Load Balancing Virtual Machines
External communication with virtual machines can occur through endpoints. These endpoints are used for diffierent purposes, such as load-balanced traffic or for direct virtual machine connectivity, like RDP or SSH. You define endpoints that are associated to specific ports and are assigned a specific communication protocol. An endpoint can be assigned a protocol of TCP or UDP (the TCP protocol includes HTTP and HTTPS traffic). Each endpoint defined for a virtual machine is assigned a public and private port for communication. The private port is defined for setting up communication rules on the virtual machine and the public port is used by Windows Azure to communicate with the virtual machine from external resources.
Note: If you want learn about connecting to virtual machines directly by hostname or set up cross-premises connections, see Windows Azure Virtual Network Overview.
If you configure it, Windows Azure provides round-robin load balancing of network traffic to publicly defined ports of a cloud service. When your cloud service contains instances of web roles or worker roles, you enable this load balancing by setting the number of instances running in the service to greater than two and by defining a public endpoint in the service definition. For virtual machines, you can set up load balancing by creating new virtual machines, connecting them under a cloud service, and then adding load-balanced endpoints to the virtual machines.
A load-balanced endpoint is a specific TCP or UDP endpoint that is used by all virtual machines contained in a cloud service. The following image shows a load-balanced endpoint that is shared among three virtual machines and uses a public and private port of 80.
This task includes the following steps:
Step 1: Create the first virtual machine
To create load-balanced virtual machines contained in a cloud service, you must create the first virtual machine and then connect additional virtual machines to this first machine. When you create this virtual machine, a cloud service is created for you. The cloud service that is created to contain this virtual machine is not shown in the Management Portal until you connect additional virtual machines to the first machine. You can create the first virtual machine by using one of the following methods:
- Quick Create - You can quickly create a virtual machine by choosing an image from the Image Gallery and providing a name for the virtual machine and an administrator password. For more information, see How to quickly create a virtual machine.
- From Gallery - You can create a virtual machine by providing advanced settings, such as size, connected resources, DNS name, and network connection. For more information, see How to create a custom virtual machine.
Step 2: Add an endpoint to the first virtual machine
All virtual machines that you create in Windows Azure can automatically communicate using a private network channel with other virtual machines in the same cloud service or virtual network. However, you need to add an endpoint to a virtual machine for other resources on the Internet or other virtual networks to communicate with it.
To set up load balancing for virtual machines, you add an endpoint to the first virtual machine that you create and then you assign that endpoint to all other virtual machines that you connect to the first virtual machine. For more information about creating an endpoint, see How to set up communication with a virtual machine.
Step 3: Add virtual machines to the cloud service
When you create a virtual machine, a cloud service is automatically created to contain the virtual machine. You can connect multiple virtual machines under the same cloud service to enable them to communicate with each other, to balance the load of network traffic among them, and to maintain high availability. For more information about connecting virtual machines, see How to connect virtual machines in a cloud service. For more information about managing the availability of your application, see Manage the availability of virtual machines.
Step 4: Set up load balancing of the virtual machines
After you connect additional virtual machines to the first machine and you create an endpoint on the first virtual machine, you can assign that endpoint to be used by the new virtual machines for load balancing.
To set up a load-balanced endpoint
If you have not already done so, sign in to the Windows Azure Management Portal.
Click Virtual Machines, and then select one of the virtual machines that you connected to the first virtual machine.
Click Add Endpoint.
Select Load balance traffic on an existing endpoint, choose the endpoint that you added to the first virtual machine, and then click the arrow to continue.
In Name, type a name for the endpoint.
In Private Port, type the port number that you want the virtual machine to use. You can use the private port and firewall rules on the virtual machine to redirect traffic in a way that is appropriate for your application. The public port is the same as the public port defined for the endpoint on the first virtual machine. The private port can be the same as the public port. For example, for an HTTP endpoint, you will likely want to use port 80 as the public port and the private port for all virtual machines.
Click the check mark to create the load-balanced endpoint. You will see Yes in the Load Balanced column of the Endpoints page for both virtual machines.
Complete steps 2 through 8 for each virtual machine in the cloud service.
Step 5: (Optional) Define load-balancing probes
A virtual machine must be in a healthy state to receive network traffic. You can optionally define your own method for determining the health of the virtual machine by adding a load-balancing probe to the load-balanced endpoint. Windows Azure probes for a response from the virtual machine every 15 seconds and takes a virtual machine out of the rotation if no response is received after two probes. You must use PowerShell to define probes on the load balancer. For more information about using Windows Azure cmdlets, see Getting Started with Windows Azure PowerShell.
To change the configuration of an existing virtual machine using PowerShell, you must get the object that represents the virtual machine, modify the configuration, and then update the object to save the changes. The following example uses the Get-AzureVM cmdlet to retrieve the virtual machine object, pipes the object to the Set-AzureEndpoint cmdlet to change the load-balanced endpoint settings, and then pipes the changes to the Update-AzureVM cmdlet:
Get-AzureVM -ServiceName "MyService" -Name "MyTestVM2" | Set-AzureEndpoint -LBSetName "MyLBSet" –Name MyTestEndpoint2 –Protocol tcp –LocalPort 80 -ProbePort 80 -ProbeProtocol http -ProbePath "/" | Update-AzureVM
To run the cmdlets that are listed in the previous example, you must know the following information:
- Service name – The name of the cloud service in which the virtual machine is contained.
- Name – The name of the virtual machine to which the endpoint is attached.
- Load balancing set name – The name of the load balancing set to which the endpoint belongs. When you create a load-balanced endpoint, a load-balancing set is automatically created for you to contain the load-balanced endpoints. When you create load-balanced endpoints in the Management Portal, the load-balanced set name is the same as the first endpoint defined for the set.
- Endpoint name – The name of the endpoint to which you are adding the load-balancing probe.
- Protocol – The protocol that is used for communication with the endpoint. The TCP and UDP protocols are used for defining endpoints. The TCP protocol supports HTTP and HTTPS.
- Local port – The number of the port that is used for load balancing network traffic.
- Probe port – The port to which the load-balancing probe is associated.
- Probe protocol – the protocol that the probe is expecting.
- Probe path – The path that defines the action of the web server. This option is only needed if http traffic is expected on the endpoint. You can define the path to be “/”, or you can specify a page or application to run to provide the health status. If you specify “/”, the web server returns a status of 200, any other status will keep the virtual machine out of the load-balancing rotation. The URL that is configured for the load-balancing probe receives a GET request from Windows Azure without passing host headers or authentication of any kind. If the probe path you specify returns a 401 ACCESS DENIED then Windows Azure will not add the virtual machine to the rotation. It is important to configure a URL that can respond anonymously. If you specify a page or program to define health status, the resource must return 200 to enable the virtual machine to be included in the load-balancing rotation.
You can get information about endpoints that have been defined for a virtual machine by using the Get-AzureVM cmdlet and the Get-AzureEndpoint cmdlet.
Get-AzureVM -ServiceName "MyTestVM1" -Name "MyTestVM2" | Get-AzureEndpoint
The previous command produces the following results: