Configure name resolution and load balancing
📘Microsoft Certified: Azure Administrator Associate (AZ-104)
Azure Load Balancer is an essential service for distributing network traffic across multiple virtual machines (VMs) or services. For the AZ-104 exam, you must understand what Azure Load Balancer is, the difference between public and internal (private) load balancers, how they work, their components, and how to configure them.
This guide explains everything in simple IT terms so both beginners and IT professionals can understand.
1. What Is Azure Load Balancer?
Azure Load Balancer is a Layer-4 (TCP/UDP) load balancer that distributes incoming network traffic evenly across multiple backend resources, such as:
- Virtual Machines (VMs)
- Virtual Machine Scale Sets
- Containers
It provides:
- High availability
- Scalability
- Automatic failover
- Health-check based routing
It only works with TCP, UDP, and ICMP traffic.
2. Types of Azure Load Balancers
Azure Load Balancer comes in two main forms:
A. Public Load Balancer (Internet-Facing)
Used when clients on the internet need access to your application.
Purpose
- Accepts traffic from the internet using a public IP.
- Routes that traffic to backend VMs inside a virtual network.
Common IT uses
- Hosting a web application across multiple VMs.
- Providing highly available internet-facing workloads.
- Load balancing traffic for services accessible externally.
B. Internal Load Balancer (Private Load Balancer)
Used for traffic inside an Azure virtual network or through VPN/ExpressRoute.
Purpose
- Uses a private IP address only.
- Routes internal traffic to backend VMs.
Common IT uses
- Load balancing application tiers inside a VNet
(e.g., database servers, API servers, internal portals) - Internal applications not meant to be exposed publicly
- Microservices communication inside the network
3. Azure Load Balancer SKUs (Exam-Important)
| Feature | Basic SKU | Standard SKU |
|---|---|---|
| Availability | Single-Zone | Zone Redundant |
| Backend pool size | Limited | Large scale |
| Health probes | Basic | Advanced (HTTPS available) |
| Public IP SKU required | Basic only | Standard only |
| Security | Open by default | Secure by default (NSG required) |
| Recommended? | ❌ Deprecated for new workloads | ✅ Yes |
AZ-104 focuses mostly on Standard Load Balancer.
4. Key Components of Azure Load Balancer
Understanding these is essential for the exam.
1. Frontend IP Configuration
Defines how clients connect to the load balancer.
- Public Load Balancer: uses a public IP address
- Internal Load Balancer: uses a private IP address from the VNet
2. Backend Pool
A group of resources that receive the load-balanced traffic, such as:
- VMs
- VM Scale Set instances
- NICs of virtual machines
Azure distributes traffic only to healthy instances in this pool.
3. Health Probes
Health probes check if backend machines are healthy and responsive.
Types of probes:
- TCP probe
- HTTP probe
- HTTPS probe (Standard SKU)
- Custom ports
If a VM fails the probe, Azure temporarily stops sending traffic to it.
4. Load Balancing Rules
These rules define:
- Which frontend IP receives traffic
- Which backend pool it forwards traffic to
- Which port mapping to use
For example:
Frontend port 80 → Backend port 80
5. Inbound NAT Rules
These allow direct connections to individual VMs in the backend, commonly used for:
- Admin access (SSH/RDP)
- Diagnostics or management
Example:
Public IP port 5001 → VM1 port 22 (SSH)
Public IP port 5002 → VM2 port 22 (SSH)
5. How Azure Load Balancer Distributes Traffic
Azure Load Balancer uses hash-based distribution based on:
- Source IP
- Destination IP
- Source port
- Destination port
- Protocol type
This ensures traffic flows consistently to the same backend instance until the session ends (session persistence).
6. Configure a Public Load Balancer (Step-by-Step)
(High-level process for AZ-104 exam)
Step 1 — Create the Load Balancer
- Choose Standard SKU
- Select Public type
- Assign or create a public IP
Step 2 — Create Backend Pool
- Add VM NICs or VM Scale Set instances
Step 3 — Configure Health Probes
- Choose TCP or HTTP
- Set port (e.g., 80, 443)
Step 4 — Configure Load Balancing Rule
- Select:
- Frontend IP
- Backend pool
- Protocol (TCP/UDP)
- Frontend/Backend port
- Health probe
Optional: NAT Rules
- Add inbound NAT rules for individual VM access
7. Configure an Internal Load Balancer (Step-by-Step)
Step 1 — Create Load Balancer
- Choose Internal
- Assign a private IP address from a subnet
Step 2 — Create Backend Pool
- Add VMs from within the same VNet
Step 3 — Configure Health Probe
- TCP/HTTP probe depending on your application
Step 4 — Add Load Balancer Rules
- Map internal traffic
Example: port 443 frontend → port 443 backend
8. High Availability Scenarios (Exam-Relevant)
Public Application Deployment
- Use Public Load Balancer in front of:
- Web servers
- API endpoints
- VM Scale Sets
Internal Application Deployment
- Use Internal Load Balancer for:
- Application tiers such as:
- Internal APIs
- Databases
- Application servers
- Traffic inside a VNet
- Application tiers such as:
Cross-Zone Load Balancing
- Standard SKU supports zone redundancy
- Traffic automatically spans availability zones
9. Network Security with Load Balancers
Standard Load Balancer is secure by default
Meaning incoming traffic is denied unless allowed with:
- Network Security Groups (NSGs)
For the exam, remember:
- NSGs must allow traffic to backend VMs on the backend port.
- Frontend traffic must be allowed on the frontend port to the load balancer.
10. Common Scenarios to Know for AZ-104
✔ Web application load balancing
Public LB → Backend web servers
✔ Internal API load balancing
Internal LB → Backend API servers
✔ Separating traffic tiers
Frontend tier uses Public LB
Middle tier uses Internal LB
Backend tier (database) is not load balanced
✔ VM Scale Sets
Automatically integrate with Standard Load Balancer
✔ RDP/SSH access
Use Load Balancer inbound NAT rules
11. Exam Tips for “Configure Internal or Public Load Balancers”
⭐ You must know:
- Difference between public and internal LB
- How health probes work
- What backend pools do
- How load-balancing rules function
- Load Balancer SKU differences
- How VM Scale Sets use load balancers
- NSG configurations with Standard Load Balancer
- Private IP vs Public IP frontends
- Basic steps to deploy and configure
⭐ Study questions may ask:
- Which load balancer to use for internet-facing workloads
- How to ensure high availability for internal services
- How to restrict access to internal load balancers
- How to configure health probes properly
- Why traffic is not reaching backend VMs (usually NSG or probe issues)
12. Summary
Azure Load Balancer is a Layer-4 service that distributes TCP/UDP traffic to backend workloads.
You can configure:
- Public Load Balancers for internet-facing applications
- Internal Load Balancers for private, internal applications
Key components include:
- Frontend IPs
- Backend pools
- Health probes
- Load balancing rules
- NAT rules
Understanding configuration steps, SKU differences, and networking requirements is essential for passing the AZ-104 exam.
