High Availability in Azure

Posted: October 15, 2017 in Azure



  • Load balancer can include one or more frontend IP addresses, otherwise known as a virtual IPs (VIPs). These IP addresses serve as ingress for the traffic.
  • Back-end address pool – these are IP addresses associated with the virtual machine Network Interface Card (NIC) to which load is distributed.
  • Load balancing rules – a rule property maps a given frontend IP and port combination to a set of backend IP addresses and port combination. A single load balancer can have multiple load balancing rules. Each rule is a combination of a frontend IP and port and backend IP and port associated with VMs.
  • Probes – probes enable you to keep track of the health of VM instances. If a health probe fails, the VM instance is taken out of rotation automatically.
  • Inbound  rules – NAT rules defining the inbound traffic flowing through the frontend IP and distributed to the backend IP.

Creating Availability Set

Availability set is logical grouping of 2 or more Azure VM’s.While placing your virtual machines into an availability set does not protect your application from operating system or application-specific failures, it does limit the impact of potential physical hardware failures, network outages, or power interruptions.

In Azure portal click New-Availability set


Give it name and specify Resource Group

A Fault Domain defines set of Hyper-V hosts that could be affected by a physical failure such as a power source or network failure. 2 VMs in the same availability set means Azure will provision them in to 2 different racks so that if say, the network or the power failed, only one rack would be affected.

Update domain is set of physical hosts that Azure fabric can update and reboot at the same time without disrupting VM’s availability.Upgrade domains exist so when Microsoft rolls out a new software feature or bug fix, each upgrade domain is upgraded at different times. This ensures that if you have at least 2 instances, your service will never go down as the result of an upgrade.


Create 2 VM and associate it to Availability Set



Specify Availability Set


Creating Load Balancer

Click New and type Load balancer


Create New Load Balancer IP


Creating Backed Pool

All resources-Load Balancers-click on Load Balancer


Click on Backed pools-Add


Select Availability set-Add a target network IP configuration add VM’s



Creating Health Probes

These VM’s will host web site so we need to define criteria for Availability

Under Load balancers click on LB then on properties click on Click Health probes-add


Protocol HTTP-port 80

Set Interval for check and number of checks after which Load balancer will consider node as unhealthy


Creating Load Balancer Rules

Click on Load balancing rules under Load balancing properties


Select port Backed pool and Health Probe


Installing IIS on VM’s

We’ll use desired state configuration (DSC)

IISinstall.ps1 will be pushed to both VM’s

Configuration IISInstall
    Node localhost
	WindowsFeature IIS
	    Name = "Web-Server"
	    Ensure = "Present"

To apply DSC to Azure Resource manager we’ll use another script:



$resourceGroupName = (Get-AzureRmResourceGroup).ResourceGroupName
$location =(Get-AzureRmResourceGroup).Location

$storageAccount = (Get-AzureRmStorageAccount | Where-Object {($_.Location -eq $location) -and ($_.ResourceGroupName -eq $resourceGroupName) })[0]
$storageAccountKey = (Get-AzureRmStorageAccountKey -ResourceGroupName $resourceGroupName -Name $storageAccount.StorageAccountName).Value[0]


# we are using default container
$containerName = 'windows-powershell-dsc'

$configurationName = 'IISInstall'
#path to previous script
$configurationPath = "C:\Users\lap-top\Desktop\IISInstall.ps1"
#publish Azure DSC configuration to Azure storage account (it will generate zip file containing all scripts and
#upload it to Azure account

$moduleURL = Publish-AzureRmVMDscConfiguration -ConfigurationPath $configurationPath -ResourceGroupName $resourceGroupName -StorageAccountName $storageAccount.StorageAccountName -Force

#creating a shared access signature token that will provide access to archive configuration file in Azure storage account

$storageContext = New-AzureStorageContext -StorageAccountName $storageAccount.StorageAccountName -StorageAccountKey $storageAccountKey

#shared access signature is digitally signed string that identifies azure storage object
$sasToken = New-AzureStorageContainerSASToken -Name $containerName -Context $storageContext -Permission r

#creating a variable that contains settings for DSC archive,DSC configuration function and shared access token
$settingsHashTable = @{
"ModulesUrl" = "$moduleURL";
"ConfigurationFunction" = "$configurationName.ps1\$configurationName";
"SasToken" = "$sasToken"

$vmName1= 'your machine name'
$vmName2= 'your machine name 2'
$extensionName = 'DSC'
$extensionType = 'DSC'
$publisher = 'Microsoft.Powershell'
$typeHandlerVersion = '2.1'

Set-AzureRmVMExtension -ResourceGroupName $resourceGroupName -VMName $vmName1 -Location $storageAccount.Location `
-Name $extensionName -Publisher $publisher -ExtensionType $extensionType -TypeHandlerVersion $typeHandlerVersion `
-Settings $settingsHashTable

Set-AzureRmVMExtension -ResourceGroupName $resourceGroupName -VMName $vmName2 -Location $storageAccount.location `
-Name $extensionName -Publisher $publisher -ExtensionType $extensionType -TypeHandlerVersion $typeHandlerVersion `
-Settings $settingsHashTable


Save script ,connect to Azure and run it  (for steps how to connect to Azure see one of previous posts



Log in to machines and check IIS is installed

Configuration is imported to Azure



Configuring inbound rules

Add rules for accessing web site to Azure VM’s

For each VM Network security group is created (NSG-it’s lightweight version of firewall)


Click inbound security rukes-Add






Do this for every VM

Locate Load balancer’s IP by clicking on it and observe IP address



and test it, as long as at least one VM is running, site will be accessible




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s