Adding endpoints to an Azure Traffic Manager profile

The endpoints are where Azure Traffic Manager will resolve DNS queries to for your domain.After creating the Azure Traffic Manager profile, you must add the endpoints to the profile that you want Azure Traffic Manager to resolve DNS queries to. In the management portal, you can add, delete, and disable endpoints on the Endpoints page of the Azure Traffic Manager profile.



Adding, deleting, and disabling endpoints in an Azure Traffic Manager profile


You can use Azure PowerShell to add an endpoint by using the Get-AzureTrafficManagerProfile, Add-AzureTrafficManagerEndpoint, and Set-AzureTrafficManagerProfile cmdlets, as shown in the following code.

$tmProfile = Get-AzureTrafficManagerProfile -Name "ContosoTM"
Add-AzureTrafficManagerEndpoint -TrafficManagerProfile $tmProfile
-DomainName "contoso-web-west.azurewebsites.net" -Type AzureWebsite
-Status Enabled | Set-AzureTrafficManagerProfile

To remove an endpoint, use the Remove-AzureTraficManagerEndpoint cmdlet as shown here.

$tmProfile = Get-AzureTrafficManagerProfile -Name "ContosoTM"
Remove-AzureTrafficManagerEndpoint -TrafficManagerProfile $tmProfile `
-DomainName "contoso-web-west.azurewebsites.net" |
Set-AzureTrafficManagerProfile

To disable an endpoint, use the Set-AzureTraficManagerEndpoint cmdlet as shown here.

$tmProfile = Get-AzureTrafficManagerProfile -Name "ContosoTM"
Set-AzureTrafficManagerEndpoint -TrafficManagerProfile $tmProfile
-DomainName "contoso-web-west.azurewebsites.net" -Status Disabled | Set-AzureTrafficManagerProfile

Create a Traffic Manager profile using Azure PowerShell

To create a Traffic Manager profile using Azure PowerShell, use the New-AzureTraficManagerProfile cmdlet.

For example, this code creates a profile named ContosoTM with a domain name of contoso-web-tm.trafficmanager.net,and a Failover load balancing method.

New-AzureTrafficManagerProfile -Name ContosoTM -DomainName contoso-web-tm.trafficmanager.net -LoadBalancingMethod Failover -MonitorPort 80 -MonitorProtocol Http -MonitorRelativePath "/" -Ttl 30

HEALTH CHECK PAGES TO DETERMINE WEBSITE HEALTH

For Azure Traffic Manager to determine the health of your website endpoints (deployments) you need to provide some basic monitoring settings so that Azure Traffic Manager can query your endpoints to determine if an endpoint should be taken out of the rotation. The monitoring settings consist of the following:
■ Protocol This can be HTTP or HTTPS.
■ Port Use standard HTTP and HTTPS ports, such as 80 or 443.
■ Relative Path And File Name This is the path and ile name in the application that the monitoring service will perform an HTTP GET request against. This can be the root of the application, such as "/". Or, it could be a speciic health check page the application may make available, such as /Healthcheck.aspx.

USING HEALTH CHECK PAGES TO DETERMINE WEBSITE HEALTH

Some websites provide a health check page as part of the application and may name the page Healthcheck.aspx. The advantage of having a health check page is that the page can check the health of other services the application depends on, such as SQL Database connections, web service availability, or internal metrics the application developers have added as part of the health monitoring of the application. Just because a request for a page such as the root at "/" may return an HTTP 200 (OK), doesn't necessarily mean the application is healthy.

 By using a custom health check page, applications can more accurately determine the health of the application instance and return an error code, such as HTTP 503 (Service Unavailable). As a result, Azure Traffic Manager will remove the endpoint from the rotation until the application instance returns HTTP 200 (OK).

Creating an Azure Traffic Manager proile

To create an Azure Trafic Manager profile, you must select a unique DNS name for your profile.All Azure Traffic Manager profiles use the shared domain *.trafficmanager.net. Therefore, your DNS name must be unique because it will form the Azure Traffic Manager domain name that you will use when updating your DNS records. As an example, a DNS name for Contoso might be contoso-web-tm.trafficmanager.net.Related to the DNS name setting is the DNS time-to-live (TTL), which tells DNS clients and resolvers on DNS servers how long to cache the name resolved by Azure Traffic Manager. The default value for this setting is five minutes.

You must select a load balancing method. The load balancing options are as follows:

■ Performance Choose this option when your website is deployed in different regions and you want users to be routed to the closest data center you have deployed to.
■ Round Robin Choose this option when your website is deployed in the same or different regions and you want to distribute the load across multiple deployments.
■ Failover Choose this option when your website is deployed in the same or different regions and you want one deployment to be the primary for all traffic and the others to be available as backup if the primary becomes unavailable. If you have more than two deployments, then you can prioritize the order of the deployments that you want Traffic Manager to failover with.

Configuring Azure Trafic Manager

Azure Trafic Manager is a network service that you can use to route users to website endpoints(deployments) in potentially different datacenters around the world. It provides services and settings that you can use to improve availability, performance for users, or loadbalance traffic. It works by applying a policy engine to DNS queries for the domain names of your website.

To leverage the features of Azure Traffic Manager, you should have two or more deployments of your website. The deployments can be in the same region or spread across multiple regions around the world.

NOTE  :: MULTIPLE DEPLOYMENTS FOR THE SAME WEBSITE APPLICATION
 
The implementation of an application will greatly influence how Azure Traffic Manager can be used for that application. As simple as it may be to deploy the website to multiple locations, careful consideration should be given to whether or not the application was designed for multiple deployments. How data is managed and accessed by the website,whether or not application state is a factor, and other important application design aspects need to be reviewed. Traffic Manager is a powerful service in the Azure platform that should be reviewed

Configuring Azure Traffic Manager entails the following steps:
■ Create an Azure Traffic Manager profile.
■ Add endpoints to the profile.
■ 3Update DNS records for your custom domain.

Configuring SSL certificates for an Azure website

Azure Websites provide SSL support for every site by default. If your website is named contoso-web, you can open a browser and access it using http or https, as shown here:
 " contoso-web.azurewebsites.net "

However, the azurewebsites.net domain is a shared domain and therefore the wildcard certificate providing SSL is also shared, making it less secure than if you had a custom domain and your own SSL certificate for the custom domain. You also probably wouldn't want to use the shared domain for a public-facing site. Still, it's good to know this support is there for cases where the shared domain is acceptable.The majority of sites will have a custom domain and therefore will need to configure SSL with this in mind. The site must also be in Standard mode to support this configuration. Configuring SSL for an Azure website with a custom domain requires the following steps:

1. Obtain an SSL certiicate.
2. Upload the SSL certiicate to Azure.
3. Conigure the SSL bindings.

Note ::To conigure SSL for an Azure website with a custom domain, the website must be configured for Standard mode.

Obtaining an SSL certiicate

A certiicate authority must sign your SSL certificate, and the certiicate must adhere to the following requirements:
 -The certiicate contains a private key.
 -The certiicate must be created for key exchange that can be exported to a Personal Information Exchange (.pfx) file.
 -The certiicate's subject name must match the custom domain. If you have multiple custom domains for your website, the certiicate will need to be either a wildcard certiicate or have a subject alternative name (SAN).
 -The certiicate should use 2048-bit (or higher) encryption.

Uploading the SSL certiicate to Azure

After the SSL certiicate is obtained, you can upload it to Azure using the management portal by clicking the Domains and SSL part in the Website blade for your site as shown in figure. This opens the SSL Settings blade for your site where you can upload the certiicate.

The Configuration section of the Website blade showing the Domains and SSL part Configuring the SSL bindings.After the SSL certiicate has been uploaded to your Azure Website, the last step in the process is to conigure the SSL bindings. Azure Websites supports Server Name Indication (SNI) SSL and the traditional IP-based SSL. 

You can conigure the SSL bindings in the management portal in the SSL Settings blade referenced earlier in Figure. For each binding you must specify the following:
 -The custom domain name.
 -The SSL certiicate to use for the custom domain.
 -Select either SNI SSL or IP-based SSL.

 Note :

If you choose IP-based SSL for your SSL binding and your custom domain is conigured using an A record, Azure will assign a new dedicated IP address to your website. This is a different IP address than what you previously used to conigure the A record. Therefore,you must update the A record with your DNS registrar using the new virtual IP address. The virtual IP address can be found in the management portal by clicking the Properties part of the Website blade.

Associating the custom domain with the website

custom domain using the Set-AzureWebsite cmdlet as shown here.

Set-AZureWebsite -Name "contoso-web" -HostNames @(www.contoso.com, "contoso.com")

Note : Custom domains are not supported in the free tier of Azure Websites.

Configuring a custom domain for a website

Azure Websites are assigned to the azurewebsites.net domain. So, if your site name is contosoweb,then it is reachable at the URL contoso-web.azurewebsites.net. During development and testing this may be acceptable. However, as you approach the release of your website, you will generally want to configure a custom domain for the site, such as contoso.com.

Configuring a custom domain name requires the following steps:

1. Obtain a custom domain from a domain registrar of your choice.
2. Add DNS records for your domain using your domain registrar.
3. Associate the custom domain with your Azure website.

Adding DNS records

The DNS records you add with your domain registrar can be either an A record or CNAME record. An A record resolves a domain to a speciic IP address. For Azure Websites, that IP address is the IP address of the cluster of servers your website is running in. It is not the IP address of a speciic virtual machine. You can obtain the IP address you should use for your A record from the management portal by clicking the Domains and SSL part in the Website blade for your site. This will open the SSL Settings blade for your Site, as shown in Figure

If you use an A record, then Azure requires that you first add a CNAME record to verify that you own the domain. This CNAME must be formatted as awverify..com and map to awverify..azurewebsites.net. below Table  illustrates how the A record and CNAME record are deined for the custom domain contoso.com.

NOTE :: The awverify CNAME record is only used when using an A record to conigure a custom
domain.

If you use CNAME records, then your DNS records only indicate the custom domain and the Azure website URL it maps to. It is also possible to map subdomains. Below Table shows an example of how a CNAME record is defined for a custom domain contoso.com.