Azure Compute

Images

✓ Images are used in Azure to provide a new virtual machine with an operating system.
✓ An image might also have one or more data disks.
✓ Images are available from several sources: Azure offers images in the Marketplace. You'll find
recent versions of Windows Server and distributions of the Linux operating system.
Types of images in azure: There are 2 types.
1) OS image: This is the default images which Microsoft providing in the market place.
2) VM image: This is the image which we created based on the company requirement.

OS Image:
✓ This again subdivided into 2 types. Those are Gen1 and Gen2.
✓ Majorly we are using now a days gen2. Gen1 is old image.
VM Image:
✓ This is a customized image or we called as golden image.
✓ Each and every company will be having one customized image.
✓ This contains the set of software which are required for the software development.
✓ This is also vulnerable free image.

Create VM image: There are 2 ways we can create the VM image.

1. Capture:
✓ This one will capture the all files and software which were deployed on the base VM.
✓ Once the image is ready, we can create multiple VM’s using the VM image.
✓ Click on VM and click on capture or select images and fill the information.
✓ Under the options "Share image to Azure compute gallery“ select “No, capture only a
managed image”.
✓ If you want to automatically delete the vm, click on automatically delete option.
✓ Select Zone reciliancy for better performance.
✓ And finally provide and create the new image.
✓ Once the image is ready click on create new vm, under the image, see all images,
click on my image and select our image there.
✓ After that test weather you are able to create one more image on top the vm, you
can’t create.
✓ Finally test the softwares.
2) Azure Compute Gallery:
✓ This like a share image across the subscriptions, regions and tenants.
✓ This requires additional resource called azure compute gallery.
✓ First go to azure compute gallery and create one resource there.
✓ If you want to delete the vm, select the automatically delete option.
✓ Select your gallery, this will automatically will give the os state information.
✓ There are 2 options there, Generalized and Specialized. Both are almost same only difference is if you
are using specialized no need to input the password. This will take the old vm password.
✓ Under the target vm definition, select create new. In the new window provide the image name, and
remaining info keep as is.
✓ Select the version number as per your requirement.
✓ Check tick mart on “Exclude from latest” if you don’t want latest vm.
✓ Select the end of life, this is date. This is only for information.
✓ Keep replica count based on your requirement.
✓ Select create new vm, under the image, click on shared image and select our image there.
Run with Azure Spot Discounts:
✓ Azure provides the different options in the cloud to save the company compute cost.
✓ Azure Spot instances are comes under that category.
✓ We can save the lot of money when compared to regular vm.
✓ This only recommended for testing application or Dev/Test environments.
✓ With this spot discounts we won’t have any service level agreements or SLA’s on a case etc..
✓ Differnet types of families such as B series, N series, D series etc.. Can be deployed under the spot
discounts.
✓ Workloads should be tolerant to infrastructure loss as Azure may recall capacity for pay as you go
workloads.
✓ The eviction policy will be based on the 2 parameters. Capacity and price.
✓ If you specify the parameter as capacity, if ms requires the vm, your machine will be deleted or
deallocated based on eviction policy. If you select the policy should be deallocated you will be
paying for the disks even though your vm is not available.
✓ If you specify the max price range option on the eviction type, once the max price crossed, your vm
will be deleted or deallocated.
Virtual machine authentication Types:
✓ The Authentication of Virtual machine is again varies depends on the type of image we
have selected.
✓ If you have select windows image or windows customized image, then the authentication
we use is user name and password.
✓ If you select the image type is any of the Linux flavors then, we will be having 2 types of
authentication. Those are user name & password and SSH keys.
Demo-1:
✓ Click on create the VM, select the image as windows image or windows custom image.
✓ It will ask the username and password. Provide them.
✓ After VM created click on login using the credentials.

Demo-2:
✓ Click on create the VM, select the image as Linux image or Linux custom image.
✓ We got 2 options, one option is username and password. Provide them.
✓ After VM created click on login using the credentials.

Demo-3:
✓ Click on create the VM, select the image as Linux image or Linux custom image.
✓ We got 2 options, second option is ssh public key.
✓ We have 3 check boxed there, username. This is the root user we are going to provide on the server.
✓ SSH public key source: We have 3 options here.
1. Generate new public key pair: If this option selected, we need to provide the name of the key pair. While review
and creating the VM, it will allow you to download the pem file. Using the file separate both public key and
private key using puttygen. Go to puttygen and click on load the pem file and save the both public and private
keys. After that use private key to login to the VM.
2. Use existing key store in Azure: This required azure key vault. We need to upload the public key to key vault.
Then use the key to create a VM.
3. Use the existing public Key: Here we use the existing public key or generate the new public and private key,
then use them in VM creation and login.
✓ For login click on putty, then click on ssh, after that click on auth and click on credentials. Upload the private key in
the private key for authentication box. Also on the session provide the IP or DNS name of the server. Then provide
your user name.
Inbound port rules:
✓ Select which virtual machine network ports are accessible from the public internet.
✓ These are inbound ports on the network.
✓ Once you selected the ports, these ports will be automatically created on the NSG in the incoming rules
session.
✓ Its our which weather to opt this ports or not.
✓ We have majorly 4 types of ports are applicable here. Those are SSH(22), HTTP(80), HTTPS(443) and RDP
(3389).
Public inbound ports: This option only will allow you to select public ports or not.
Select inbound ports: If you opted the public inbound ports, here we have option to select what port needs to be
opened to the internet.
Delete NIC when VM is deleted: This option is used to cost control. This will allows you to delete NIC once the VM’s gets deleted by you.
Accelerated network:
✓ With this option set to on, which will improves the networking performance on the VM.
✓ This is bypasses the host from the data path which reduces the latency and cpu utilization on network supported VM types.
✓ Without the accelerated network option enabled the traffic will flow through network switch (NSG, routes, firewalls etc..) of the
VM.
✓ With accelerated network option, the entire traffic first comes to NIC and go to VM. The NIC contains entire information of network.
Hence NIC will respond fast, and send the traffic as per the client request.
Demo:
✓ By Default accelerated network is on.
✓ Create a VM with accelerated network enabled option.
✓ Go to NIC and check the properties, you will find the accelerated network is enabled.
✓ If you want to change the acceleration set to off first shutdown the VM.
✓ Open cloud shell, by clicking the cloud shell option on the portal. And run the following
command.
• To get the NIC info
$NIC=Get-AzNetworkInterface -Name devvm430_z1 -ResourceGroupName devvm_group
• Declare the NIC Accelerated property to false.
$NIC.EnableAcceleratedNetworking=$false
• Set the NIC Accelerated property to false.
$NIC | Set-AzNetworkInterface
• Start the VM using the following command.
Start-AzVM -ResourceGroup dev -Name devvm

✓ Load Balancer: This is external devise which allows route the target VM in proper manner. We
have 3 types. Currently lets take it as None.
Microsoft Defender for Cloud: This is additional security later on the VM, which gives the information
about the vulnerabilities, traffic monitoring, and other security aspects. This requires additional
license.
Identity: If this option enabled, will get one user type principle in the active directory.
Azure AD: If you want access as per azure AD, then we ned to integrate this option.
Auto-shutdown: This helps the costing. This allows shutdown your VM at a particular time. We also
can have the email notification VM shutdown info.
Alerts: These are part of azure monitoring. If this option selected the default alerts will be configured
on the VM.
Boot Diagnostics: Use this feature to troubleshoot boot failures for custom or platform images. Boot
diagnostics with managed storage account significantly improves creation time of Virtual machines
by using pre-provisioned storage accounts managed by Microsoft. We have 3 methods.
• Enabled with managed storage account: This will enable boot diagnostics with Microsoft
managed storage account.
• Enable with custom storage account: This will also enable boot diagnostics. But with
customer storage account.
• Disable: Boot diagnostics will be disabled.
Extensions: These are all additional software provided by Microsoft. If you want we can install while
creating the VM.
✓ Custom data and cloud init: This helps to write our own scripts and execute while creating the VM.
#!/bin/bash
apt install apache2 -y
service apache2 start
echo "Hello DevOps" > /var/www/html/index.html
✓ User Data:
✓ User data is a new version of custom data and it offers added benefits.
✓ This is also same like custom data option in the azure VM.
✓ User data can be retrieved from Azure Instance Metadata Service(IMDS) after provision.
✓ User data is persistent. It will be available during the lifetime of the VM.
 Availability Set/ Availability zone/ VMSS

Availability Set:
• This is the concept of servers within the data center.
• This contains multiple servers.
Fault Domains: In datacenter each rack of servers will have its own power supply and network
switch. Each rack in datacenter is one fault domain. This required for eliminating the single point
of failure. Eg: if only one switch, if that gone, entire datacenter servers will gone.
Why not the data center servers are present below way.
Reason: If the network switch or power supply switch has problem then all servers in the data
center will not work.
Update domains: This is logical separation of each and every VM. This used for patching
updates.
Availability set: It is made up of multiple fault domains and update domains.

Demo:
1. Create Availability set with the specific options.
2. Go to VM and create the VM with availability set option and select our availability
set.
Availability Zone:
➢ A Zone is subset of region.
➢ Each zone has one or more data centers.
➢ Each data center of course has independent power and network switch.
➢ The region who has availability zone has minimum 3 zones.
➢ And each availability zone has its own fault domains and update domains. That means if you
created 3 vms in all 3 zones your vms will have 3 update domains and 3 fault domains.
➢ If one VM deleted still you have 2 more in another zones. The chances of losing the VM is very less.
SLA for VM’s:

Demo:
Create a VM with availability zone option enabled.
VMSS:
✓ The abbreviation of VMSS is virtual machine scale set.
✓ This used to create and manage the multiple VM’s easily.

Use Case:
1. Initially business will only opt for few servers. Because they started just now.
2. But when ever the business goes they need to add the similar VM’s to the tier for effective
load distribution. This is because of traffic increased.
3. For this example we need to use VMSS.
EG: Gmail, facebook, Instagram.
VMSS:
1. Easily create and manage multiple VM’s.
2. All VM’s are in scale set are identical or flexible.
3. Azure load balancer also deploys along with VMSS for load balancing the VM’s
4. We can do the auto scale based on the metrics

Orchestration: There are 2 type of orchestration on VMSS.

1. Flexible:
• We can achieve high available VM’s with different sku.
• We can able to apply this vmss while creating the VM.
• Both Auto scale and manual scaling can be possible on the flexible orchestration mode.
2. Uniform:
• We can achieve large number of VM’s on the scale set.
• All VM’s on uniform orchestration should of same sku and same configuration.
• We can’t apply this type of vmss while creating the vm.
• Both auto scale and manual scaling is available on this vmss.
Demo-1:
▪ Go and select the vmss on the portal and click on create new.
▪ Under the orchestration mode, select flexible, and then review and create the vmss.
▪ Once the vmss is ready, we can see all the vm’s which are part of the VM.
▪ Click on scaling and change the vm count, then automatically the vm’s will changed.
▪ Now try create a VM with flexible vmss option, and change the sku on the newly created VM. This will allow you to do
that and you will getting the new VM.

Network (V-net/Subnet)

VMSS

VM-1 VM-2 VM-3

2cpu, 4gb ram 2cpu, 4gb ram 4cpu, 6gb ram
Demo-2:
▪ Go and select the vmss on the portal and click on create new.
▪ Under the orchestration mode, select uniform, and then review and create the vmss.
▪ Once the vmss is ready, we can see all the vm’s which are part of the VM.
▪ Click on scaling and change the vm count, then automatically the vm’s will changed.
▪ Now try create a VM with uniform vmss option, and change the sku on the newly created VM. This will not allow you to
do that.

Network (V-net/Subnet)

VMSS

VM-1 VM-2 VM-3

2cpu, 4gb ram 2cpu, 4gb ram 2cpu, 4gb ram
 Azure recovery service vault:

✓ A Recovery Services vault is a management entity that stores recovery points that are created over
time, and it provides an interface to perform backup-related operations
✓ These operations include taking on-demand backups, performing restores, and creating backup
policies.
✓ Also this is used on the disaster recovery scenarios.
✓ Recovery service vault can do the back up of Azure VM’s, Azure file shares, SQL server in azure VM,
SAP Hana in Azure VM, Microsoft Sql server, sharePoint, also on-prem servers (shares, vmware, sql
server, etc…).
Networking of Site Recovery vault: We have 2 types of networking.
1) Public network: Traffic from all public networks can access this resource.
2) Private end point: Private endpoints allow access to this resource using a private IP address from a
virtual network, effectively bringing the service into your virtual network.
BackUp:
✓ This is major resource for creating the back up and backup policies for azure VM’s.
✓ The way it will do the back up it, all the disks which are attached to the VM will be taken as the
snapshots and store into the azure site recovery vault.
✓ The backup will be taken as per the policy attached to the VM.
Backup Policy: By default 3 will have 3 policies already created while creating the site recovery
vault.
1) HourlyLogBackup: This policy is for SQL servers in azure VM. The backup will be taken every 1 hour
and transfer the snapshots to site recovery vault.
2) Default Policy: The most used policies. This will applied on the Azure Virtual machines. The
frequency is every day one backup. And this for old disks. This uses standard policy type.
3) Enhanced Policy: Enthused policy is also for azure virtual machines. Using this we can have
multiple snapshots in a day. And this will supports the Ultra SSD (preview) and Premium SSD v2
(preview) disks as well. This uses enhanced policy type.

Property Standard Policy Enhanced Policy

Frequency Everyday once Multiple times in a day
Disks HDD, SSD supports All types of disks support
Support Not support for trusted VM’s Support for trusted VM’s
Zone redundancy Only LRS Supports ZRS
Create new policy:
1. Click on backup policy, and click on add.
2. Select the policy type, I will select VM. This is due to we need this policy for VM’s.
3. Select Policy sub type, based on your requirement.
4. Provide your policy name.
5. Select the back up schedule, if you have selected the policy sub type is standard, then it will
allow you to select days or weeks. If you have selected the policy sub type is Enhanced, the it will
allow you to select the hours, day, and weeks.
6. Instant restore: this is used for faster restore. The no. of days can be kept b/w 2 to 5 days only.
7. Retention of daily backup point: This will tell how many days the snapshots will be present on the
site recovery vault. Similarly you can configure retention weekly, monthly and yearly.
Backup:
✓ Create Virtual machine.
✓ Go to recovery service vault and click on Backup.
✓ Select virtual machine and click on backup.
✓ Next window, select the policy and VM. After that click on enable backup.
✓ Once the backup enabled, then check the backup on recovery service vault under backup items or. On the VM also
we can check.
✓ If you want to take back up manually then click on backup now button.
✓ It will take few min to complete the backup.
✓ To see all the backup jobs, click on backup jobs.
✓ Once the back up is done we get the recovery points.
Recovery:
✓ Once the recovery point is ready, then consists of snapshots.
✓ Click on restore VM, and select the restore point.
✓ Restoring can be done in 2 ways.
1. Create New: This will create new VM using the snapshots.
2. Replace existing: The data will be uploaded to the existing VM.
✓ Click on restore button to get the VM restored.
Disable Backup on the VM:
1. Click on backup items.
2. Click on stop back up. This will stop the backup.
3. Click on security update uncheck “soft delete cloud workloads”, “Enable soft delete and security settings for hybrid
workloads” and click on save.
Disaster Recovery:
➢ Azure Site Recovery offers ease of deployment, cost effectiveness, and dependability.
➢ Deploy replication, failover, and recovery processes through Site Recovery to help keep your
applications running during planned and unplanned outages.
➢ Create the target recovery vault in target region.
Enabling replication:
At the Disaster Time:
Demo:
1. Create dev resource Group, and create a virtual machine in dev resource group and one storage account all are in east us region.
2. Make sure you select the windows server 2016 while creating the source VM. Due to some of the kernals related operating
systems are not supported by Microsoft eg: ubuntu, redhat etc..
3. Make sure the storage account is not enabled with soft delete, if it enabled, go to data protection and turn off the settings.
4. Create the target resource group called test in the target region let say central us.
5. Create one network in central us region, nsg and associate the nsg to the subnet.
6. Create site recovery vault, automation account in central us region.
7. Go to site recovery vault check the replication policy. By default we can get the 24 hours retention policy. If you want you can
create a new one.
8. For creating new policy, go to site recovery infrastructure, click on replication policies, and click on +replication policy. Then fill up
the information such as name, how many days of retention period. Then click on Ok.
9. Go back to vault, and click on replicated items and click on +replicate to create new replication.
10. Provide the source details, click on next. Then select your virtual machine.
11. Then click on replication settings, provide the target region, resource group, network. And select storage account and click on
manage button. There provide your automation account for asr managed replication settings. And create replication.
12. This will take some time to replicate. Please wait until the status become protected.
13. Click on the protected VM and check the RPO, which will tell how much delay b/w the VM. Eg: 30 sec.
14. If you want click on test failover for testing the connectivity. But this will not do anything. Click on failover to make the failover
happen. And this will move the data from the source VM to target. Also this will create new VM in target region.
15. Once the application is confirmed, click on commit, after commit we can’t change anything.
16. Then click on reproject for synchronizing the data b/w 2 regions. This means the vm currently running in target VM.
17. If you want the VM to be present in source VM, repeat the same steps.
18. If you don’t want replication click on disable replication.
19. Click on site recovery jobs to the jobs progress. If you got any error in middle while doing some activity. Fix the issue first then
restart the job again.
20. Click on site recovery events and enable the email notifications for monitoring some activities.
Load Balancer:
Load balencers are 4 types in cloud
1) Load Balencer
2) Traffic manager
3) Front Door and CDN profiles
4) App Gateway
Load Balencer:
→ This is service in azure for efficient traffic distribution
How it works:
→ Scaleset is the perfect example for this one.
→ Scaleset can add upto 1 to 100 servers at a time.
→So our job to loadbalence the application.
→ We can do that using load balancer.
Load Balancer Items:
1) Front end Ip configuration: It is public or private ip.
2) Backend: Group of servers handling our request
3) Health probes: Monitoring the backend pool health. Why means our loadbalencer needs to know weather our backend pools
of ok or not.
4) Load balancing rules: traffic distribution to backend pools.
5) Inbound NAT rules: binding of specific IP/port to specific instance in backend pool.
6) Outbound rules: Controls the outgoing traffic.
→ If you are using scaleset, the backend is automatically updates. So we don’t need to worry load balancing.
→ But if we are using availability set we need to manually attach backend pool when ever new server created.
N Tier application:
Load Balencer:
Standard vs basic load balancer:

Different b/w other services:

Types of load balancers:
1) Public load balancers: This is used to load balance the public facing applications.
2) Private load balancers: This is used to load balance the private facing applications.
In Bound NAT rules: This will helps to communication on the inbound traffic of a particular machine.
Demo:
→ Build the infrastructure using code.
https://github.com/chandusmart01/AzureCloud/blob/master/LoadBalancers/environment-create.sh
Once VM created, check the VM. It should not have public IP. Go to run command and type the following command on the running on the VM.
curl localhost –usebasicparsing (we can see the output as "vm-eu-01“, same for other VM’s)
→ Create public load balancer with basic sku.
→ Go to frontend Ip and we can find the public ip address of the same.
→ Go to backend pools → Add → associated to is “Virtual machine“, and select the VM’s.
→ Go to health probe → add → remaining all are default.
→ Go to Load balancing rules → add → provide the name → select the frontend ip → protocol should be tcp. → port is 80, backend port is also 80, → select our
backend pool → select our health probe → session persistent is None. → click on OK.
Session Persistant:
None: No reservation to the backend pool ip’s. That means every time we hit the url, we will get the different server output.
Client ip: It is like a reservation of IP. Even we have different backend pools, we reserve a particular ip address, so that everytime we run hit the url we will get the same
out put.
Client ip with port: same like client ip, but it contains port as well.
→ After set up is done we can see the public ip has been attached to vm’s. we hit the vm, each time we will redirect to different app.

NAT: incoming traffic allow. By default no traffic allowed from the load balancer ip.
1) Click on incoming nat, and create nat rule using vm’s or using pools.
2) Provide the IP, and target ip could be 3389. And test the connectivity it should work now.
 Application Gateway

➢ Application Gateway provides WAF and load balancer.

➢ This works on layer 7 but where in traditional load balancer works on layer 4.
➢ App gateway makes routing decision based on the url or request.
Features:
1) Ssl/tls termination
2) Autoscaling
3) Zone redundancy
4) Static ip
5) Ingress controller for AKS
6) url based routing
7) Multiple site hosting: Each web application gateway easily can support 100+ websites.
8) Redirection: Automatically configure http to https redirection.
9) WAF: consists of different set of rules, that can protect your entire application from different kind of attacks like sql injection
attacks or cross side scripting attacks etc..
10) Session effinity: It allows coockes based effinity.
11) Websocket and http/2 traffic: port 80 and 443 support.
12) Connection draining
13) Custom error pages
14) Rewrite http headers and url
15) Sizing: standard v2 most of the feature will be supports.
Complete Flow:
App Gateway Tier: We have total 4 types. Those are Standard, Standard V2, WAF, WAF V2.
Auto scaling: We can have max and min instances on the gateway. The max instances we can keep in
125 and minimum is 0.
HTTP2: We have enable or disable option. If this option enabled by default we can only create listeners
and other components with https protocol.
Virtual Network: A new subnet range is required for creating a new application gateway.
Components:
Frontend Ip address: This is frontend facing (or) client facing ip address. These are 3 types based on the type of
frontend ip, the type of load balancer also will change.
1) Public: Will get the public ip with this selection. If we have public ip on a gateway, then we called this
gateway as external gateway.
2) Private: Will get the private ip with this selection. If we have private ip on a gateway, then we called this
gateway as internal gateway.
3) Both Public and Private: Will get the both private and public ip with this selection.
Backend Pools: This is bunch of servers for serving the backend activity. We can have one or multiple backend
pools can be added. We can have 4 types of target types can be mentioned on this backend pool.
1) IP Address or FQDN: The dns resolved ip address or fqdn can be updated here.
2) Virtual machine: The Virtual machine NIC can be update here.
3) VMSS: The set of VM’s that means VMSS also can be update here.
4) App Service: If the app is deployed on the azure app service, that app service can be updated here.
Rules: How the front end request can be routed to the backend pool of servers can be mentioned here.
This be attached to listener (listener will be attached to frontend ip) and backend. We can have upto
20,000 rules on each application gateway. The rule number is 1 is having high priority, that means any
other rule can’t overwrite the rule number 1. Similarly it will keep goes on.

Path-Based Routing: In the rule we can do the path-based routing. This means, when ever the path
changes on a single url, the request will go to different backend or server.
Redirection: This is used for the redirecting the listeners or external urls.
Redirection Type: we have total 4 ways, the majorly used is permanent. This is just a cause. The
redirection will happen similar way if you select any option.
Redirection target: We can redirect our listeners or external sites.
1. Listener: The current listener on the rule will be redirected to the another listerner url which
again mentioned in the same application gateway.
2. External Site: We need to mention our external url. The current URL of the listener will be
redirected to updated url on the rule.
Listener:
➢ A listener is a logical entity that checks for incoming connection requests by using the port, protocol, host, and IP
address.
➢ When you configure the listener, you must enter values for these that match the corresponding values in the incoming
request on the gateway.
➢ We have total 2 types of listeners in the gateway.
1) Basic: This type of listener listens to a single domain site, where it has a single DNS mapping to the IP address of the
application gateway (frontend ip address). This listener configuration is required when you host a single site behind an
application gateway.
2) Multi Site: This listener configuration is required when you want to configure routing based on host name or domain
name for more than one web application on the same application gateway. It allows you to configure a more efficient
topology for your deployments by adding up to 100+ websites to one application gateway. Each website can be
directed to its own backend pool. For example, three domains, contoso.com, fabrikam.com, and adatum.com, point to
the IP address of the application gateway.
1) Single: Only you have one host name, then use this option.
2) Multiple Wild cards: on the multisite configurations, if you have more than one hostnames of wild card names
then use this option.
Error Page URL: For suppose your backend is not working find, and you want the custom page needs be displayed to your
customer when ever there is wanted or unwanted downtime, keep that url here.
Certificate: When ever you want the traffic needs to present on the secure protocol, then we need to upload our
certificate to the listener. We need to select the port 443 on this requirement.
Backend Settings: How the traffic has to go to the backend from the frontend can be mentioned
here.
Private link: Private link configuration allows enablement of this resource to be accessed privately
from another virtual network, through private endpoint connection.

SSL Settings: We can upload the backend certificate here and use at the time of configuration.
Health Probe: This exactly work same as the health probe in azure load balancers.
➢ This will monitor the health of the backend server on the gateway.
➢ This also can be monitored external urls.
➢ We need to mention the host and the protocol, path etc…
Interval: Probe interval in seconds. This value is the time interval between two consecutive probes.

Timeout: Probe time-out in seconds. If a valid response is not received within this time-out period, the probe is marked
as failed. Note that the time-out value should not be more than the Interval value.

Unhealthy Threshold: Probe retry count. The back-end server is marked down after the consecutive probe failure count
reaches the unhealthy threshold.
Demo:
1) Create 2 ubuntu virtual machines.
2) Open the required ports on the network security group.
3) Install apache2 on each server and update the html pages.
4) Check the application using pubic ip of the servers.
5) Click on application gateway. And create one.
6) On the frontent ip, select public IP. That means we are creating external gateway.
7) Create 2 backends one is app1 backend and second one is app2 backend.
8) Click on add routing rule, mention the name and rule number.
9) Provide the listener details, listener type is basic.
10) Select targe type as backend pool and select app1 backend target, and create new backend
settings.
11)Click on path based routing and create 2 back based routings.
12)1st route path should be /app1/*, target name, and mention the details.
13)Do the same thing for the second path.
14)Once everything is done, create the application gateway.
15)Finally test the application using frontend ip and path.
16)Click on health probe and crate new, name, hostname, protocol, path should be /app1/, select the
backend settings and click on test. Once test is done, then click on add the probe.
CDN and frount Door:
CDN: this is a load balancing solution to the world where we can retrieve the application much faster due to edge
location.
→ The way how it works is initially the application or data will be copied from the source region to remaining all azure
regions we called them as edge locations. So next time if you hit again the same application the data or site we will
access from your near location.
Demo: Create a azure app service.
→ Create container and made like a public.
→ Upload some files
→ Access it from internet.
→ Now create cdn
→ Create end point
→ Now open the website by changing with cnd end point.
→ We can clearly see the website response.
Thank You! Happy Learning