Showing posts with label load balancing. Show all posts
Showing posts with label load balancing. Show all posts

Sunday 10 July 2022

Azure Application Gateway Basics

Azure Application Gateway is a http traffic load balancer that allows me to manage my web traffic.  So based on urls, paths, the traffic can be pushed on accordingly.  It also provides for sticky sessions.  In my head I see Azure Application Gateway as a layer 7 HTTP Load Balancer and a Web Application Firewall (WAF).  There are 3 core concepts: Front-ends, rules and backends that are used to route traffic from the front-end to the back-ends.

Azure Load Balancer works at level 4 where Azure application gateway is for web traffic at layer 7 of the OSI model.

Azure Front Door is basically for world wide Application gateway functionality.

Checklist on the Application Gateway: 

  • You should enable the WAF unless you already use another WAF like Imperva enterprise wide, do this under the "Web application firewall" option, setup OWASP rules.  
  • Config session affinity, and HTTPS termination using the "HTTP settings".  
  • "Listeners"  are what listens for incoming http requests.
  • "Rules" bind the listeners to the backend pools.
  • "Backend pools" are used to point traffic to the end points.  Also remember to setup "Health Probes", this allows the App pool to verify the backends are working.
  •  Ensure you set the diagnostics logging to send logs to "Log Analytics" so you can examine the logs.

Features

  1. SSL/TLS termination - Terminate SSL using certificate
  2. Autoscaling - increase the size or instance count based on traffic requirements
  3. Can be setup to be zone redundant
  4. Static IP address that doesn't change
  5. WAF and DDoS (pretty new 2022, applied using Azure DDoS Sentinel service) capabilities - The WAF allows you to apply OWASP rules and add additional custom rules.  Bot protection is also built in, rules need to be applied to get it to work.  
  6. URL-based routing
  7. Multiple domains/site hosting
  8. Redirection
  9. Sticky sessions/session affinity
  10. HTTP/2 support
  11. Custom error pages (so useful)
  12. Rewrite headers and URL

References:

How an application gateway works | Microsoft Docs

WAF options

Friday 11 October 2013

Testing my SharePoint 2013 Network Load Balancer

Overview:  This is how I tested my Kemp load balancer.  Kemp terminates the SSL and has a load balancer that checks the http service is running.  I still like to use session persistence for load balancing.

Fiddler is useful from the client, you can check that SSL is getting correctly written by the Load Balanacer. 
Microsoft Network Manager 3.4 is useful to watch the traffic between the WFE and the load balancer.  WireShark is also good option.  This role would probably best be performed by using Fiddler as a reverse proxy to capture the traffic (I never done this).


SharePoint 2013 has the Request Management Service that acts like a load balancer for traffic.  I don't understand the point and I would need a rather strange scenario to use Request Management if I have a decent load balancer in place (KEMP or F5).


Updated 17 Aug 2015: All the Load balancer solutions (F5, Cisco, Kemp etc.) have traffic distribution, it is a good idea to use a more advanced algorithm.  For instance using an F5, setting to use the "Dynamic Ratio" algorithm redirects traffic based on continuous monitoring of the servers resources.  F5 has many options I prefer using the "Dynamic Ratio" but it depends on the circumstances.

Tuesday 7 September 2010

SP2010 AutoSPInstaller NLB farm install issue - Trial period for this product has expired

Problem: I created a farm using the AutoSPInstaller project. All works perfectly. I then joined a 2nd SharePoint 2010 server using the script however the script was change to not create the services again. All works and I have a 3 server farm including the database server. I then added Windows 2008 R2 network load balancing on the 2 SharePoint 2010 servers. If try access the default Team Site created when I built the 1st server on the new server I get the error "The trial period for this product has expired." Event log doesn't show an error and the ULS shows the following error "Exception thrown while adding control 'Microsoft.SharePoint.Portal.WebControls.SearchBox' : Thread was being aborted ...".


Hypothesis: The install adds the IIS web site created on my initial farm build on the 2nd SharePoint server. Routing is working and the error occurs when the request is routed to the 2nd SP2010 server. The response is coming from the IIS web server and we know the issue is within the specific web app.  In MOSS there were 2 causes for the error message and this is clearly not the SP2 bug so it looks more like the app pool account bug.

Resolution: Create a new Web Application and create a new root Site Collection. The error goes away. OR
Using Powershell change the Managed account then using IIS Manager on each web server go to the approoriate app pool and change the account to the new account. 
OR
Use Central Admin to change the service account.  CA > Security > Configure service account.  You will need to reset IIS on each web server.
Demo on changing app pool managed accounts