Back to Main AZ-104 Hub
Capstone Project 1

Highly Available 3-Tier Web Architecture

Combine your knowledge of Networking, Compute, Load Balancing, and Monitoring to build a resilient application environment that can survive an entire datacenter outage.

The Scenario: Your company, Contoso, is launching a critical internal portal. If a server goes down, the application must stay online. If an entire Azure datacenter loses power, the application must stay online. It must also dynamically scale during peak business hours.

Phase 1: Foundational Networking

First, we need to create the boundaries for our application and properly segment the web traffic from the backend database traffic.

  1. Sign in to the Azure Portal and create a new Resource Group named Contoso-App-RG.
  2. Deploy a new Virtual Network named App-VNet with the address space 10.5.0.0/16.
  3. Create two distinct subnets within this VNet:
    • WebTier-Subnet (10.5.1.0/24)
    • DBTier-Subnet (10.5.2.0/24)
  4. Deploy a Network Security Group (NSG) named Web-NSG. Add an inbound rule allowing Port 80 (HTTP) from the internet.
  5. Associate the Web-NSG with the WebTier-Subnet.

Phase 2: Traffic Management

We cannot have a highly available application if users are pointing directly to a single server's IP address. We need a Load Balancer to act as the single point of contact.

  1. Search for Load Balancers and create a new one named App-LB.
  2. Ensure you select the Standard SKU and Public type.
  3. Create a new Frontend Public IP address named App-LB-PIP.
  4. Once deployed, open the Load Balancer and create a Backend Pool named Web-Servers-Pool. Select your App-VNet, but do not attach any Virtual Machines yet.
  5. Create a Health Probe named HTTP-Probe checking Port 80 every 5 seconds.
  6. Create a Load Balancing Rule linking the Frontend IP, the Backend Pool, and the Health Probe over Port 80.

Phase 3: Scalable Compute (VMSS)

Now we deploy the actual servers. By using a Scale Set spread across Availability Zones, we protect against catastrophic facility failures.

  1. Search for Virtual Machine Scale Sets and create a new one named Web-VMSS.
  2. Choose Windows Server 2022 as the image.
  3. Under the Availability zones setting, ensure Zones 1, 2, and 3 are all checked.
  4. Under the Networking tab, place the VMSS in the App-VNet and the WebTier-Subnet.
  5. Check the box to place instances behind a load balancer, and select the App-LB and Web-Servers-Pool you created in Phase 2.
  6. Under the Scaling tab, set the initial instance count to 2. Configure Custom auto-scaling to scale out (add 1 VM) if CPU exceeds 75%.
  7. Click Review + Create to deploy the fleet.

Phase 4: Observability & Alerting

If half of our servers go offline, the Load Balancer will keep the app running, but as an administrator, you need to know a failure occurred.

  1. Navigate to the App-LB Load Balancer resource.
  2. On the left menu, scroll down to Alerts and click + Create.
  3. For the Signal, select Health Probe Status.
  4. Set the alert logic to trigger if the Average Health Probe Status is Less than 50%. (Meaning half your servers are failing the health check).
  5. In the Actions tab, select or create an Action Group to send an email to your administrative address.
  6. Name the alert rule Critical: Web Tier Degraded and save it.
Project Complete!
You have successfully engineered an enterprise-grade architecture. Users hit your Public Load Balancer, which routes traffic across a fleet of VMs spanning three different physical data centers. If traffic spikes, the set automatically grows. If a datacenter goes dark, the remaining zones handle the traffic, and Azure Monitor instantly emails you.
Follow on LinkedIn