question

92056523 avatar image
0 Votes"
92056523 asked 92056523 commented

如何结合azure app proxy以及 azure load balancer进行应用代理

我的应用场景:使用azure AD进行应用身份认证,并使用应用代理(azure app proxy)来保证本地web应用服务只暴露在本地网络(aws vm, webapp on-premises),如下图所示:
131631-image.png




现在我的本地web应用要做HA,我的想法是在 azure app proxy connector和 my webapp之间加一层 azure load balancer,

但这使我感觉比较困惑, 这样的话,我的应用前面岂不是经过了3次代理(user->app proxy->app proxy connector->azure load balancer-> my webapp),

性能方面也会损失,请问有更好的方法吗?

期待你们的回复,谢谢!

azure-load-balancerazure-ad-application-proxy
image.png (249.1 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@92056523 Thank you for reaching out to Microsoft Q&A.

I understand that you are having questions regarding adding a Load Balancer in between your App Proxy and your Web App since you need HA for your local apps.

I would suggest you to rather place the Load Balancer in front of the App Proxy as shown in the picture below:

132017-application-proxy-connections.png

The request goes through an Azure Load Balancer to determine which Application Proxy service instance should take the request. Per region, there are tens of instances available to accept the request. This method helps to evenly distribute the traffic across the service instances. Please go through High Availability and Load Balancing of your application Proxy connectors and applications for more details.

I will be moving this issue to the AD-Application-Proxy Team so they can also answer further if needed. In the meanwhile, if you have any further questions/concerns, please do let us know.

0 Votes 0 ·

thank you very much, I also want to know what the AD-Application-Proxy Team sugguest.

0 Votes 0 ·

1 Answer

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered 92056523 commented

@92056523
Thank you for your post, and for your time and patience throughout this issue!

As @SaiKishor-MSFT suggested, and based off our High availability and load balancing of your Application Proxy connectors and applications documentation, it's recommended to place the Load Balancer in front of the App Proxy.

132430-image.png
For more info - Traffic distribution across connectors


Additional Links:
Plan an Azure AD Application Proxy deployment
Understand Azure AD Application Proxy connectors
Publish applications on separate networks and locations using connector groups


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


image.png (50.7 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you!Another question want to ensure,Do azure app proxy connectors know my backend servers alive or ALB knows?
the diagrams below witch is right?
132601-proxy-ha.png


0 Votes 0 ·
proxy-ha.png (162.6 KiB)