiple availability zones, offering better fault resiliency, and you don't have to set up more gateways to cater for each zone either.You can use multi-site hostingto use the same application gateway for more than one website. You can, in fact, add up to 100 websites to the same instance of an application gateway. This will both save you on cost and complexity. So, in summary, an application gateway is another type of load balancer that works on a higher level. It works on the HTTP request of the traffic instead of the IP address and port. Traffic from a specific web address, such as an image or video URL, can go to a specific machine in the backend pool. It works well with all the Azure services and can share the same cloud benefits like high availability and pricing. And this supports auto scaling, end-to-end encryption, zone redundancy, and multi-site hosting, among other benefits.

















Author

abdullah S.

Information

Last changed