This post will detail how to deploy a proof of concept for Kemp Loadmaster virtual appliances in Azure. The Kemp Loadmaster is an option for providing advanced load balancing, application delivery control (ADC) and web application firewall (WAF) functionality all from the same device.
We will be deploying on Azure Resource Manager through a resource group template and configuring a high availability pair. The template used will let you set up a proof on concept quickly and test the appliances and will include the following main components:
- 2 x Kemp Loadmaster Virtual machines
- 1 x Windows Server 2012 R2 Web Server (IIS configured through DSC)
- Azure Loadbalancer to enable Kemp HA Pair (Load balanced and NAT rules, and Probe port)
Enabling programmatic deployment
We are going to deploy the Kemp Loadmaster from the Azure Marketplace gallery using an Azure Resource Manager template. Kemp offer a various different offerings to choose from, for the POC you can choose either the Free or BYOL Trial license. I will be using the BYOL as the Free version was not available within my region for use, there is no issue using the BYOL trial.
To be able to deploy using a ARM Template you need to enable programmatic deployment of the marketplace product. This is because marketplace products can incur a financial cost so it is a safety measure to ensure that you are not accidentally purchasing services. Since we are using either the Free or BYOL trial edition we can enable this for our deployment, to do this you select the product and select the option “Want to deploy programmatically? Get started ->”
On the next screen, this is where you can enable which subscriptions programmatic deployment is enabled for. You have to enable each subscription and also each marketplace item must be enabled separately. Make sure you select the Free or BYOL Trial otherwise you could incur costs.
Deploy the ARM Template
The template can be found at the following link https://github.com/Merlus/azure-arm-templates/tree/master/kemp-loadbalancer-poc, it can be deployed from GitHub or downloaded and ran separately.
The template will deploy the 2 Loadmaster VMs into an availability set and configure the Azure loadbalancer. Separate NAT rules are created so that each Loadmaster can be accessed separately by SSH or WebUI, as well as the probe port to check which Loadmaster is active.
The test Web Server is set up with IIS/Webserver role installed through Azure DSC Extension
Configuring Kemp Loadmaster High-Availability Pair
After the template has finished deploying you need to configure the devices for the first time and enable the trial license.
Browse to each Kemp Loadmaster WebUI by using the Public IP address that is created during the deployment and specifying port 8441 for Loadmaster0 and 8442 for loadmaster1, eg: https://pubip:8441. This will use the NAT rules created to redirect to the specific appliance.
Log in with the username: bal and the password specified during deployment and accept the License Agreement.
Next, choose whether to enable automatic license checking.
Enable the trial license, if you haven’t registered for a Kemp ID follow the registration link.
Configure the first Load Master as the Master and then Configure the second device as the Slave.
This is where the Probe port 8444 is important. If the probe port is not properly configured then the HA Pair will not be able to properly tell which device is the master and you will see a notification that it is currently “un-checked”.
The sample template used configures the Azure Load Balancer to use the correct health probe, so after you perform the steps above on the Master and Slave then everything should function correctly. You can confirm this by rebooting the Master and you should see the Slave’s status changes to Active.
You can also check the System Logs and see that this is working as expected:
Jun 25 11:10:42 loadmaster1 cloud_check: Slave: Master down. I am the new master now
Jun 25 11:13:15 loadmaster1 cloud_check: Slave: Master up. I am the stand-by unit
If you play around with the Probe and disable it you will notice that each appliance will have a status of “un-checked” as the probe is not properly configured.
Adding a Virtual Service
Now that the Kemp’s are configured in an HA pair you can add the Web Server as a Virtual Service and test that is being served by the Kemp appliances.
After that you will be able to browse to the test webserver on port 80