Skip to content

Deployment of HySecure Gateway in HA on Azure

This article describes the configuration of HySecure HA Gateway deployment on Azure.

Required Components

Component Purpose Required
Azure Tenant Access Administrator or co-administrator To create new resources. Yes
Azure Storage Account Access To create new storage account if required Yes
Accops HySecure gateway VHD Customer HySecure gateway VHD Yes

Detailed Technical Requirements

  • Creating a custom size Azure compliant Virtual Hard Disk (VHD) file for Accops HySecure gateway

  • Uploading an Azure-compliant VHD to Azure and creating an Azure Image

  • Creating Virtual Network and Network Security Group for HySecure Gateway in Microsoft Azure

  • Creating a HySecure Gateway virtual machine from an OsDisk/Image in Azure

  • Create an Azure Public Standard Load Balancer for Accops HySecure Backend POOL

  • Create an Internal standard load balancer for Accops HySecure DB Failover Pool

  • Pre-boot HySecure first node as Active node in Microsoft Azure

  • Adding Standby node to HySecure cluster in Microsoft Azure

  • Adding VPN Server node to HySecure Cluster in Microsoft Azure

VM Requirements

  • Minimum no of VMs required: 2

  • VMs sizing required server configuration as per the load

Architecture Diagram

Azure HySecure HA Check list (Project: Fukuoka)

Item Check list Status
Creating a custom size Azure compliant Virtual Hard Disk (VHD) file for Accops HySecure gateway Done
Uploading an Azure-compliant VHD to Azure and creating an Azure OsDisk/Image Done
Creating a HySecure Gateway virtual machine from an OsDisk/Image in Azure Done
Creating a HySecure Gateway virtual machine from an OsDisk/Image in Azure Ready
Create an Azure Public Standard Load Balancer for Accops HySecure Backend POOL Pending
Create an Internal standard load balancer for Accops HySecure DB Failover Pool Pending
Pre-boot HySecure First Node as Active Node in Microsoft Azure Done
Adding Standby node to HySecure cluster in Microsoft Azure Done
Adding VPN Server 1 node to HySecure cluster in Microsoft Azure Pending
Adding VPN Server 2 node to HySecure Cluster in Microsoft Azure Pending

General HowTos

Q1: How to create a custom size Azure compliant Virtual Hard Disk (VHD) file for Accops HySecure gateway?

Q2: How to upload an Azure-compliant VHD to Azure and creating an Azure OsDisk/Image?

Q3: How to create Virtual Network and Network Security Group for HySecure gateway in Microsoft Azure?

Q4: How to create a HySecure Gateway virtual machine from an OsDisk/Image in Azure?

Q5: Create an Azure Public Standard Load Balancer for Accops HySecure Backend Pool?

Q6: Create an Internal standard load balancer for Accops HySecure DB Failover Pool

Q7: Pre-boot HySecure First Node as Active Node in Microsoft Azure

Q8: Adding Standby node to HySecure cluster in Microsoft Azure

Q9: Adding VPN Server node to HySecure Cluster in Microsoft Azure

Q1: How to create a custom size Azure compliant Virtual Hard Disk (VHD) file for Accops HySecure gateway?

Ans: This activity is completed for Fukuoka Project. (Documentation will be added later)


Q2: How to upload an Azure-compliant VHD to Azure and creating an Azure OsDisk/Image?

Ans: This activity is completed for Fukuoka Project. (Documentation will be added later)


Q3: How to create Virtual Network and Network Security Group for HySecure gateway in Microsoft Azure?

Ans: This activity is completed for Fukuoka Project. (Documentation will be added later)


Q4: How to create a HySecure Gateway virtual machine from an OsDisk/Image in Azure?

Ans: This activity is completed for Fukuoka Project. (Documentation will be added later)


Q5: Create an Azure Public Standard Load Balancer for Accops HySecure Backend Pool?

Ans: This activity is pending for Fukuoka Project. (Please click here for step by step procedures)


Q6: Create an Internal standard load balancer for Accops HySecure DB Failover Pool

Ans: This activity is pending for Fukuoka Project. (Please click here for step by step procedures)


Q7: Pre-boot HySecure First Node as Active Node in Microsoft Azure

Ans: This activity is completed for Fukuoka Project. (Documentation will be added later)


Q8: Adding Standby node to HySecure cluster in Microsoft Azure

Ans: This activity is completed for Fukuoka Project. (Documentation will be added later)


Q9: Adding VPN Server node to HySecure Cluster in Microsoft Azure\

Ans: This activity is pending for Fukuoka Project.

Tutorial: Load balance incoming traffic to HySecure VMs using the Azure Public Load balancer.

Load balancing provides a higher level of availability and scale by spreading incoming requests across multiple virtual machines. In this tutorial, you learn about the different components of the Azure Standard Load Balancer that distribute internet traffic to HySecure Gateway VMs and provide high availability.

  • Sign in to the Azure portal

  • Create an Azure Public Load Balancer

  • Create Load Balancer resources

  • View Load Balancer in action

  • Add and remove VMs from a Load Balancer

Step 1: Sign in to the Azure portal

Sign in to the Azure portal at https://portal.azure.com.

Step 2: Create an Azure Public Load Balancer

In this section, you create a Standard Load Balancer that helps load balance virtual machines. Standard Load Balancer only supports a Standard Public IP address. When you create a Standard Load Balancer, you must also create a new Standard Public IP address that is configured as the frontend for the Standard Load Balancer.

  1. On the top left-hand side of the screen, click Create a resource > Networking > Load Balancer.

    Or Search for load balancers

  2. Click on Add.

  3. In the Basics tab of the Create load balancer page, enter or select the following information, accept the defaults for the remaining settings, and then select Review + create:

    Setting Value
    Subscription Select your subscription.
    Resource group Select Create new and choose existing Resource Group of HySecure VM in the text box.
    Name Gateway-Public-FrontEnd-LB
    Region Select Existing Region of HySecure Gateway
    Type Select Public.
    SKU Select Standard.
    Public IP address Select Create new.
    Public IP address name Type Gateway-Public-LB-IP in the text box.
    Availability zone Select Zone redundant.

    Please see below snapshot for your reference.

Step 3: Create Load Balancer resources

In this section, you configure Load Balancer settings for a backend address pool, a health probe, and specify a balancer rule.

Create a backend address pool

To distribute traffic to the VMs, a backend address pool contains the IP addresses of the virtual (NICs) connected to the Load Balancer. Create the backend address pool Gateway-BackEnd-Pool to include virtual machines for load-balancing internet traffic.

  1. Select All services in the left-hand menu, select All resources, and then click Gateway-Public-FrontEnd-LB from the resources list.

  2. Under Settings, click Backend pools, then click Add.

  3. On the Add a backend pool page, for name, type Gateway-BackEnd-Pool, as the name for your backend pool, and then choose the Virtual Network, then Add HySecure Gateway VMs.

Create a health probe

To allow the Load Balancer to monitor the status of your app, you use a health probe. The health probe dynamically adds or removes VMs from the Load Balancer rotation based on their response to health checks. Create a health probe HySecure-Health-Probe to monitor the health of the VMs.

  1. Select All services in the left-hand menu, select All resources, and then click Gateway-Public-FrontEnd-LB  from the resources list.

  2. Under Settings, click Health probes, then click Add.

  3. Use these values to create the health probe:

    Setting Value
    Name Enter *HySecure-Health-Probe*.
    Protocol Select HTTPS.
    Port Enter 443.
    Path /hapage.html
    Interval Enter 15 for number of Interval in seconds between probe attempts.
    Unhealthy threshold Select 2 for number of Unhealthy threshold or consecutive probe failures that must occur before a VM is considered unhealthy.

  4. Select OK.

    Please refer below screenshot for your references.

Create a Load Balancer rule.

A Load Balancer rule is used to define how traffic is distributed to the VMs. You define the frontend IP configuration for the incoming traffic and the backend IP pool to receive the traffic, along with the required source and destination port. Create a Load Balancer rule HTTPS for listening to port 443 in the frontend FrontendLoadBalancer and sending load-balanced network traffic to the backend address pool Gateway-BackEnd-Pool also using port 80.

  1. Select All services in the left-hand menu, select All resources, and then click Gateway-Public-FrontEnd-LB  from the resources list.

  2. Under Settings, click Load balancing rules, then click Add.

  3. Use these values to configure the load-balancing rule:

    Setting Value
    Name Enter HTTPS
    Protocol Select TCP.
    Port Enter 443.
    Backend port Enter 443.
    Backend pool Select Gateway-BackEnd-Pool.
    Health probe Select HySecure-Health-Probe.

  4. Leave the rest of the defaults and select OK.

    Please refer below screenshot for your references.

Step 4. View Load Balancer in action

Test Public load balancer distribution to HySecure Gateway.

Case 1: If All nodes are up and health probe at\ https://HysecurePublicLoadBalancerIP/hapage.html is OK to all backend server pool.

  • Azure Load Balancer will distribute the Traffic in Round-Robin

  • User Session will be persistence.

  • Inbound connection will be accepted only from Azure Public Load balancer IP Address

Network Diagram: If all nodes are Healthy.

Case 2: If one of the node is not Healthy then connection will be forwarded to only healthy node from Azure Public Load Balancer

Step 5. Add and remove VMs from a Load Balancer

Add and removes VMs from a load balancer as per the requirement.

Tutorial: HySecure DB failover with an Internal Standard load balancer in the Azure portal

Load balancing provides a higher level of availability and scale by spreading incoming requests across virtual machines (VMs). You can use the Azure portal to create a Standard load balancer and balance internal traffic among VMs. This tutorial shows you how to create and configure an internal load balancer, back-end servers, and network resources at the standard pricing tier.

  • Sign in to the Azure portal

  • Create an Azure Internal Load Balancer

  • Create Load Balancer resources

  • View Load Balancer in action

  • Add and remove VMs from a Load Balancer

Step 1: Sign in to the Azure portal

Sign in to the Azure portal at https://portal.azure.com.

Step 2: Create an Azure Internal Load Balancer

In this section, you create an Internal Standard Load Balancer that helps load balance virtual machines. Standard Load Balancer only supports a Standard Public IP address. When you create a Standard Load Balancer, you must also create a new Standard Public IP address that is configured as the frontend for the Standard Load Balancer.

  1. On the top left-hand side of the screen, click Create a resource > Networking > Load Balancer.

    Or Search for load balancers

  2. Click on Add.

  3. In the Basics tab of the Create load balancer page, enter or select the following information, accept the defaults for the remaining settings, and then select Review + create:

    Setting Value**
    Subscription Select your subscription.
    Resource group Select Create new and choose existing Resource Group of HySecure VM in the text box.
    Name Gateway-Internal-LB
    Region Select Existing Region of HySecure Gateway
    Type Select Internal.
    SKU Select Standard.
    Virtual Network Select Existing Vnet.
    Subnet Select Existing HySecure Subnet
    IP address assignment Select Static.
    Private IP address HySecure Virtual IP Address
    Availability Zone Zone Redundant

    Please see below snapshot for your reference.

Step 3: Create Internal Load Balancer resources

In this section, you configure Internal Load Balancer settings for a backend address pool, a health probe, and specify a balancer rule.

Create a backend address pool

To distribute traffic to the VMs, a backend address pool contains the IP addresses of the virtual (NICs) connected to the Load Balancer. Create the backend address pool HySecure-Internal-Backend-Pool to include virtual machines for load-balancing internet traffic.

  1. Select All services in the left-hand menu, select All resources, and then click HySecure-Internal-LB from the resources list.

  2. Under Settings, click Backend pools, then click Add.

  3. On the Add a backend pool page, for name, type HySecure-Internal-Backend-Pool , as the name for your backend pool, and then choose the Virtual Network, then Add HySecure Gateway VMs.

Create a health probe

To allow the Load Balancer to monitor the status of your app, you use a health probe. The health probe dynamically adds or removes VMs from the Load Balancer rotation based on their response to health checks. Create a health probe HySecure-DB-Health-Probe to monitor the health of the VMs.

  1. Select All services in the left-hand menu, select All resources, and then click HySecure-Internal-LB from the resources list.

  2. Under Settings, click Health probes, then click Add.

  3. Use these values to create the health probe:

    Setting Value
    Name Enter *HySecure-DB-Health-Probe*.
    Protocol Select HTTPS.
    Port Enter 443.
    Path /dbpage.html
    Interval Enter 15 for number of Interval in seconds between probe attempts.
    Unhealthy threshold Select 2 for number of Unhealthy threshold or consecutive probe failures that must occur before a VM is considered unhealthy.

  4. Select OK.

    Please refer below screenshot for your references.

Create a Load Balancer rule.

A Load Balancer rule is used to define how traffic is distributed to the VMs. You define the frontend IP configuration for the incoming traffic and the backend IP pool to receive the traffic, along with the required source and destination port. Create a Load Balancer rule DB for listening to port 3306 in the frontend HySecure-Internal-LB and sending load-balanced network traffic to the backend address pool HySecure-Internal-Backend-Pool  also using port 3306.

  1. Select All services in the left-hand menu, select All resources, and then click HySecure-Internal-LB from the resources list.

  2. Under Settings, click Load balancing rules, then click Add.

  3. Use these values to configure the load-balancing rule:

    Setting Value
    Name Enter DB
    Protocol Select TCP.
    Port Enter 3306.
    Backend port Enter 3306.
    Backend pool Select HySecure-Internal-Backend-Pool
    Health probe Select HySecure-DB-Health-Probe.

  4. Leave the rest of the defaults and select OK.

    Below Load Balancer Rule need to be created on HySecure-Internal-LB.

    Please refer below screenshot for your references.

Step 4. View Load Balancer in action

Test Internal load balancer distribution to HySecure Gateway.

Step 5. Add and remove VMs from a Load Balancer

Add and removes VMs from a load balancer as per the requirement.