cancel
Showing results for 
Search instead for 
Did you mean: 

Pulse VTM as Azure internal load balancer

stevenjcooper
New Member

Pulse VTM as Azure internal load balancer

I've deployed the Pulse Virtual Traffic Manager template available from the Azure marketplace, but it appears to only be able to function as an external (internet-facing) load balancer. I want to configure the VTM as an internal application gateway, i.e. with the virtual server listening on an internal address behind a firewall, not a public IP address. Can this be done?

3 REPLIES 3
ggarcia
Occasional Contributor

Re: Pulse VTM as Azure internal load balancer

The Azure vTM instance can be deployed as an internal facing application gateway. To accomplish the requirements, you must take a copy of the template and remove the public IP from the config. Look into the template for Public IP entries as you may need to update them as well with the new internal IP.  The Azure template download is offered on the end of the UI menu.

 

Basically the Azure vTM instance that sits in front of the VM scale set needs to be configure to listen to a private IP rather than a Public IP.

 

Genard

Re: Pulse VTM as Azure internal load balancer

With this workaround can you add multiple traffic IPs (TIPs) to the vTM once its deployed in Azure?
or do we still have to use multiple port mappings on a single TIP that is also shared with the admin interface?
On AWS the vTM interacts with the API to spin up extra TIPs from the virtual subnets.
On Azure, with the public instance from marketplace I get a warning in the GUI that "all traffic managers are running inside Asure, Traffic IP groups cannot be created"


ldarby
Moderator

Re: Pulse VTM as Azure internal load balancer

Hello,

 

Multiple traffic IPs in Azure aren't currently supported, we have an RFE for this, RFE-1199.

 

According to the internal notes on that RFE, it's possible to get have multple TIPs, with a software install of vTM in Azure (which I believe but haven't confirmed doesn't have that "All traffic managers are running inside Azure" message)  and also some custom scripting, that calls these two commands appropriately on failover:

 

  • Remove any existing mapping: `az network nic ip-config delete --resource-group <group> --nic-name <nic> --name <TIP-name>`
  • Add mapping to correct vTM: `az network nic ip-config create --resource-group <group> --nic-name <name> --name <TIP name> --private-ip-address <ip>`

If you're a customer who needs this, please follow up with your account manager, both for registering your interest in the RFE and for prof-serv time for delivery of the script. (the script is written already, but looks like it needs testing, and I don't have approval to post it here).

 

(Edit: I see you opened a support case for this already before I responded here, apologies.  The above still applies for any other customers wanting this though)

 

Regards,

Laurence

Pulse Secure vADC Support (Acquired by Ivanti)