We will look at different deployment scenario today. Which would be a couple of web servers configured under and Internal Load balancer and published through an application gateway with WAF configured. So below are the systematic approach we would be following.
Step 01 – Complete the required VNet and Subnet for each tier.
Step 02 – install two Web Servers and add them in an Availability set. Enable the IIS role keep it ready.
Step 03 – Deploy an Internal Load Balancer and configure Backend Pool, Health Probe and Load Balancing Rules.
Step 04 – Deploy an Application Gateway with WAF feature and configure Health Probe, HTTP Settings and Backend Pool.
Step 05 – Verification of the web services by accessing the Application gateway’s DNS name.
Step 06 – Upon successful verification of the services, create CName record for Application Gateway’s DNS name on the Public Domain provider.
Step 01 – Complete the required VNet and Subnet for each tier.
- Created a new VNet named “MainVNet” with the address space of “10.3.0.0/16” under the Resource Group named MainResourceGroup01
- Then created 3 subnets for the services as below.
VMSubnet01 – For all the Web Servers.
ILBSubnet01 – Internal Load Balancer subnet.
Appgateway02 – Application Gateway Subnet.
We have created a Single Network Security Group named “Webapp01-nsg” and shared used it across Subnets. In a production environment you might want to consider creating different NSGs and configure the destination IP Ranges according to your requirement.
Step 02 – install two Web Servers and add them in an Availability set. Enable the IIS role keep it ready.
- Deploy two servers named Webapp01 and Webapp02 as below and install the IIS role on both the servers. VM Size is selected as Standard D1 to achieve load balancing capability. Managed Disks are used for disk configuration.
2. An availability set named Availabilityset01 has been created with 2 fault domains and 5 update domain configuration.
3. Run the below command on both the servers to complete the IIS role installation.
Install-WindowsFeature -Name Web-Server -IncludeManagementTools
Step 03 – Deploy an Internal Load Balancer and configure Backend Pool, Health Probe and Load Balancing Rules.
1. Go to Load balancers > Add to deploy new Load balancer. On the configuration pane select the Load Balancer type as Internal to deploy it as Internal Load balancer and select the VNet as MainVNet and Subnet as ILBSubnet01. It has to be a static IP Configuration. Create the Load Balancer under “MainResourceGroup01” Resource Group.
Note the Internal Load balancer’s front end IP Address.
2. Next create a Health Probe named Healthprobe01 and configure it as below.
3. Add the Availbilityset01 under the Backend pools. We have named the Backend pool name as Backendpool01
4. Next create a “Load balancing rule” named Loadbalancingrule01 and configure it as below. Here you will select the front end IP of the load balancer, Ports, Backend Pool name and the Health probe.
Step 04 – Deploy an Application Gateway with WAF feature and configure Health Probe, HTTP Settings and Backend Pool.
- Go to Application gateway>Add to deploy a new Application Gateway named “MainApplicationGateway” under “MainResourceGroup01” Resource Group. Also select the Tier as “WAF”
- Then Choose the VNET and Subnet as “MainVNET and Appgateway02” then create a new Public IP Address for the Application gateway and make sure it is configured as Dynamic IP Addressing. It is very important that it is configured Dynamic IP Assignment.
- Once you initiate the deployment it will take a while. Once the installation is complete, observe the default Rule named rule1 created automatically.
Observe the Default HTTP Listener created automatically.
4. Now create a Health probe as “Probe01” with below values.
5. Go under the “HTTP settings” click on the existing “appGatewayBackendHttpSettings” and select the box near to ” Custom probe” and select the Probe01 that you created.
6. Now go to “Backend Pool” and click on the existing backend pool named “appGatewayBackendPool” and then add the Internal Load Balancer Frontend IP ad the target here.
7. Observe the Application gateway configuration and note down the Frontend public IP address.
Step 05 – Verification of the web services by accessing the Application gateway’s DNS name.
- At this stage you can verify the services by accessing the Application gateway’s front end Address.
Step 06 – Upon successful verification of the services, create CName record for Application Gateway’s DNS name on the Public Domain provider.
1) Now login to your Domain name providers portal and add the CName for the Frontend Public Address as below.
So that’s it for the ILB and Application gateway with WAF feature. Write your comments and feedbacks below.