Forum Discussion
Load Balancing between On-Prem server and Azure Cloud server
MattAlex1 Typically I wouldn't recommend load balancing over the internet from your site to Azure or any cloud provider and would instead have a VPN between your site and the cloud provide and then load balance across the VPN link. Second, you will be required to configure SNAT on your virtual server and you should use a SNAT pool list with the IP of the virtual server instead of using automap. Lastly, you will most likely have increased delay when load balancing to a cloud from another physical location but it is completely dependent on how your VPN tunnel performs.
- MattAlex1Jun 12, 2023Altocumulus
Dear Paulius,
Thank you for the reply. Can you please let me know why wouldn't you recommend it without VPN?
CyberArk can work on purely cloud without VPN. IF that is the case couldn;t this be used?
- PauliusJun 12, 2023MVP
MattAlex1 The reason I would not recommend you load balancing directly over the internet is because not you have introduced a new possible attack vector between your load balancer and the destination over the internet. If you had a VPN between the F5 environment and the Azure environment then you know both networks are trusted so for the most part you don't have to worry about someone between you and Azure spoofing the connection. I would like to note that AubreyKingF5 does bring up a great option that will remove the F5 from the Azure side of the connections allowing for DNS load balancing and then LTM load balancing on the site that has it when the DNS request lands on that side. You will remove a bit of load balancing capability because instead of say you have a pool of 3 PVWA and 3 PSM which would include the 3rd as the Azure side you now have 2 PVWA and 2 PSM with the GSLB setup with one of those hosts actually having 2 hosts behind it. This is a simple option that would work well and can most likely be tuned to add more weight to the DNS response for the LTM to help balance the connections evenly.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com