← Back to Dashboard

Design 3: High Availability Web Farm (Load Balanced)

Summary

This design improves on Design 2 by adding a Load Balancer and a second VM.

Topology: The VMs sit in a Spoke VNet. The Load Balancer distributes traffic.

1. Key Design Decisions (ADR)

ADR-01: Load Balancer

  • Decision: Azure Load Balancer (Standard).
  • Rationale: Layer 4 distribution. Supports Availability Zones.

ADR-02: Availability Set

  • Decision: Availability Set.
  • Rationale: Ensures VMs are on different racks (Fault Domains) to prevent simultaneous hardware failure.

    • 2. High-Level Design (HLD)

+--------------+           +--------------------------+           +--------------+
|  User        |           |        HUB VNet          |           |  SPOKE VNet  |
|  (Internet)  |           |      (Firewall)          |           |  (Web Farm)  |
+------+-------+           +------------+-------------+           +------+-------+
       |                                |                                |
       v                                | (Peering)                      |
+------+-------+                        v                                v
|  Public IP   |           +------------+-------------+           +------+-------+
|  (LB)        |---------->| Azure Firewall           |<--------->|  Load        |
+--------------+           |                          |           |  Balancer    |
                           +--------------------------+           +------+-------+
                                                                         |
                                                                         v
                                                                  +--------------+
                                                                  |  Web VMs     |
                                                                  |  (AV Set)    |
                                                                  +--------------+

3. Low-Level Design (LLD)

                               PRIMARY REGION (East US)
+-----------------------------------------------------------------------+
| HUB VNet: vnet-hub (10.0.0.0/16)                                      |
|   +-----------------------+                                           |
|   | Azure Firewall        |                                           |
|   +-----------|-----------+                                           |
|               |                                                       |
|               v (Peering)                                             |
+---------------|-------------------------------------------------------+
                |
+---------------|-------------------------------------------------------+
| SPOKE VNet: vnet-web-spoke (10.1.0.0/16)                              |
|   +-----------------------+                                           |
|   | Subnet: Frontend      |                                           |
|   | [Standard LB]         |                                           |
|   |   |-- Backend Pool    |                                           |
|   |       |-- VM1         |                                           |
|   |       |-- VM2         |                                           |
|   +-----------------------+                                           |
+-----------------------------------------------------------------------+

                               SECONDARY REGION (West US)
+-----------------------------------------------------------------------+
| DR SPOKE VNet                                                         |
|   +-----------------------+                                           |
|   | ASR Replicas (VM1/2)  |                                           |
|   | (Stopped)             |                                           |
|   +-----------------------+                                           |
+-----------------------------------------------------------------------+

4. Component Rationale

  • Standard LB: Required for HA Ports and Zone Redundancy. Basic LB is legacy.

5. Strategy: High Availability (HA)

  • Status: High.
  • SLA: 99.95% (Availability Set).

6. Strategy: Disaster Recovery (DR)

  • Implementation: ASR.
  • Process: Replicate both VMs to West US. In disaster, spin them up and update DNS.

7. Strategy: Backup

  • Implementation: Azure Backup.

8. Strategy: Security

  • NSG: Allow Port 80 only from Internet (or Hub).

9. Well-Architected Framework Analysis

  • Reliability: High.
  • Security: Medium.
  • Cost Optimization: Medium.
  • Operational Excellence: Medium.
  • Performance Efficiency: High. Scale out to more VMs.

10. Detailed Traffic Flow

1. User: Hits Public IP of LB.

2. LB: Hash-based distribution (5-tuple). Picks VM1.

3. VM1: Processes request.

4. Failure: If VM1 dies, Probe fails. LB sends all traffic to VM2.

11. Runbook: Deployment Guide (Azure Portal)

Phase 1: Create Resource Group & VNet

1. Create Resource Group: rg-design03-lb. Region: East US.

2. Create VNet:

* Name: vnet-web-spoke.

* Address space: 10.1.0.0/16.

* Subnet: snet-frontend (10.1.1.0/24).

3. Peering: Peer vnet-web-spoke to vnet-hub.

Phase 2: Create Public IP

1. Search: "Public IP addresses" -> + Create.

2. Name: pip-lb-web.

3. SKU: Standard (Required for Standard LB).

4. Tier: Regional.

5. Create.

Phase 3: Create Load Balancer

1. Search: "Load Balancers" -> + Create.

2. Resource group: rg-design03-lb.

3. Name: lb-web.

4. Region: East US.

5. SKU: Standard.

6. Type: Public.

7. Frontend IP configuration:

* Add a frontend IP.

* Name: fe-web.

* Public IP address: Select pip-lb-web.

8. Backend pools:

* Add a backend pool.

* Name: bep-web.

* Virtual network: vnet-web-spoke.

* Save (Don't add VMs yet).

9. Review + create -> Create.

Phase 4: Create Availability Set & VMs

1. Create Availability Set:

* Search "Availability sets" -> + Create.

* Name: aset-web.

* Fault Domains: 2. Update Domains: 5.

* Create.

2. Create VM 1:

* Name: vm-web-01. Image: Windows Server 2019.

* Availability options: Availability set -> aset-web.

* Networking: vnet-web-spoke, snet-frontend. Public IP: None.

* Create.

3. Create VM 2:

* Name: vm-web-02. Same settings, same Availability Set.

* Create.

Phase 5: Configure Load Balancer Backend

1. Go to lb-web -> Backend pools.

2. Click bep-web.

3. Add -> Select vm-web-01 and vm-web-02.

4. Save.

Phase 6: Configure Rules

1. Health probes -> + Add.

* Name: probe-http. Protocol: TCP. Port: 80. Interval: 5.

* Add.

2. Load balancing rules -> + Add.

* Name: rule-http.

* Frontend: fe-web.

* Backend pool: bep-web.

* Protocol: TCP. Port: 80. Backend Port: 80.

* Health probe: probe-http.

* Add.

Phase 7: Verify

1. Install IIS on both VMs (via Bastion).

* PowerShell: Install-WindowsFeature -name Web-Server -IncludeManagementTools.

* Customize C:\inetpub\wwwroot\iisstart.htm to say "VM1" and "VM2".

2. Hit the Public IP of the LB.

3. Refresh to see load balancing (might need Incognito to break session affinity if set).