Having difficulty choosing the right load-balancing solution for your web application on Azure? Here is a post that will help you with it :)
There are a number of options in Azure for load-balancing web applications, but choosing the right approach is not hard. If you want to know more about picking the appropriate load-balancing solution on Azure based on your use case/needs, please check out this blog! There is also public documentation that talks about this tool :) Here is this awesome article to check out: Load-balancing options - Azure Architecture Center | Microsoft Learn
What to expect:
Here are the topics covered in this post:
1. An overview and walkthrough of the "Load Balancing Options - Help me choose" Tool on Azure Portal.
2. Other value adds to the Load balancing Tool that entails the other tabs available with the tool.
3. An overview of various Azure Load balancers on Azure and specific use cases and reasoning behind selecting them appropriately
This post is for the audience who are looking to choose the right Application Load Balancer on Azure depending on the web application's needs and use case. There is a specific tool "Load Balancing Options - help me choose" on Azure Portal that Azure offers, that makes the decision-making easier for Azure customers to choose the right load balancing solution per their needs or use case. In this post, I will walk through the less familiar but useful solution that will accelerate and help with the crucial decision-making process easier for customers in choosing the right load balancer for your application's needs.
Overview of the Tool:
You can decide the choice of load balancer based on the type of web application behind the Application Load balancer if it is regional or global and based on the type of internet-facing traffic if it is HTTPS only or non-HTTPS traffic. It is easier with this simpler tool that Azure offers us to help make this choice of decision.
Walkthrough of the decision tree:
Below is a screenshot of the tool that we can search using the "search resources" on Azure Portal. Also, I will walk through a demo for the decision tree to help with the right choice of the application load balancer on Azure Portal.
First, it will ask us about the choice of traffic for the application load balancing if HTTP/HTTPS is used by the application or if the traffic will be a non-Layer 7, non-HTTP/HTTPS traffic, etc. I will choose "HTTP/HTTPS" with a yes, as I wanted to choose the right application/Layer 7 load balancer, here for us in this walkthrough.
It will lead you to the next question which will ask us about the nature of our application and if it is public-facing or not. I will choose a "yes" here as well as I assume my application is public-facing here, in this demo.
The next question is about the application deployment if it is regional or deployed in one or more regions. I will choose a "Yes" here for this question as it asks me if my application is deployed in one or more regions and my application is deployed in one or more regions.
Now, as we have mentioned that our application is deployed in different regions, it asks us about performance needs for the application and I choose a "yes" here as well, as I believe that my application demands performance acceleration needed for the users.
The next question helps me drill down to the requirement for requests coming through to my application, like if SSL offloading is needed. I choose a "Yes" here as well as I want SSL offloading.
Finally, with this easy and simple decision tree that Azure offers me, I am able to narrow it down to the best choice to use a combination of regional and global application load balancers for high availability, performance, and resilience depending upon the nature of the web application behind it and performance needs for it. So I will choose to use a combination of Azure Front Door and Azure Application Gateway here as the tool suggested reviewing my business needs.
The choice of application load balancer here is made, based on the performance needs for a choice of Azure Front Door as it has strong caching capabilities for performance acceleration for global users, and also a regional load balancer (Azure Application Gateway) for my applications as it needs SSL offloading for regionally spread backend applications hosted on a VM and within a virtual network. So the design is with Azure Front Door in the front, with a backend for the Front Door that is an Azure Application Gateway. And the backends for Azure Application Gateway will be the Azure VMs hosting web applications, scoped in different VNETs/regions.
Azure Front Door -> Azure Application Gateway -> Backends/ web applications in East, West, and Central US
Tips for using the "Load balancing Options" Tool:
We can even start over the process using the "Start over" button of the flow chart or decision tree if we want to run it again for any other extra requirement or use case as it might arise for security, high availability needs, and cost consideration.
Also, we can use the "Previous" button whenever we want to revisit a previously filled question that the decision tree offers if we want to change it or might have entered the answer wrongly earlier.
Other Tabs:
We explored the "help me choose" tab for the decision tree to choose the right load-balancing solution on Azure.
There are other tabs that you may want to explore as well:
1. Service Comparison Tab:
This tab will help you compare the features of different load-balancing solutions on Azure.
2. Tutorial Tab:
This tab lets us explore the documentation about different load-balancing solutions on Azure for a simple tutorial. We can choose between readable tutorial documents or video tutorials to learn more.
Choosing between Global and regional application load balancing solutions: (Azure Front Door vs Azure Application Gateway)
Global: If you have a global-facing web application that you want to place behind an application load balancer to take advantage of WAF/Web Application Firewall and URL routing, and path routing functionalities, and you have users across the world trying to access the web application with strong caching needs, your choice of load balancer would be Azure Front Door.
Regional: If you have a regional web application spread across a single region contained within an Azure VNET, the choice of application load balancer here is Azure Application Gateway.
How to choose the right application load balancer based on our use case:
Azure Front Door as a choice for Application load balancing:
You can choose Azure Front Door when you have:
- Need for internet-facing global application load balancing.
- Need for End-to-End SSL for your globally accessed web application and for CDN-like functionalities.
- Strong caching needs and performance, compression needs.
- WAF needs - To allow or deny certain traffic and rate-limiting for preventing DDoS attacks.
- Global users access the application behind an application Load balancer.
- Custom Domains and wildcard domains. CNAME-based domain name validation.
- Redirect and rewrite functionalities, URLs, and path routing.
For more information on Azure Front Door as a load-balancing solution, please refer to this article.
For additional information on various SKU choices available with Azure Front Door please check the following article for choosing the right SKU:
Azure Front Door features and Tier Comparison:
Azure Traffic Manager as a choice for load balancing:
- When you need DNS-based load balancing, for high availability or failover reasons/scenarios, like based on the DNS name you want to load balance between geographically distributed applications, for example between applications in the East US and West US with similar DNS names.
- When we do not have any WAF needs.
For more information on Azure Traffic Manager as a load-balancing solution, please refer to this article.
Azure Application Gateway as a choice for application load balancing:
- For regional application load balancing needs.
- For having the application load balancer (Azure Application Gateway) scoped within an Azure VNET.
- Custom domains and wildcard domains. IP-based domain name validation.
- End-to-End SSL offload, URL-based routing, multiple site hosting.
- Rewrite rules, URL redirection, and path rules.
- Static frontend public IP for hosting the application behind a load balancer.
- WAF for application security. (For eg. the choice of SKU would be WAF V2)
- Autoscaling and zone redundancy. (Choice of SKU: Standard v2/ WAF V2)
For more information on Azure Application Gateway as a load-balancing solution, please refer to this article.
For additional information on different SKUs and versions of application gateway available please check this article.
Scenarios where layer 7 or Application load balancing is not needed:
If we do not have any Layer 7/ Application load balancing needs, and also do not need end-to-end TLS termination for an application on an Azure VM, you can choose an Internal or external Load balancer that operates at Layer 4 of the OSI layer. The internal load balancer is the choice when we do not want to have the Layer 4 Azure Load balancer public-facing, and want it to be private or internal for load balancing between applications running on Azure VMs. An external Load Balancer can be used for Layer 4 load balancing between applications running on Azure VMs, which can have a front-end Public IP, which will be the Public IP of an external Azure Load balancer.
Limitations of Load Balancing Tool - Help me choose:
There are some scenarios where the tool might not have an insight, i.e., the scenarios where the decision tree might not take into account, that needs to be planned in advance based on the backend needs for making the right choice, the scenarios where the Load balancing solution might not consider in making the right choice that we need to be aware of.
-> This tool might not have an insight on the type of backend like if it is app services as the backend or a storage account, a VM, or a VMSS or AKS to give us fine-grained insights catered to the specific services' needs that will apply to an app service or if the backend being a VM/VMSS. This tool will study if the web application is public facing or not and if the web application needs Layer 7 or Layer 4 load balancing for the decision-making of the right load balancing solution. Also, this will not differentiate between App Service Environment (ASE) or App services as the backend, so backend-specific choices can be taken for choosing the appropriate load balancing solution that the tool might not cover or address in the decision tree.
->This also doesn't consider cost as a decision-making factor, so if more information is needed to plan for the load-balancing choice decision, please refer to Pricing Calculator | Microsoft Azure to plan your needs.
-> This tool doesn't take into consideration the use case of placing an NVA or Azure Firewall before or after the load-balancing solution for the decision-making of the right application load balancer for your scenario.
For more information on such scenarios, please refer to:
1. Scenarios involving an Azure Application Gateway and Azure firewall: Firewall, App Gateway for virtual networks - Azure Example Scenarios | Microsoft Learn
2. Scenarios involving an Azure Front Door and an Azure Firewall: Network-hardened web app - Azure Example Scenarios | Microsoft Learn
Something to read if you are interested in learning more about this load balancing options tool with an easy tutorial:
For more information on using the "Load Balancing Options - help me choose" Tool on Azure Portal, here is a detailed guide that helps us walk through the steps to make this choice and use it.
Reference: Load-balancing options - Azure Architecture Center | Microsoft Learn
I hope this post was useful and might have helped with a better and simplified view of understanding the reasoning behind choosing the right load balancer decision for your web applications on Azure.
Happy Learning!
FastTrack for Azure: Move to Azure efficiently with customized guidance from Azure engineering. FastTrack for Azure – Benefits, and FAQ | Microsoft Azure