Tutorial: Load balance VMs across availability zones with a Standard Load Balancer using the Azure portal

Load balancing provides a higher level of availability by spreading incoming requests across multiple virtual machines. This tutorial steps through creating a public Standard Load Balancer that load balances VMs across availability zones. This helps to protect your apps and data from an unlikely failure or loss of an entire datacenter. With zone-redundancy, one or more availability zones can fail and the data path survives as long as one zone in the region remains healthy. You learn how to:

  • Create a Standard Load Balancer
  • Create network security groups to define incoming traffic rules
  • Create zone-redundant VMs across multiple zones and attach to a load balancer
  • Create load balancer health probe
  • Create load balancer traffic rules
  • Create a basic IIS site
  • View a load balancer in action

For more information about using Availability zones with Standard Load Balancer, see Standard Load Balancer and Availability Zones.

If you prefer, you can complete this tutorial using the Azure CLI.

If you don't have an Azure subscription, create a free account before you begin.

Sign in to Azure

Sign in to the Azure portal at https://portal.azure.com.

Create a Standard Load Balancer

Standard Load Balancer only supports a Standard Public IP address. When you create a new public IP while creating the load balancer, it is automatically configured as a Standard SKU version, and is also automatically zone-redundant.

  1. On the top left-hand side of the screen, click Create a resource > Networking > Load Balancer.

  2. In the Basics tab of the Create load balancer page, enter or select the following information, accept the defaults for the remaining settings, and then select Review + create:

    Setting Value
    Subscription Select your subscription.
    Resource group Select Create new and type MyResourceGroupLBAZ in the text box.
    Name myLoadBalancer
    Region Select West Europe.
    Type Select Public.
    SKU Select Standard.
    Public IP address Select Create new.
    Public IP address name Type myPublicIP in the text box.
    Availability zone Select Zone redundant.

Create backend servers

In this section, you create a virtual network, virtual machines in different zones for the region, and then install IIS on the virtual machines to help test the zone-redundant load balancer. Hence, if a zone fails, the health probe for VM in the same zone fails, and traffic continues to be served by VMs in the other zones.

Create a virtual network

Create a virtual network for deploying your backend servers.

  1. On the top left-hand side of the screen click Create a resource > Networking > Virtual network and enter these values for the virtual network:

    • myVnet - for the name of the virtual network.
    • myResourceGroupLBAZ - for the name of the existing resource group
    • myBackendSubnet - for the subnet name.
  2. Click Create to create the virtual network.

    Create a virtual network

Create a network security group

Create network security group to define inbound connections to your virtual network.

  1. On the top left-hand side of the screen, click Create a resource, in the search box type Network Security Group, and in the network security group page, click Create.
  2. In the Create network security group page, enter these values:
    • myNetworkSecurityGroup - for the name of the network security group.
    • myResourceGroupLBAZ - for the name of the existing resource group.

Create a virtual network

Create network security group rules

In this section, you create network security group rules to allow inbound connections using HTTP and RDP using the Azure portal.

  1. In the Azure portal, click All resources in the left-hand menu, and then search and click myNetworkSecurityGroup that is located in the myResourceGroupLBAZ resource group.

  2. Under Settings, click Inbound security rules, and then click Add.

  3. Enter these values for the inbound security rule named myHTTPRule to allow for an inbound HTTP connections using port 80:

    • Service Tag - for Source.
    • Internet - for Source service tag
    • 80 - for Destination port ranges
    • TCP - for Protocol
    • Allow - for Action
    • 100 for Priority
    • myHTTPRule - for name of the load balancer rule.
    • Allow HTTP - for description of the load balancer rule.
  4. Click OK.

    Create a virtual network

  5. Repeat steps 2 to 4 to create another rule named myRDPRule to allow for an inbound RDP connection using port 3389 with the following values:

    • Service Tag - for Source.
    • Internet - for Source service tag
    • 3389 - for Destination port ranges
    • TCP - for Protocol
    • Allow - for Action
    • 200 for Priority
    • myRDPRule for name
    • Allow RDP - for description

Create virtual machines

Create virtual machines in different zones (zone 1, zone 2, and zone 3) for the region that can act as backend servers to the load balancer.

  1. On the top left-hand side of the screen, click Create a resource > Compute > Windows Server 2016 Datacenter and enter these values for the virtual machine:

    • myVM1 - for the name of the virtual machine.
    • azureuser - for the administrator user name.
    • myResourceGroupLBAZ - for Resource group, select Use existing, and then select myResourceGroupLBAZ.
  2. Click OK.

  3. Select DS1_V2 for the size of the virtual machine, and click Select.

  4. Enter these values for the VM settings:

    • zone 1 - for the zone where you place the VM.
    • myVNet - ensure it is selected as the virtual network.
    • myBackendSubnet - ensure it is selected as the subnet.
    • myNetworkSecurityGroup - for the name of network security group (firewall).
  5. Click Disabled to disable boot diagnostics.

  6. Click OK, review the settings on the summary page, and then click Create.

    Create a virtual machine

  7. Create a second VM, named, VM2 in Zone 2, and third VM in Zone 3, and with myVnet as the virtual network, myBackendSubnet as the subnet, and *myNetworkSecurityGroup as the network security group using steps 1-6.

Install IIS on VMs

  1. Click All resources in the left-hand menu, and then from the resources list click myVM1 that is located in the myResourceGroupLBAZ resource group.
  2. On the Overview page, click Connect to RDP into the VM.
  3. Log into the VM with username azureuser.
  4. On the server desktop, navigate to Windows Administrative Tools>Windows PowerShell.
  5. In the PowerShell Window, run the following commands to install the IIS server, remove the default iisstart.htm file, and then add a new iisstart.htm file that displays the name of the VM:
    
     # install IIS server role
     Install-WindowsFeature -name Web-Server -IncludeManagementTools
    
     # remove default htm file
      remove-item  C:\inetpub\wwwroot\iisstart.htm
    
     # Add a new htm file that displays server name
      Add-Content -Path "C:\inetpub\wwwroot\iisstart.htm" -Value $("Hello World from" + $env:computername)
    
  6. Close the RDP session with myVM1.
  7. Repeat steps 1 to 6 to install IIS and the updated iisstart.htm file on myVM2 and myVM3.

Create load balancer resources

In this section, you configure load balancer settings for a backend address pool and a health probe, and specify load balancer and NAT rules.

Create a backend address pool

To distribute traffic to the VMs, a back-end address pool contains the IP addresses of the virtual (NICs) connected to the load balancer. Create the backend address pool myBackendPool to include VM1, VM2, and VM3.

  1. Click All resources in the left-hand menu, and then click myLoadBalancer from the resources list.

  2. Under Settings, click Backend pools, then click Add.

  3. On the Add a backend pool page, do the following:

    • For name, type myBackEndPool, as the name for your backend pool.
    • For Virtual network, in the drop-down menu, click myVNet
    • For Virtual machine, in the drop-down menu, click, myVM1.
    • For IP address, in the drop-down menu, click the IP address of myVM1.
  4. Click Add new backend resource to add each virtual machine (myVM2 and myVM3) to add to the backend pool of the load balancer.

  5. Click Add.

    Adding to the backend address pool -

  6. Check to make sure your load balancer backend pool setting displays all the three VMs - myVM1, myVM2 and myVM3.

Create a health probe

To allow the load balancer to monitor the status of your app, you use a health probe. The health probe dynamically adds or removes VMs from the load balancer rotation based on their response to health checks. Create a health probe myHealthProbe to monitor the health of the VMs.

  1. Click All resources in the left-hand menu, and then click myLoadBalancer from the resources list.

  2. Under Settings, click Health probes, then click Add.

  3. Use these values to create the health probe:

    • myHealthProbe - for the name of the health probe.
    • HTTP - for the protocol type.
    • 80 - for the port number.
    • 15 - for number of Interval in seconds between probe attempts.
    • 2 - for number of Unhealthy threshold or consecutive probe failures that must occur before a VM is considered unhealthy.
  4. Click OK.

    Adding a probe

Create a load balancer rule

A load balancer rule is used to define how traffic is distributed to the VMs. You define the front-end IP configuration for the incoming traffic and the back-end IP pool to receive the traffic, along with the required source and destination port. Create a load balancer rule myLoadBalancerRuleWeb for listening to port 80 in the frontend FrontendLoadBalancer and sending load-balanced network traffic to the backend address pool myBackEndPool also using port 80.

  1. Click All resources in the left-hand menu, and then click myLoadBalancer from the resources list.

  2. Under Settings, click Load balancing rules, then click Add.

  3. Use these values to configure the load balancing rule:

    • myHTTPRule - for the name of the load balancing rule.
    • TCP - for the protocol type.
    • 80 - for the port number.
    • 80 - for the backend port.
    • myBackendPool - for the name of the backend pool.
    • myHealthProbe - for the name of the health probe.
  4. Click OK.

    Adding a load balancing rule

Test the load balancer

  1. Find the public IP address for the Load Balancer on the Overview screen. Click All resources and then click myPublicIP.

  2. Copy the public IP address, and then paste it into the address bar of your browser. The default page of IIS Web server is displayed on the browser.

    IIS Web server

To see the load balancer distribute traffic across the VMs distributed across the zone you can force-refresh your web browser.

Clean up resources

When no longer needed, delete the resource group, load balancer, and all related resources. To do so, select the resource group that contains the load balancer and click Delete.

Next steps

Learn more about Standard Load Balancer.