High Availability in Azure

Posted: October 15, 2017 in Azure

0

Concepts

  • Load balancer can include one or more frontend IP addresses, otherwise known as a virtual IPs (VIPs). These IP addresses serve as ingress for the traffic.
  • Back-end address pool – these are IP addresses associated with the virtual machine Network Interface Card (NIC) to which load is distributed.
  • Load balancing rules – a rule property maps a given frontend IP and port combination to a set of backend IP addresses and port combination. A single load balancer can have multiple load balancing rules. Each rule is a combination of a frontend IP and port and backend IP and port associated with VMs.
  • Probes – probes enable you to keep track of the health of VM instances. If a health probe fails, the VM instance is taken out of rotation automatically.
  • Inbound  rules – NAT rules defining the inbound traffic flowing through the frontend IP and distributed to the backend IP.

Creating Availability Set

Availability set is logical grouping of 2 or more Azure VM’s.While placing your virtual machines into an availability set does not protect your application from operating system or application-specific failures, it does limit the impact of potential physical hardware failures, network outages, or power interruptions.

In Azure portal click New-Availability set

1

Give it name and specify Resource Group

A Fault Domain defines set of Hyper-V hosts that could be affected by a physical failure such as a power source or network failure. 2 VMs in the same availability set means Azure will provision them in to 2 different racks so that if say, the network or the power failed, only one rack would be affected.

Update domain is set of physical hosts that Azure fabric can update and reboot at the same time without disrupting VM’s availability.Upgrade domains exist so when Microsoft rolls out a new software feature or bug fix, each upgrade domain is upgraded at different times. This ensures that if you have at least 2 instances, your service will never go down as the result of an upgrade.

2

Create 2 VM and associate it to Availability Set

3

4

Specify Availability Set

5

Creating Load Balancer

Click New and type Load balancer

6

Create New Load Balancer IP

7

Creating Backed Pool

All resources-Load Balancers-click on Load Balancer

8

Click on Backed pools-Add

9

Select Availability set-Add a target network IP configuration add VM’s

10

11

Creating Health Probes

These VM’s will host web site so we need to define criteria for Availability

Under Load balancers click on LB then on properties click on Click Health probes-add

12

Protocol HTTP-port 80

Set Interval for check and number of checks after which Load balancer will consider node as unhealthy

13

Creating Load Balancer Rules

Click on Load balancing rules under Load balancing properties

14

Select port Backed pool and Health Probe

15

Installing IIS on VM’s

We’ll use desired state configuration (DSC)

IISinstall.ps1 will be pushed to both VM’s

Configuration IISInstall
{
    Node localhost
   {
	WindowsFeature IIS
        {
	    Name = "Web-Server"
	    Ensure = "Present"
        } 
    }
}

To apply DSC to Azure Resource manager we’ll use another script:

Login-AzureRmAccount

Get-AzureRmSubscription

$resourceGroupName = (Get-AzureRmResourceGroup).ResourceGroupName
$location =(Get-AzureRmResourceGroup).Location

$storageAccount = (Get-AzureRmStorageAccount | Where-Object {($_.Location -eq $location) -and ($_.ResourceGroupName -eq $resourceGroupName) })[0]
$storageAccountKey = (Get-AzureRmStorageAccountKey -ResourceGroupName $resourceGroupName -Name $storageAccount.StorageAccountName).Value[0]

 

# we are using default container
$containerName = 'windows-powershell-dsc'

$configurationName = 'IISInstall'
#path to previous script
$configurationPath = "C:\Users\lap-top\Desktop\IISInstall.ps1"
#publish Azure DSC configuration to Azure storage account (it will generate zip file containing all scripts and
#upload it to Azure account

$moduleURL = Publish-AzureRmVMDscConfiguration -ConfigurationPath $configurationPath -ResourceGroupName $resourceGroupName -StorageAccountName $storageAccount.StorageAccountName -Force

#creating a shared access signature token that will provide access to archive configuration file in Azure storage account

$storageContext = New-AzureStorageContext -StorageAccountName $storageAccount.StorageAccountName -StorageAccountKey $storageAccountKey

#shared access signature is digitally signed string that identifies azure storage object
$sasToken = New-AzureStorageContainerSASToken -Name $containerName -Context $storageContext -Permission r

#creating a variable that contains settings for DSC archive,DSC configuration function and shared access token
$settingsHashTable = @{
"ModulesUrl" = "$moduleURL";
"ConfigurationFunction" = "$configurationName.ps1\$configurationName";
"SasToken" = "$sasToken"
}

$vmName1= 'your machine name'
$vmName2= 'your machine name 2'
$extensionName = 'DSC'
$extensionType = 'DSC'
$publisher = 'Microsoft.Powershell'
$typeHandlerVersion = '2.1'

Set-AzureRmVMExtension -ResourceGroupName $resourceGroupName -VMName $vmName1 -Location $storageAccount.Location `
-Name $extensionName -Publisher $publisher -ExtensionType $extensionType -TypeHandlerVersion $typeHandlerVersion `
-Settings $settingsHashTable

Set-AzureRmVMExtension -ResourceGroupName $resourceGroupName -VMName $vmName2 -Location $storageAccount.location `
-Name $extensionName -Publisher $publisher -ExtensionType $extensionType -TypeHandlerVersion $typeHandlerVersion `
-Settings $settingsHashTable

 

Save script ,connect to Azure and run it  (for steps how to connect to Azure see one of previous posts

 

16

Log in to machines and check IIS is installed

Configuration is imported to Azure

 

17

Configuring inbound rules

Add rules for accessing web site to Azure VM’s

For each VM Network security group is created (NSG-it’s lightweight version of firewall)

18.PNG

Click inbound security rukes-Add

 

19

 

20

 

Do this for every VM

Locate Load balancer’s IP by clicking on it and observe IP address

 

21

and test it, as long as at least one VM is running, site will be accessible

22.PNG

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s