Introduction to Gateway Load Balancer
Gateway Load Balancer (LB) is a type of Load Balancer which enables high performance and high availability scenarios for a network virtual appliance (NVA Network Virtual Appliance - A resource deployed in Azure's Virtual Hub that includes Security Gateways and other networking infrastructure.) like a next-generation firewall or security gateway. It lets Azure customers deploy, scale, and manage NVAs quickly and easily. Additionally, it enables transparent NVA insertion in a network path.
Gateway LB uses a technology called VXLAN, "a network virtualization technology that attempts to address the scalability problems related to large cloud computing deployments" for the communication between the Load Balancer and the cloud network security gateway.
A Standard Azure LB forwards the traffic through a VXLAN tunnel to the new Gateway LB. Gateway LB encapsulates the traffic, so there is no change to the original traffic, and the security gateway decapsulates it. As a result, the security gateway can see the original source of the traffic. The source and destination operate without knowledge of having a Gateway LB in the path - making service chaining a reality.
On the return traffic, the Standard LB removes the VXLAN encapsulation and forwards this as usual.
The primary benefit of Gateway LB is the ease and speed of deployment, the cost efficiency while scaling NVAs up and down, improved network availability and flow symmetry, removing the need for complex and frequent manual route configurations, and making the destination applications see the original source.
Introduction to Virtual Machine Scale Sets (VMSS)
Virtual Machine Scale Sets (VMSS) are an Azure compute resource you can use to deploy and manage sets of identical Virtual Machines (VMs). The Scale Sets increase or decreases the number of Virtual Machines based on the current needs.
For example, multiple web servers serve a web application. The web servers are deployed across multiple fault and update domains. A Load Balancer distributes network traffic across this group of web servers as needed.
In the current cyber landscape, it is very important that you protect these environments from attackers with a security solution that is as scalable as the resources it protects. As the number of resources you protect scales up or down, the number of Security Gateways that provide protection has to scale too.
Azure Auto Scale is set up to increase or decrease the number of Check Point CloudGuard Network Security Gateways that protect your environment in the VMSS. A Check Point Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. manages these Check Point CloudGuard Security Gateways. You can locate the Check Point Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. in Azure, or on-premises.
|
Note - When you create a virtual machine (VM), you must create a virtual network (VNet) or use an existing VNet. It is also necessary to decide how your VMs are intended to be accessed on the VNet. Planning before creating resources is important and ensuring you understand networking resources' limits. |