LoadMaster for Azure
Contents
1 Introduction
This document provides step-by-step instructions on how to deploy a Kemp Virtual LoadMaster using the Azure Resource Manager (ARM) portal. This document is intended to provide an overview of LoadMaster for Azure and to introduce some basic aspects of LoadMaster functionality.
1.1 Load Balancing in Microsoft Azure
Before we create a LoadMaster Virtual Machine (VM) in Azure, it is important to understand the traffic flow so that VMs in Microsoft Azure can be configured appropriately.
Microsoft Azure Infrastructure as a Service (IaaS) deployments accept traffic only on published endpoints. Any request to access Microsoft Azure workloads passes through the default load balancing layer of the Microsoft Azure platform. The figure below depicts the default deployment without the use of a Kemp LoadMaster in Azure .
Any workload being published consists of an availability set, which represents a single VM or multiple VMs. When a VM is created, if an availability set exists, you have an option to connect the VM to an existing availability set. As more VMs are connected to an existing VM (and thus to an existing availability set), the built-in Microsoft Azure load balancer distributes connections when creating a load-balanced endpoint.
If you wish to use LoadMaster for Azure for your deployment, the following steps must be completed:
1. The LoadMaster for Azure needs to be deployed first.
2. All the VMs that need to be load balanced using the LoadMaster can then be created and must be connected to the existing LoadMaster VM to create the required grouping.
3. Finally, when creating endpoints, we cannot use the Load-Balance traffic on an existing endpoint option in Azure as we do not want to use the Microsoft Azure Load Balancer to load balance incoming connections.
The figure below depicts the flow when LoadMaster for Azure is deployed:
Notice that VM1, VM2 and VM3 in this example are grouped into a single availability set and the endpoint for published Virtual Services is created only on the LoadMaster VM. By doing this, we receive all load balanced traffic on the LoadMaster VM and the logic of load balancing incoming connections are applied as per the configured Virtual Service on the LoadMaster for a given workload.
Also, notice that VM1, VM2 and VM3 will not have any endpoints as they are not going to be published directly to the internet.
There may be exceptions to this rule for connections that require direct connectivity to the VM such as Remote Desktop Connections to Windows Server OS.
1.2 Known Issues/Limitations
There are a couple of known issues/limitations to be aware of:
- Transparency is not possible in HA setups in Azure environments. For more information and requirements, refer to the Transparency Feature Description document on the Kemp Documentation page.
- Do not downgrade from firmware version 7.2.36 or higher to a version below 7.2.36. If you do this, the LoadMaster becomes inaccessible and you cannot recover it.
- The Virtual Service IP address must be the same IP address as the network interface.
- Alternate default gateway support is not permitted in a cloud environment.
2 Installation Prerequisites
To support LoadMaster for Azure, the following are required:
- An active subscription of Microsoft Azure Virtual Machines
- A client computer running Windows 7 or newer
- Internet Explorer 9 or newer, or any modern browser
- A minimum of 2GB RAM on the cloud environment
-
If you want to enable 10 Gb throughput for a LoadMaster virtual machine (VM) in Azure, you must select an Azure VM instance type that supports the 10 Gb Mellanox driver. Refer to the Sizes for Linux virtual machines in Azure page for further details.
It is not possible to bond interfaces on Azure LoadMasters.
3 Creating a LoadMaster for Azure VM
Please ensure that the prerequisites documented in the earlier section are met.
3.1 Create an SSH Key Pair
When creating a LoadMaster for Azure VM, there are two options for authentication - a password or an SSH public key. Kemp recommends using a password, but either way will work fine. If you choose to use a password, this section can be skipped and you can move on to the Licensing Options section to create the LoadMaster for Azure VM. If you choose to use an SSH public key, an SSH key pair will need to be created.
To create an SSH key pair, you will need to use a program such as the PuTTYgen or OpenSSH. As an example for this document, the steps in PuTTYgen are below:
1. Open PuTTYgen.
2. Click Generate.
3. Move the mouse over the blank area in the middle. This generates a random pattern that is used to generate the key pair.
4. Copy and save the public and private key as needed.
It is recommended to store SSH keys in a secure location.
3.2 Licensing Options
There are two main licensing options when deploying a LoadMaster for Azure:
- Hourly consumption
- Bring Your Own License (BYOL)
To use the BYOL option, follow the steps below:
1. Deploy the BYOL - Trial and perpetual license version of the Virtual LoadMaster (follow the steps in the section below to do this).
2. Contact a Kemp representative to get a license.
3. Update the license on your LoadMaster to apply the license change (System Configuration > System Administration > Update License).
4. Kemp recommends rebooting after updating the license.
3.3 Creating a LoadMaster for Azure VM
This section provides step-by-step instructions on how to deploy a Kemp Virtual LoadMaster in the ARM dashboard.
There is a new button on the Microsoft Azure portal called "GET IT NOW". When you click this button and log in, you are brought to the marketplace and a choice of products is displayed. When you select a product and click Continue, you are brought to the dashboard screen to create a Virtual Machine. Continue from the Create step below.
The steps in this document reflect the steps in the Azure Marketplace (http://portal.azure.com).
The steps below are carried out from http://portal.azure.com and not from http://manage.windowsazure.com.
To deploy a new LoadMaster using ARM, follow the steps below:
1. From the Azure Management Portal dashboard, click Marketplace.
2. In the menu on the left, click the New icon.
3. Enter Kemp in the search bar.
4. Click the desired Virtual Machine type.
If you want to enable 10 Gb throughput for a LoadMaster virtual machine (VM) in Azure, you must select an Azure VM instance type that supports the 10 Gb Mellanox driver. For more information, refer to the Enable a 10 Gb Interface section.
5. Select Resource Manager in the drop-down list and click Create.
If deploying a Bring Your Own License (BYOL) LoadMaster it is also possible to choose the classic deployment model. The remaining steps may vary slightly if using the classic deployment model.
6. Enter a Name for the Virtual Machine.
7. Enter a User name.
a) This will not be used by LoadMaster for Azure. Provide a name of your choice. The default username to access the LoadMaster is bal.
b) Fill out the authentication details. There are two possible methods of authentication - using a password or an SSH key. Depending on what you select, complete the relevant step below:
- Password: Enter a password.
This password is used to access the LoadMaster WUI.
- SSH Public Key: Paste the SSH public key which was created in the Create an SSH Key Pair section. The private key is needed to connect to the LoadMaster using SSH.
It is recommended to store SSH keys in a secure location.
8. Select the relevant Subscription.
9. Select the relevant Resource group, or create one if needed.
10. Select the relevant Location.
11. Click OK.
Available sizes may change depending on the region.
12. Select from the recommended pricing tiers. Click View all if the recommended pricing tier is not meeting the recommended requirements (see the table in the Recommended Pricing Tier section for further information regarding recommended pricing tiers).
13. Click Select.
14. Select the relevant Disk type.
15. Select the relevant Storage account, or create one if needed.
16. Select the relevant Virtual network, or create one if needed.
17. Select the relevant Subnet.
18. Select the relevant Public IP address, or create one if needed.
19. Select the relevant Network security group, or create one if needed.
The security group should contain rules for port 8443 (management), 22 (SSH) and any other ports that are needed by the backend.
Do not block port 6973.
20. Select Disabled for Diagnostics.
21. Click OK.
22. A summary of the settings is displayed. Click OK.
23. Click Purchase.
The creation of a VM may take a few minutes or more depending on the Azure portal's responsiveness and other factors. Ensure that the VM is created without any errors. Resolve any errors if needed.
When creating connected VMs, ensure to select the same Virtual network as the LoadMaster.
3.3.1 Enable a 10 Gb Interface
Follow one of the two procedures below depending on whether you are adding a single network interface or multiple network interfaces to the LoadMaster.
To enable 10 Gb throughput for a LoadMaster virtual machine (VM) in Azure, you must select an Azure VM instance type that supports the 10 Gb Mellanox driver. Accelerated Networking is supported on most general purpose and compute-optimized instance sizes with two or more vCPUs. These supported series are: D/DSv2 and F/Fs. On instances that support hyperthreading, Accelerated Networking is supported on VM instances with four or more vCPUs. Supported series are: D/Dsv3, E/Esv3, Fsv2, Lsv2, Ms/Mms and Ms/Mmsv2. Refer to the Sizes for Linux virtual machines in Azure page for further details.
3.3.1.0.1 Add a Single Interface to the LoadMaster
To enable 10 Gb interfaces on the LoadMaster, perform the following steps:
1. Deploy the LoadMaster.
For the purposes of this document, the Standard DSv2 machine size is used.
When you instantiate a 10 Gb interface, it appears as two interfaces in the LoadMaster Web User Interface (WUI). The two interfaces are related and have the same MAC address. Only the first interface has an IP address. If you want to modify the interface, you must do this on the interface that has the IP address listed.
2. License the LoadMaster.
3. Verify that the Mellanox driver has instantiated correctly by performing the following steps:
a) If the LoadMaster was deployed with a single interface, two interfaces are displayed under System Configuration > Interfaces on the LoadMaster WUI. If only one interface is displayed this means that the Mellanox driver has not instantiated.
b) To instantiate the Mellanox driver, you must shut down the LoadMaster. Navigate to: System Configuration > System Administration > System Reboot and click Shutdown. You must also stop the LoadMaster from the Azure WUI by clicking Stop.
c) To start the LoadMaster on the Azure WUI, click Start.
d) When the LoadMaster boots up, navigate to: System Configuration > Interfaces on the LoadMaster WUI and verify that two interfaces (eth0 and eth1) are displayed under System Configuration > Interfaces.
e) You can also verify that two interfaces are active by checking performing an Ifconfig. To perform an Ifconfig, navigate to System Configuration > Logging Options > System Log Files and click Debug Options. On the Debug Options screen, click Ifconfig. This displays two interfaces with the same hardware address.
3.3.1.0.2 Add Multiple Interfaces to the LoadMaster
The Azure WUI does not allow interfaces with accelerated networking to be added. You must add the interface by using the Azure command line interface (CLI) or by using PowerShell.
You must run the command with the LoadMaster in a powered off state.
1. Create the interface using the Azure CLI similarly to the example below:
PS C:\Users\test> az network nic create --resource-group testdoc --name myNic2 --vnet-name myVnet --subnet subnet2 --accelerated-networking true --public-ip-address myPublicIp2 --network-security-group myNetworkSecurityGroup --location eastus
2. When the interface is created, you can add this interface to the LoadMaster when it is in a powered off state. Navigate to the Networking tab of the LoadMaster on the Azure WUI.
3. Click Attach network interface.
4. When the attachment is complete, both interfaces appear on the Azure WUI.
5. Restart the LoadMaster.
6. Verify that the interfaces are displayed under System Configuration > Interfaces on the LoadMaster WUI. The LoadMaster WUI should now display four interfaces.
You can also verify that four interfaces are active by checking performing an Ifconfig. To perform an Ifconfig, navigate to System Configuration > Logging Options > System Log Files and click Debug Options. On the Debug Options screen, click Ifconfig.
Unlike the single interface case where eth0 and eth1 are related, for multiple interfaces, eth0 and eth2 and eth1 and eth3 are related (with the same MAC address). eth0 and eth1 have the IP addresses, the other interfaces without the IP addresses are related by the HWaddr (the MAC address).
3.3.2 Recommended Pricing Tier
When creating a LoadMaster for Azure Virtual Machine, you must select a pricing tier. The recommended pricing tiers are listed in the table below.
If the relevant pricing tier is not displayed, click View all.
VLM Model |
Recommended Pricing Tier |
---|---|
VLM-200 |
A1, A2, A3 |
VLM-2000 |
A2, A3, A4 |
VLM-5000 |
A3, A4, A5 |
VLM-10G |
A7, A8, A9 |
3.4 Licensing and Initial Configuration
The following procedure will help you set up LoadMaster for Azure by ensuring appropriate licensing and basic configuration before you can create a Virtual Service and publish the required workloads:
1. Using a supported web browser, navigate to https://<DNSName>:8443.
Substitute <DNSName> with the DNS name you created in previous section.
2. Take the appropriate steps to acknowledge notification about the self-signed certificate to proceed.
3. The LoadMaster requires you to log in before you can proceed any further. The password used to log in will vary depending on whether you choose to use Password authentication or SSH Public Key authentication when creating the VM in the Licensing Options section:
- Password: Provide the username bal and the password which was set in the Licensing Options section.
Click Continue.
- SSH Public Key: Provide the default username bal and password 1fourall to proceed. You are required to change the default password soon after.
4. You are presented with the End User License Agreement (EULA). You must accept the EULA to proceed further. Click Agree to accept the EULA.
5. After accepting the EULA, you are presented with a password change screen. Provide a secure password of your choice. Click Set Password to commit changes. The new password is effective immediately.
6. On the password notification screen, click Continue.
7. The LoadMaster requires you to authenticate with a new password. Enter bal in the user field and the new password in the password field. Click Ok to proceed.
8. Before using the LoadMaster, it must be licensed. For instructions on how to license the LoadMaster, refer to the LoadMasterLicensing Feature Description on the Kemp Documentation Page.
When licensing a trial, you can usually only get a trial VLM-5000.
9. After licensing, you are given the opportunity to enable Kemp Analytics. With this feature, LoadMaster collects and sends usage data to Kemp for analysis. This data is strictly about product usage, enabled capabilities, and statistics. No sensitive user data, or traffic of any kind is either collected or communicated. To enable this feature, click Enable Kemp Analytics. To proceed without enabling this feature, click Don't Enable Kemp Analytics. For more information, visit https://kemp.ax/KempAnalytics.
10. You are then presented with the main menu and home screen of the LoadMaster.
Before you can create Virtual Services, you should create VMs that you are load balancing through LoadMaster for Azure. Ensure that your Network Security Group (NSG) is set up correctly depending on which services you are load balancing. The following section will provide some details on this topic.
4 Creating Virtual Services
The following steps describe how to create a Virtual Service on the LoadMaster for Azure.
1. Using a supported web browser, navigate to https://<DNSName>:8443. Substitute <DNSName> with the DNS name you created in the Creating a LoadMaster for Azure VM section.
2. Take the appropriate steps to acknowledge notification about the self-signed certificate to proceed further.
The certificate used by the WUI will take the public name used by Azure.
3. If prompted, log in to the WUI.
4. From the main menu, expand the Virtual Services section and click Add New.
5. In the Virtual Service parameters section, provide the following details:
a) Virtual Address: This field is pre-populated with the eth0 IP address:
i. If only one Network Interface Card (NIC) is present for the Virtual Machine - the LoadMaster is limited to a single IP. To create a Virtual Service, you must use the internal IP address of the LoadMaster VM. You can find the internal IP address in the VM's dashboard page.
ii. If more than one NIC is present in the Virtual Service, it is possible to use any of the internal IP addresses as the Virtual Service address.
Only the IP address on eth0 is connected to the public IP.
b) Port: This must be the same port as the Private Port defined while creating the endpoint in earlier section.
c) Service Name: While optional, service name helps identify the purpose of the Virtual Service being created
d) Protocol: This must be the same as the protocol selected during creation of the endpoint in the earlier section.
6. Click the Add this Virtual Service button.
7. Expand the Standard Options section.
Virtual Services in the LoadMaster for Azure may be set to transparent.
8. Configure the remaining virtual parameters as necessary. Use the Kemp LoadMaster guides from the Product Documentation section located on the Kemp website: http://kemptechnologies.com/documentation
9. Add VMs being load balanced in the Real Servers section of the Virtual Service.
Repeat the steps above as necessary to create more Virtual Services on LoadMaster for Azure.
5 Deploying a LoadMaster Programmatically
If you want to deploy a LoadMaster outside of the portal, for example using a template or a script, you must first enable programmatic deployment of the offering in the portal. To do this, follow the steps below:
1. From the Azure Management Portal dashboard, click Marketplace.
2. In the menu on the left, click the New icon.
3. Enter Kemp in the search bar.
4. Click the desired Virtual Machine type.
5. Click the Want to deploy programmatically? link at the bottom.
6. Select Enable and click Save.
You must repeat these steps for any other Virtual Machine types that you want to deploy programmatically.
References
While the instructions above provide a basic overview of how to deploy and configure LoadMaster for Azure, it is not designed to be a comprehensive guide to configure every possible workload. This section identifies some of many guides published on our resources section of our website. Unless otherwise specified, the following documents can be found at http://kemptechnologies.com/documentation.
Kemp LoadMaster, Product Overview
Web User Interface (WUI), Configuration Guide
CLI, Interface Description
RESTful API, Interface Description
Virtual Services and Templates, Feature Description
SubVSs, Feature Description
SSL Accelerated Services, Feature Description
Port Following, Feature Description
Content Rules, Feature Description
ESP, Feature Description
Quickstart Guide
HA for Azure, Feature Description
Licensing, Feature Description
You can find more documentation here: http://kemptechnologies.com/documentation
You can engage in community discussions on forums at: https://support.kemptechnologies.com/hc/en-us/community/topics
Last Updated Date
This document was last updated on 07 March 2022.