NGINX Management with NGINX Controller
NGINX Controller is a separate and optional product from NGINX, Inc. that manages the NGINX data plane and the entire lifecycle of NGINX Plus under these configurations:
- Load Balancer
- API Gateway
- Proxy in a service mesh environment
This optional and separate NGINX product is fully functional within Azure and provides an additional or exclusive way to manage NGINX without the use of Azure Security Center, Azure Monitor or the Azure Portal or PowerShell.
Azure Security Center with NGINX
Azure Security Center (ASC) is a service that comes in a free tier with limited functionality and a fee-based standard tier with a complete set of security capabilities for organizations that need enhanced functionality. The free tier monitors compute, network, storage, and application resources in Azure. It also provides security policy, security assessment, security recommendations, and the ability to connect with other security partner solutions. The standard tier includes all the capabilities of the free tier for on-prem environments (private cloud) as well as other public clouds such as AWS and Google Cloud Platform (GCP). The standard tier also includes many more security features along with the following critical security controls:
- Built-in and custom alerts
- Security event collection and advanced search
- Just-in-time VM access
- Application white listing
Microsoft Azure have three options for load balancing:
- NGINX Plus,
- the Azure load balancing services, or
- NGINX Plus in conjunction with the Azure load balancing services.
The following aims to give you enough information to decide which best works for you and shows you how using NGINX Plus with Azure Load Balancer can give you a highly available HTTP load balancer with rich Layer 7 functionality.
Azure Resource Manager is the deployment and management service for Azure. It provides a consistent management layer that enables you to create, update, and delete resources in your Azure subscription. You can use its access control, auditing, and tagging features to secure and organize your resources after deployment.
There are no prebuilt ARM templates or PowerShell scripts available from NGINX currently. However, there is nothing preventing the creation of an ARM template and PowerShell script based on your custom deployment requirements for Azure using your custom VM images previously created.
The following provides an example of creating an Ubuntu 16.04 LTS marketplace image from Canonical along with the NGINX web server using the Azure Cloud Shell and the Azure PowerShell module.
The Azure Marketplace is a software repository for pre-built and configured Azure resources from independent software vendors (ISVs). You will find open source and enterprise applications that have been certified and optimized to run on Azure.
NGINX, Inc. provides the latest release of NGINX Plus in the Azure Marketplace as a virtual machine (VM) image. NGINX OSS is not available from NGINX, Inc. but there are several options available from other ISVs in the Azure Marketplace.
Searching for “NGINX” in the Azure Marketplace will produce several results as shown below:
NGINX Open Source Software (OSS) is free while NGINX Plus is a commercial product that offers advanced features and enterprise-level support as licensed software by NGINX, Inc.
NGINX Plus combines the functionality of a high-performance web server, a powerful front-end load balancer and a highly-scalable accelerating cache to create the ideal end-to-end platform for your web applications. NGINX Plus is built on top of NGINX open source.
For organizations currently using NGINX open source, NGINX Plus eliminates the complexity of managing a “do-it-yourself” chain of proxies, load balancers and caching servers in a mission-critical application environment.
Azure provides several options for managed load balancing services:
- Azure Load Balancer
- Azure Application Gateway
- Azure Traffic Manager
Each of these services will be reviewed to understand when to use each service effectively.
The Open System Interconnection (OSI) model defines a networking framework to implement protocols in seven layers:
- Layer 7: The application layer
- Layer 6: The presentation layer
- Layer 5: The session layer
- Layer 4: The transport layer
- Layer 3: The network layer
- Layer 2: The data-link layer
- Layer 1: The physical layer
The OSI model doesn’t perform any functions in the networking process. It is a conceptual framework to better understand complex interactions that are happening.
Load balancers have evolved considerably since they were introduced in the 1990s as hardware-based servers or appliances. Cloud load balancing, also referred to as Load Balancing as a Service (LBaaS), is an updated alternative to hardware load balancers. Regardless of the implementation of a load balancer, scalability is still the primary goal of load balancing, even though modern load balancers can do so much more.
Optimal load distribution reduces site inaccessibility caused by the failure of a single server while assuring consistent performance for all users. Different routing techniques and algorithms ensure optimal performance in varying load-balancing scenarios.
Modern websites must support concurrent connections from clients requesting text, images, video, or application data, all in a fast and reliable manner, while scaling from hundreds of users to millions of users during peak times. Load balancers are a critical part of this scalability.
- Problems Load Balancers Solve
- The Solutions Load Balancers Provide
- The OSI Model and Load Balancing
Problems Load Balancers Solve
In cloud computing, load balancers solve three issues that fall under:
- Cloud Bursting
- Local Load Balancing
- Global Load Balancing
Cloud bursting is a configuration between a private cloud (i.e. on-prem compute environment) and a public cloud that uses a load balancer to redirect overflow traffic from a private cloud that has reached 100% of resource capacity to a public cloud to avoid decreases in performance or an interruption of service.
This series of 9 blog posts are suitable for cloud solution architects and software architects looking to integrate NGINX (pronounced en-juhn-eks) with Azure-managed solutions to improve load balancing, performance, security, and high availability for workloads. Software developers and technical managers will also understand how these technologies in the cloud have a direct impact on application development and application architecture for more cloud-native solutions. Load balancing provides scalability and a higher level of availability by distributing incoming network traffic efficiently across a group of backend servers, also known as a server pool or server cluster.
This series of blog posts provides a meaningful description of load-balancing options available natively from Microsoft Azure and the role NGINX can play in a comprehensive solution.
Even though the examples used are specific to Azure, these load balancing concepts and implementations using NGINX apply equally to other large public cloud providers such as Amazon Web Services (AWS), Google Cloud Platform, Digital Ocean, and IBM Cloud along with their respective cloud platform–native load balancers.