M08-Unit 3 Monitor a load balancer resource using Azure Monitor

Exercise scenario

In this exercise, you will create an internal load balancer for the fictional Contoso Ltd organization. Then you will create a Log Analytics workspace, and use Azure Monitor Insights to view information about your internal load balancer. You will view the Functional Dependency View, then view detailed metrics for the load balancer resource, and view resource health information for the load balancer. Finally, you will configure the load balancer’s diagnostic settings to send metrics to the Log Analytics workspace you created.

The diagram below illustrates the environment you will be deploying in this exercise.

Diagram illustrating the load balancer architecture that will be created in the exercise - includes load balancer, VNet, subnet, Bastionsubnet, and VMs

In this exercise, you will:

  • Task 1: Create the virtual network
  • Task 2: Create the load balancer
  • Task 3: Create a backend pool
  • Task 4: Create a health probe
  • Task 5: Create a load balancer rule
  • Task 6: Create backend servers
  • Task 7: Add VMs to the backend pool
  • Task 8: Test the load balancer
  • Task 9: Create a Log Analytics Workspace
  • Task 10: Use Functional Dependency View
  • Task 11: View detailed metrics
  • Task 12: View resource health
  • Task 13: Configure diagnostic settings

Note: An interactive lab simulation is available that allows you to click through this lab at your own pace. You may find slight differences between the interactive simulation and the hosted lab, but the core concepts and ideas being demonstrated are the same.

[!Note]
You may find slight differences between the instructions and the Azure portal interface, but the core concept is the same.

Estimated time: 55 minutes

Task 1: Create the virtual network

In this section, you will create a virtual network and a subnet.

  1. Log in to the Azure portal.

  2. On the Azure portal home page, search Virtual Network and select virtual network under services.

  3. Select + Create.

    Create virtual network

  4. On the Basics tab, use the information in the table below to create the virtual network.

    Setting Value
    Subscription Select your subscription
    Resource group Select Create new

    Name: IntLB-RG
    Name IntLB-VNet
    Region (US) West US

  5. Select Next : IP Addresses.

  6. On the IP Addresses tab, in the IPv4 address space box, enter 10.1.0.0/16.

  7. Above Subnet name, select + Add subnet.

  8. On the Add subnet pane, provide a subnet name of myBackendSubnet, and a subnet address range of 10.1.0.0/24.

  9. Select Add.

  10. Select Next : Security.

  11. Under BastionHost select Enable, then enter the information from the table below.

    Setting Value
    Bastion name myBastionHost
    AzureBastionSubnet address space 10.1.1.0/24
    Public IP address Select Create new

    Name: myBastionIP

  12. Select Review + create.

  13. Select Create.

Task 2: Create the load balancer

In this section, you will create an internal Standard SKU load balancer. The reason we are creating a Standard SKU load balancer here in the exercise, instead of a Basic SKU load balance, is for later exercises that require a Standard SKU version of the load balancer.

  1. On the Azure home page, in the search bar, enter Load Balancer
  2. Select Create Load Balancer.

  3. On the Basics tab, use the information in the table below to create the load balancer.

    Setting Value
    Basics tab  
    Subscription Select your subscription
    Resource group IntLB-RG
    Name myIntLoadBalancer
    Region (US) West US
    SKU Standard
    Type Internal
    Frontend IP configuration tab + Add a frontend IP configuration
    Name LoadBalancerFrontEnd
    Virtual network IntLB-VNet
    Subnet myBackendSubnet
    IP address assignment Dynamic

  4. Select Review + create.

  5. Select Create.

Task 3: Create a backend pool

The backend address pool contains the IP addresses of the virtual NICs connected to the load balancer.

  1. On the Azure portal home page, select All resources, then select on myIntLoadBalancer from the resources list.

  2. Under Settings, select Backend pools, and then select Add.

  3. On the Add backend pool page, enter the information from the table below.

    Setting Value
    Name myBackendPool
    Virtual network IntLB-VNet
    Backend Pool Configuration NIC

  4. Select Add.

    Show backend pool created in load balancer

Task 4: Create a health probe

The load balancer monitors the status of your app with a health probe. The health probe adds or removes VMs from the load balancer based on their response to health checks. Here you will create a health probe to monitor the health of the VMs.

  1. From the Backend pools page of your load balancer, under Settings, select Health probes, then select Add.

  2. On the Add health probe page, enter the information from the table below.

    Setting Value
    Name myHealthProbe
    Protocol HTTP
    Port 80
    Path /
    Interval 15

  3. Select Add.

    Show health probe created in load balancer

Task 5: Create a load balancer rule

A load balancer rule is used to define how traffic is distributed to the VMs. You define the frontend IP configuration for the incoming traffic and the backend IP pool to receive the traffic. The source and destination port are defined in the rule. Here you will create a load balancer rule.

  1. From the Backend pools page of your load balancer, under Settings, select Load balancing rules, then select Add.

  2. On the Add load balancing rule page, enter the information from the table below.

    Setting Value
    Name myHTTPRule
    IP Version IPv4
    Frontend IP address LoadBalancerFrontEnd
    Protocol TCP
    Port 80
    Backend port 80
    Backend pool myBackendPool
    Health probe myHealthProbe
    Session persistence None
    Idle timeout (minutes) 15
    Floating IP Disabled

  3. Select Add.

    Show load balancing rule created in load balancer

Task 6: Create backend servers

In this section, you will create three VMs for the backend pool of the load balancer, add the VMs to the backend pool, and then install IIS on the three VMs to test the load balancer.

  1. In the Azure portal, select the Cloud Shell icon (top right). If necessary, configure the shell.
    • Select PowerShell.
    • Select No Storage Account required and your Subscription, then select Apply.
    • Wait for the terminal to create and a prompt to be displayed.

  2. On the toolbar of the Cloud Shell pane, select the Manage files icon, in the drop-down menu, select Upload and upload the following files azuredeploy.json and azuredeploy.parameters.json into the Cloud Shell home directory one by one from the source folder F:\Allfiles\Exercises\M08.

  3. Deploy the following ARM templates to create the virtual network, subnets, and VMs needed for this exercise:

    Note: You will be prompted to provide an Admin password.

    $RGName = "IntLB-RG"

New-AzResourceGroupDeployment -ResourceGroupName $RGName -TemplateFile azuredeploy.json -TemplateParameterFile azuredeploy.parameters.json

    Note: This will take several minutes to deploy.

Task 7: Add VMs to the backend pool

  1. On the Azure portal home page, select All resources, then select on myIntLoadBalancer from the resources list.

  2. Under Settings, select Backend pools., and then select myBackendPool.

  3. On the Associated to box, select Virtual machines.

  4. Under Virtual machines, select Add.

  5. Select the checkboxes for all 3 VMs (myVM1, myVM2, and myVM3), then select Add.

  6. On the myBackendPool page, select Save.

    Show VMs added to backend pool in load balancer

Task 8: Test the load balancer

In this section, you will create a test VM, and then test the load balancer.

Create test VM

[!Note]
You may find slight differences between the instructions and the Azure portal interface, but the core concept is the same.

  1. On the Azure home page, using the global search enter Virtual Machines and select virtual machines under services.

  2. Select + Create; + Virtual machine, on the Basics tab, use the information in the table below to create the first VM.

    Setting Value
    Subscription Select your subscription
    Resource group IntLB-RG
    Virtual machine name myTestVM
    Region (US) West US
    Availability options No infrastructure redundancy required
    Image Windows Server 2019 Datacenter - Gen 1
    Size Standard_DS2_v3 - 2 vcpu, 8 GiB memory
    Username TestUser
    Password Provide a secure password
    Confirm password Provide a secure password

  3. Select Next : Disks, then select Next : Networking.

  4. On the Networking tab, use the information in the table below to configure networking settings.

    Setting Value
    Virtual network IntLB-VNet
    Subnet myBackendSubnet
    Public IP Change to None
    NIC network security group Advanced
    Configure network security group Select the existing myNSG
    Load balancing None (or unchecked)

  5. Select Review + create.

  6. Select Create.

  7. Wait for this last VM to be deployed before moving forward with the next task.

Connect to the test VM to test the load balancer

  1. On the Azure portal home page, select All resources, then select on myIntLoadBalancer from the resources list.

  2. On the Overview page, make a note of the Private IP address, or copy it to the clipboard. Note: you may have to select See more to see the Private IP address.

  3. Select Home, then on the Azure portal home page, select All resources, then select on the myTestVM virtual machine that you just created.

  4. On the Overview page, select Connect, then Bastion.

  5. Select Use Bastion.

  6. In the Username box, enter TestUser and in the Password box, enter the password you provided during deployment, then select Connect.

  7. The myTestVM window will open in another browser tab.

  8. If a Networks pane appears, select Yes.

  9. Select the Internet Explorer icon in the task bar to open the web browser.

  10. Select OK on the Set up Internet Explorer 11 dialog box.

  11. Enter (or paste) the Private IP address (e.g. 10.1.0.4) from the previous step into the address bar of the browser and press Enter.

  12. The default web home page of the IIS Web server is displayed in the browser window. One of the three virtual machines in the backend pool will respond. Browser window showing Hello World response from VM1

  13. If you select the refresh button in the browser a few times, you will see that the response comes randomly from the different VMs in the backend pool of the internal load balancer.

    Browser window showing Hello World response from VM3

Task 9:: Create a Log Analytics Workspace

  1. On the Azure portal home page, select All services, then in the search box at the top of the page enter Log Analytics, and select Log Analytics workspaces from the filtered list.

    Accessing Log Analytics workspaces from the Azure portal home page

  2. Select Create.

  3. On the Create Log Analytics workspace page, on the Basics tab, use the information in the table below to create the workspace.

    Setting Value
    Subscription Select your subscription
    Resource group IntLB-RG
    Name myLAworkspace
    Region West US

  4. Select Review + Create, then select Create.

    Log Analytics workspaces list

Task 10: Use Functional Dependency View

  1. On the Azure portal home page, select All resources, then in the resources list, select myIntLoadBalancer.

    All resources list in the Azure portal

  2. Under Monitoring, select Insights.

  3. In the top right corner of the page, select the X to close the Metrics pane for now. You will open it again shortly.

  4. This page view is known as Functional Dependency View, and in this view, you get a useful interactive diagram, which illustrates the topology of the selected network resource - in this case a load balancer. For Standard Load Balancers, your backend pool resources are color-coded with Health Probe status indicating the current availability of your backend pool to serve traffic.

  5. Use the Zoom In (+) and Zoom Out (-) buttons in the bottom right corner of the page, to zoom in and out of the topology diagram (alternatively you can use your mouse wheel if you have one). You can also drag the topology diagram around the page to move it.

  6. Hover over the LoadBalancerFrontEnd component in the diagram, then hover over the myBackendPool component.

  7. Notice that you can use the links in these pop-up windows to view information about these load balancer components and open their respective Azure portal blades.

  8. To download a .SVG file copy of the topology diagram, select Download topology, and save the file in your Downloads folder.

  9. In the top right corner, select View metrics to reopen the metrics pane on the right-hand side of the screen. Azure Monitor Network Insights functional dependency view - View metrics button highlighted

  10. The Metrics pane provides a quick view of some key metrics for this load balancer resource, in the form of bar and line charts.

    Azure Monitor Network Insights - Basic metrics view

Task 11: View detailed metrics

  1. To view more comprehensive metrics for this network resource, select View detailed metrics. Azure Monitor Network Insights - View detailed metrics button highlighted

  2. This opens a large full Metrics page in the Azure Network Insights platform. The first tab you land on is the Overview tab, which shows the availability status of the load balancer and overall Data Throughput and Frontend and Backend Availability for each of the Frontend IPs attached to your Load Balancer. These metrics indicate whether the Frontend IP is responsive and the compute instances in your Backend Pool are individually responsive to inbound connections. Azure Monitor Network Insights - Detailed metrics view - Overview tab

  3. Select the Frontend & Backend Availability tab and scroll down the page to see the Health Probe Status charts. If you see values that are lower than 100 for these items, it indicates an outage of some kind on those resources. Azure Monitor Network Insights - Detailed metrics view - Health probe status charts highlighted

  4. Select the Data Throughput tab and scroll down the page to see the other data throughput charts.

  5. Hover over some of the data points in the charts, and you will see that the values change to show the exact value at that point in time. Azure Monitor Network Insights - Detailed metrics view - Data Throughput tab

  6. Select the Flow Distribution tab and scroll down the page to see the charts under the VM Flow Creation and Network Traffic section.

    Azure Monitor Network Insights - Detailed metrics view - VM Flow Creation and Network Traffic charts

Task 12: View resource health

  1. To view the health of your Load Balancer resources, on the Azure portal home page, select All services, then select Monitor.

  2. On the Monitor>Overview page, in the left-hand menu select Service Health.

  3. On the Service Health>Service issues page, in the left-hand menu select Resource Health.

  4. On the Service Health>Resource health page, in the Resource type drop-down list, scroll down the list and select Load balancer.

    Access Service Health>Resource Health for load balancer resource

  5. Then select the name of your load balancer from the list.

  6. The Resource health page will identify any major availability issues with your load balancer resource. If there are any events under the Health History section, you can expand the health event to see more detail about the event. You can even save the detail about the event as a PDF file for later review and for reporting.

    Service Health>Resource health view

Task 13: Configure diagnostic settings

  1. On the Azure portal home page, select Resource groups, then select the IntLB-RG resource group from the list.

  2. On the IntLB-RG page, select the name of the myIntLoadBalancer load balancer resource in the list of resources.

  3. Under Monitoring, select Diagnostic settings, then select Add diagnostic setting.

    Diagnostic settings>Add diagnostic setting button highlighted

  4. On the Diagnostic setting page, in the name box, enter myLBDiagnostics.

  5. Select the AllMetrics checkbox, then select the Send to Log Analytics workspace checkbox.

  6. Select your subscription from the list, then select myLAworkspace (westus) from the workspace drop-down list.

  7. Select Save.

    Diagnostic setting page for load balancer

Clean up resources

Note: Remember to remove any newly created Azure resources that you no longer use. Removing unused resources ensures you will not see unexpected charges.

  1. On the Azure portal, open the PowerShell session within the Cloud Shell pane.

  2. Delete all resource groups you created throughout the labs of this module by running the following command:

    Remove-AzResourceGroup -Name 'IntLB-RG' -Force -AsJob

Note: The command executes asynchronously (as determined by the -AsJob parameter), so while you will be able to run another PowerShell command immediately afterwards within the same PowerShell session, it will take a few minutes before the resource groups are actually removed.

Extend your learning with Copilot

Copilot can assist you in learning how to use the Azure scripting tools. Copilot can also assist in areas not covered in the lab or where you need more information. Open an Edge browser and choose Copilot (top right) or navigate to copilot.microsoft.com. Take a few minutes to try these prompts.

  • Summarize the Azure tools that are available for monitoring virtual networks.
  • What Azure Network Watcher monitoring tools are available?

Learn more with self-paced training

Key takeaways

Congratulations on completing the lab. Here are the main takeaways for this lab.

  • Azure Monitor provides features and tools for collecting, managing, and analyzing IT data from all of your Azure, other cloud, and on-premises resources.
  • Metrics are quantitative measurements that show snapshots of application or resource performance. Metrics are typically numeric values that you can measure over time.
  • Logs are textual records of events, actions, and messages that occur in a resource or application.
  • Azure Monitor Insights, visualizations, and dashboards can consume and transmit monitoring information about your applications.
  • Alerts notify you of critical conditions and can take corrective action. Alert rules can be based on metric or log data.+