- Load Balancing Overview
- KEMP Virtual LoadMaster for Azure Use Cases
- Simplified Access to Complex Infrastructure
- Secure Traffic Management with SSL Offload and Reencrypt
- Single Sign-On and Active Directory integration
Oftentimes, customers who are considering deploying their solutions to Azure in a cloud-only or hybrid environments, have to make a choice between Azure’s built-in load balancing functionality, and third-party solutions available in Azure Marketplace. KEMP’s LoadMaster is an advanced, integrated Application Delivery Controller which offers many ways to optimize and secure cloud based workloads with features including:
- Layer 4-7 application load balancing, reverse proxy
- Client authentication and single sign-on (SSO)
- Content switching/Traffic Management
- Global site traffic distribution (GSLB)
- Layer 4-7 application load balancing with L7 persistence
- Native IPsec VPN for hybrid deployments
- Web application firewall (WAF)
- Support multiple workloads on single public IP
- SSL/TLS termination and re-encryption
- Throughput up to 10Gbps/12,000 SSL TPS
This article provides an overview of some of the basic functionality of the KEMP Virtual LoadMaster (VLM) for Azure. It then shows how VLM for Azure can complement Microsoft’s cloud platform by considering three popular use cases. The first looks at how a single IP address can be used to deliver tailored services from differently configured back ends; the second covers SSL offload; the last illustrates single sign-on to cloud based resources. Further articles in this series will address additional Azure use cases enabled by LoadMaster.
KEMP has worked closely with Microsoft since the inception of the Azure cloud and was one of the first to offer full-featured ADC functionality through the Azure Marketplace. The features and functionality offered by KEMP LoadMaster for Azure allows customers to successfully deploy applications that rely heavily on Layer 7 application delivery functionality.
The following table provides a quick reference to the application delivery and load balancing features available from Azure’s built-in load balancing functionality and KEMP VLM for Azure:
|Azure Load Balancer||KEMP Loadmaster – for Azure|
|Application Aware – L7 Load Balancing|
|Web Application Firewall|
|Hybrid Traffic Distribution||
(Using Application Gateway)
(With Advanced Traffic Distribution)
L4 / L7 (Cookie and More)
|SSL Termination / Offload||
(Using Application Gateway)
(Full termination and offload capabilities with cipher selection)
|Content caching and compression|
|Least Connection Scheduling|
|VM Resource Availability Awareness|
Using Traffic Manager
|Support Basic Tier VM (20% savings)|
|Single Sign On|
|SmartCard (CAC) / Certificate Auth|
|Kerberos Constrained Delegation Support|
Let’s take a look a few of the most common use cases where customers chose KEMP LoadMaster for Azure for its ease of use and effectiveness to handle given application requirements.
The advanced content switching capabilities of the VLM for Azure leverage regular expressions (REGEX) to modify and direct traffic to the correct Azure service. Figure 2 shows how incoming requests on a single IP address can be routed to an appropriate service depending on the type and content of the request. Content matching rules along with header modification functionality within KEMP’s LoadMaster for Azure provide the flexibility to create solutions that benefit from multiple Azure Platform as a Service (PaaS) offerings (such as Azure Web Sites) as well as Azure Infrastructure as a Service (IaaS) offerings.
When leveraging Azure PaaS for web, mobile or other applications, there’s often a need to incorporate several of these services into a single web site/portal to achieve an integrated end-user experience. With the advanced content switching capabilities of KEMP LoadMaster, customers attain both the ability to move these applications to the cloud for reduced TCO as well as the flexibility to leverage multiple services for the needs of the business.
When leveraging functionality offered by different Azure offerings, or when a service provider is required to provide separation amongst multiple customers, it becomes important to understand the content being requested and route the request to appropriate destination. This traffic segmentation often requires SSL offload and re-encrypt functionality. The offload and re-encrypt functionality provided by VLM for Azure ensures that customers are able to provide end-to-end secure connection while making appropriate application request routing decisions.
Utilizing SSL offload and re-encrypt functionality, VLM for Azure customers are also able to leverage other Layer 7 functionality such as Web Application (WAF) Firewall, pre-authentication and group based request routing (using the KEMP Edge Security Pack) and content caching and compression, to name a few..
As Microsoft adds new functionality to the Azure Active Directory offering, customers can benefit from other advanced functionality offered by KEMP.
The KEMP LoadMaster Edge Security Pack (ESP) provides security features such as single sign-on, pre-authentication and the ability to assign permitted groups. In addition, ESP can be configured to allow only specific URLs and virtual directories to be published through the LoadMaster.
With the introduction of Azure Active Directory Domain Services, AD can be extended into your virtual network and the KEMP Virtual LoadMaster for Azure can authenticate users directly. This configuration can provide seamless access to applications within Azure as well as single sign-on for multiple applications that are published using KEMP LoadMaster for Azure.
KEMP Virtual LoadMaster for Azure provides familiar, on-premises application delivery functionality in the Microsoft cloud. Customers looking for advanced Layer 7 ADC functionality for their applications find KEMP LoadMaster easy to deploy while providing advanced application health checks, multi-tenant hosting, a comprehensive set of load balancing algorithms and of course, high availability. When used in conjunction with KEMP’s new advanced offerings such as KEMP360 Central and KEMP360 Vision, customers also benefit from centralized control of their LoadMaster deployments and ensure the availability of their critical applications.