Load balancing virtual machines

Azure Load Balancing VMs Study Guide (AZ-104 Friendly)

Goal

Make a web app highly available by placing two or more VMs behind an Azure Standard Load Balancer, so users access the app through one public IP, and traffic automatically fails over if a VM becomes unhealthy.

1) Core Concepts You Must Know

Load Balancer (Azure Load Balancer)

  • Layer 4 (TCP/UDP) load balancing.
  • Distributes traffic to multiple backend instances.
  • Does not terminate TLS like Application Gateway.

Public vs Internal Load Balancer

  • Public Load Balancer: Internet-facing, uses a public IP frontend.
  • Internal Load Balancer: Private-facing, uses a private IP frontend, accessible only within VNet, peering, VPN, ExpressRoute.

Frontend IP

  • The IP address clients connect to.
  • Public LB frontend uses a Public IP resource.

Backend Pool

  • The group of targets that receive traffic.
  • Usually VM NICs (common), sometimes IP addresses.

Load Balancing Rule

  • Defines how traffic flows from frontend โ†’ backend.
  • Example: TCP 80 โ†’ 80.

Health Probe

  • Checks backend health.
  • Unhealthy instances are removed from rotation automatically.

Session Persistence (Sticky Sessions)

  • Controls whether the same client keeps hitting the same backend VM.
  • Options typically include:
    • None
    • Client IP
    • Client IP and Protocol

2) Typical Exam Scenario

You have:

  • Two VMs (example: vm-2 and vm-3)
  • IIS installed on both (default site)
  • Deployed in different availability zones
  • Each VM currently has its own public IP

You need:

  • One public entry point
  • Traffic distribution across both VMs
  • Failover if one VM stops

Solution:

  • Standard Public Load Balancer
  • Backend pool includes both VM NICs
  • Load balancing rule for TCP 80
  • Health probe on port 80

3) Build Steps (Portal Workflow)

Step A: Create the Load Balancer

Path:

  • Create a resource โ†’ search Load balancer

Key settings:

  • SKU: Standard (preferred for production)
  • Type: Public (internet-facing)
  • Region: Same as backend VMs
  • Tier:
    • Regional: same region
    • Global: cross-region (advanced)

Step B: Frontend IP Configuration

  • Create or select a Public IP
  • Optional: choose zone-redundant public IP for HA

Step C: Backend Pool

  • Select the VNet where the VMs exist
  • Add VM targets using NICs
  • Add vm-2 + vm-3

Step D: Health Probe

  • Protocol: HTTP or TCP
  • Port: 80
  • If HTTP probe: define path (example /)

Step E: Load Balancing Rule

  • Frontend IP: your public frontend
  • Backend pool: your VM pool
  • Protocol: TCP
  • Port mapping: 80 โ†’ 80
  • Probe: use the health probe you created
  • Session persistence: None (unless app requires sticky sessions)

4) Validation Steps (What to Check)

Confirm the frontend IP works

  • Browse to: http://
  • You should reach one of the backend servers.

Confirm load balancing distribution

  • Refresh repeatedly.
  • If session persistence is None, you may see traffic alternate.
  • If it keeps hitting the same VM:
    • You might have persistence enabled
    • Browser connection reuse can also reduce visible switching

Confirm failover

  • Stop/deallocate one VM.
  • Refresh the site.
  • Traffic should continue via the remaining healthy VM.

5) Best Practices You Should Remember

Reduce attack surface

  • After LB is working, consider removing public IPs from backend VMs.
  • Allow inbound web traffic only via the load balancer.

NSGs must allow the traffic

  • VM/subnet NSG must allow inbound traffic on the web port (80/443).
  • Health probe traffic must also be allowed.

Use the right service for TLS termination

  • Azure Load Balancer is L4.
  • For TLS termination + WAF + URL routing:
    • Use Application Gateway
    • Or Azure Front Door (global edge)

6) AZ-104 Exam Cheat Sheet

Quick Picks

  • Need internet-facing HA for VMs (TCP/UDP) โ†’ Public Load Balancer
  • Need internal-only traffic distribution โ†’ Internal Load Balancer
  • Need HTTP routing, TLS termination, WAF โ†’ Application Gateway
  • Need global routing and acceleration โ†’ Front Door

Must-Have Components (Standard LB)

  • Frontend IP config
  • Backend pool
  • Health probe
  • Load balancing rule

Common Gotchas

  • Backend VM NSG blocks port 80/443
  • Health probe misconfigured (wrong port/path)
  • Backend VMs not in the same VNet/subnet expectations
  • Expecting TLS termination on Standard LB (wrong service)

7) Mini Practice Questions (with answers)

Q1: You need to load balance an internet-facing IIS app across two VMs with one public IP. What service?
A: Public Azure Standard Load Balancer (L4)

Q2: A backend VM stops responding. How does Azure remove it from rotation?
A: The health probe marks it unhealthy, LB stops sending traffic.

Q3: You need sticky sessions for a legacy app. What setting do you change?
A: Session persistence (Client IP or Client IP + Protocol)

Q4: You need SSL termination and WAF for your web app. Which service is best?
A: Application Gateway (or Front Door depending on scope)

LinkedInCopyPinterestRedditTelegramChatGPTSMS

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *