HA for Azure (VM Depot)

 Download PDF File

Table of Contents


2HA in LoadMaster for Azure


4Configure Azure

5Configure the LoadMasters


6.1Virtual Machine Inaccessible

6.2Query the Health Check Port

6.3Run a TCP Dump

6.4Sync Problems


Document History



When deploying an application using the Windows Azure Infrastructure as a Solution (IaaS) offering, chances are you need to provide load balancing and other application delivery functions such as content switching, SSL Termination and IPS. When using KEMP’s LoadMaster for Azure, you can not only address your needs of application delivery but also of High Availability (HA).

Deploying a single LoadMaster for Azure does not provide you with the high availability you need for your applications. When deploying a pair of LoadMasters in Azure, you can achieve high availability for your application using details provided in this document.

2HA in LoadMaster for Azure

Some important notes regarding how HA operates in the LoadMaster for Azure, are listed below:

  • If you are familiar with HA on a regular (non-Azure) LoadMaster, please take note that Azure uses a slightly different mechanism.
  • Synchronization of Virtual Service settings only occurs from the master to the slave. Changes made to the master will be replicated to the slave. However, changes made to the slave are never replicated to the master.
  • The replication (synchronization) of Virtual Service settings (from master to slave)is not instant in all cases and may take a few moments to complete
  • If the master unit fails, connections will be directed to the slave unit. The master unit is the master and will never become the slave, even if it fails. Similarly, the slave unit will never become the master. When the master unit comes back up, connections will automatically be directed to the master again.
  • Virtual Service configuration changes should never be made to the slave unit because these changes will not be replicated to the master. All Virtual Service Configuration changes should be made in the master unit. If the master unit is down, no Virtual Service configuration changes should be made.
  • The HA Check Port must be set to the same port on both the master and slave units for HA to work correctly


The following prerequisites must be met before proceeding to a high availability configuration:

  • Application VMs deployed in Azure in a Virtual Network
  • Application VMs may be configured to use single Cloud Service with no application endpoints created
  • Application endpoints will be created on Cloud Services for LoadMaster VMs
  • Application VM management endpoints can be created if VPN is not used
  • Two LoadMaster VMs deployed in Azureon same Virtual Network as Application VMs
  • Both LoadMaster devices licensed and configured
  • Each published as part of the same cloud service
  • Both LoadMasters should be configured to be part of an availability set

The following diagram provides overview of configuration described above:

Figure 3‑1: Example architecture

To configure high availability using the LoadMaster, the following configuration must be in place:

  • Application VMs are installed and configured
  • LoadMaster for Azure VMs are installed and configured
  • Virtual Services for applications are created on both LoadMaster VMs
  • Service Endpoints are created on Cloud Services for LoadMaster VMs
  • Following Management Endpoints are created on Cloud Services for LoadMaster VMs
  • TCP Port 22 for SSH access
  • TCP Port 8443 for Management Web User Interface (WUI) access
  • UDP Port 53 for inbound DNS queries to GEO LoadMaster

4Configure Azure

The steps in this document reflect the steps in VM Depot. For steps in the Azure Marketplace (http://portal.azure.com), refer to the HA for Azure (Marketplace), Feature Description.

The steps and screenshots in this section were correct at the time of writing. However, the Azure interface changes regularly so please refer to Azure documentation for up-to-date steps if needed.

Follow the steps below to set up the Virtual Machines in the Azure web portal:

Figure 4‑4‑1: Networks

  1. Select NETWORKS in the menu on the left.

Figure 4‑2: Custom Create

  1. Click NEW.
  2. Select the network servicesoption (circle icon) on the left.
  4. Select CUSTOM CREATE.

Figure 4‑3: Name and Location

  1. Enter a NAME.
  2. Select a LOCATION.
  3. Click next (right arrow).

Figure 4‑4: Skip this step

  1. Skip the DNS Servers and VPN Connectivity step by clicking next (right arrow).

Figure 4‑5: Add an Address Space

  1. Add an address space.

Figure 4‑6: Network creation

  1. Wait for the network to be completely created.

Figure 4‑7: Virtual Machines

  1. Select Virtual Machines in the menu on the left.

Figure 4‑8: From Gallery

  1. Click NEW.
  2. Select the compute option on the left (the first icon).
  4. Select FROM GALLERY.

Figure 4‑9: Select the image

  1. Select MY IMAGES on the left.
  2. Select the relevant Virtual LoadMaster (VLM) image.

Before you can select the VLM image, it must be imported from VM Depot. For steps on how to do this, refer to the Feature Description, LoadMaster for Azure.

Figure 4‑10: Virtual machine configuration

  2. Provide a password for the user.

This password will not be used.

  1. Leave the SIZE and TIER set to the default values.

Figure 4‑11: Virtual machine configuration - step 2

  1. Select Create a new cloud service from the CLOUD SERVICE drop-down menu.
  2. Select your network.
  3. SelectCreate an availability set.
  4. Enter a name for the availability set.
  5. Add endpoints for management.

The external and internal ports are set to different values. As the cluster only has one name/IP address, different ports must be used to access the units individually.

  1. Click next (the right arrow).

Figure 4‑12: Uncheck VM AGENT

  1. Remove the tick from the VM AGENT check box.


  1. Select VIRTUAL MACHINES from the menu on the left.
  2. Wait for the machine to provision. This may take some time.

Figure 4‑14: Cloud Services

  1. Select CLOUD SERVICES in the menu on the left.
  2. Confirm that the cloud service has also been deployed.

Figure 4‑15: Create the second Virtual Machine

  1. Create the second Virtual Machine, using a different name.

Figure 4‑16: Cloud Service

  1. Use the same cloud service as the one created for HA1.
  2. Select the AVAILABILITY SETthat was created earlier.
  3. Click the right arrow to continue.
  4. Wait for the Virtual Machine to provision. This may take some time.

Figure 4‑17: Endpoints

  1. Select the Virtual Machines option on the left (monitor icon).
  2. Select the HA1 machine.
  3. Select ENDPOINTS.
  4. Click ADD.

Figure 4‑18: Add an endpoint

  1. Add an endpoint.

Figure 4‑19: Ports

  1. Set the ports.

Figure 4‑20: Load balanced set

  1. Configure the load balanced set.
  2. Click the complete button (tick icon).

Figure 4‑21: Endpoints

  1. Wait for the end point to be added.
  2. Select the HA2 Virtual Machine on the left.
  3. Click ADD.

Figure 4‑22: Add existing endpoint

  1. Select theADD AN ENDPOINT TO AN EXISTING LOAD-BALANCED SEToption. Click next (the right icon).

Figure 4‑23: Endpoint details

  1. Set the ports.
  2. Wait for the endpoint to be added.
  3. The probe now needs to be changed to an actual HTTP request in order for it to work. This can be done by running a command in Azure PowerShell. In order to connect to Azure with PowerShell, you need to download and install the Azure PowerShell. This is a separate application from the stock PowerShell. It can be downloaded here: http://azure.microsoft.com/en-us/documentation/articles/install-configure-powershell/
  4. Then, download the Add-AzureAccount commandlet from http://msdn.microsoft.com/en-us/library/dn408486.aspx
  5. When the commandlet has been downloaded, run it. An example command on how to do this is below:Set-AzureLoadBalancedEndPoint ServiceName vlm-azure-ha –LBSetName WWW –ProbeProtocolHTTP –ProbePath / -ProbePort 8444 –ProbeIntervalInSeconds 5

Once this is done you can set up the LoadMaster. License and set up as usual. For more information and steps on how to license, refer to the Feature Description, Licensing document.

After licensing, follow the steps below to configure HA on the LoadMasters.

5Configure the LoadMasters

There is only one IP address per Azure instance so the IP address of the interface will be the same as the IP address of any Virtual Services. If the machine is shut down from the Azure portal the IP address will be released.

To configure LoadMaster for HA, follow the steps outlined in the sections below:

  1. Access the WUI of the LoadMaster which will be the master unit.
  1. In the main menu, select System Configuration > Miscellaneous Options > Azure HA Parameters.

Figure 5‑1: Master Unit

  1. Select Master HA Mode in the Azure HA Mode drop-down list.
  2. Enter the Partner Name/IP address of the slave LoadMaster unit and click Set Partner Name/IP.
  3. Enter the Health Check Port and click Set Check Port.

The Health Check Port must be set to the same port on both the master and slave units for HA to function correctly.

  1. Then, access the WUI of the slave unit. Complete steps 2 to 4 above in the slave unit, but select Slave HA Mode as the Azure HA Mode instead.

HA will not work if both units have the same value selected for the Azure HA Mode.

When HA is enabled on both devices, changes made to the Virtual Services in the master unit will be replicated to the slave.


Figure 5‑2: Master unit

You can tell, at a glance, which unit is the master, and which is the slave, by checking the mode in the top bar of the LoadMaster.

The current status of each LoadMaster, when HA is enabled, is shown as follows:


Figure 3: Master unit - Active


Figure 4: Slave unit- Active


Figure 5: Slave unit - Stand-By


The sections below provide some basic troubleshooting tips. If further assistance is required, please contact KEMP Support: https://support.kemptechnologies.com.

6.1Virtual Machine Inaccessible

It takes approximately five minutes for the Virtual Machine to become accessible after booting.

6.2Query the Health Check Port

In order to determine which LoadMaster to use as the master, Azure performs a HTTP health check of the partners.

When experiencing issues with HA for Azure, it can be useful to query the HA health check port. This will provide information that can help to determine the status of the HA cluster.

Figure 6‑1: Health check port end point

To query the HA health check port, create an end point in Azure for the health check port. Do this for each LoadMaster that needs to be checked.

Figure 6‑2: Status

Then, access the end point via a browser to check the status.

When querying or accessing this port on the LoadMasters - if the master is up, the master will report 200 OK, Master is UP and the slave will report 503 Master is Up. If the master is down the slave will report 200 OK, Slave is UP (Master is DOWN).

6.3Run a TCP Dump

Running a TCP dump and checking the results can also assist with troubleshooting. To do this, follow the steps below in the LoadMaster WUI:

  1. In the main menu, go to System Configuration > Logging Options > System Log Files.

Figure 6‑3: System Log Files

  1. Click Debug Options.
  2. In the TCP dump section, enter the relevant IP Address and the Azure HA Port.
  3. Click Start.
  4. Let the capture run for a few minutes.
  5. Click Stop.
  6. Click Download.
  7. Analyse the results in a packet trace analyser tool such as Wireshark.

Checks from the partner LoadMaster should appear in the results. If nothing is shown there is a problem, for example Azure may be blocking the connection.

6.4Sync Problems

In most scenarios the configuration settings are automatically synchronized between partners every two minutes. If a new Virtual Service is created, the settings are immediately synchronized. Because of this, creating a new Virtual Service is a good way of checking if the synchronization is working. To trace this, follow the steps below:

  1. Start a TCP dump, as detailed in Section 6.3, but use port 6973.
  2. Create a Virtual Service.
  3. Stop the TCP dump.
  4. Download the TCP dump file.
  5. Analyse the results.

After creating a Virtual Service, a lot of traffic should have been immediately triggered.

Generally, if a lot of packets are being transferred it means that the synchronization is working. If only a few packets are transferred, it may mean that the connection was unsuccessful. In this case, there may be a problem such as unmatched SSH keys.


Unless otherwise specified, the following documents can be found at http://kemptechnologies.com/loadmaster-documentation.

Feature Description, Licensing Feature Description, LoadMaster for Azure Configuration Guide, WUI Feature Description, GEO Product Overview, GEO HA for Azure (Marketplace), Feature Description Azure Virtual Machines – tutorials and guides:


Document History



Reason for Change



Feb 2014

Initial draft

First draft of document



Mar 2014

Minor change

Update to



July 2014

Release updates

Updates for 7.1-18a release



July 2014

Release updates

Updates for 7.1-18b release



Feb 2015

Minor change

Added reference



Mar 2015

Enhancements made

Various improvements made



Sep 2015

Screenshots updated

WUI Reskin



Was this article helpful?

0 out of 0 found this helpful