| title | titleSuffix | description | services | documentationcenter | author | manager | Customer intent | ms.assetid | ms.service | ms.devlang | ms.topic | ms.tgt_pltfrm | ms.workload | ms.date | ms.author | ms:custom |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Quickstart: Create an internal load balancer - Azure PowerShell |
Azure Load Balancer |
This quickstart shows how to create an internal load balancer using Azure PowerShell |
load-balancer |
na |
asudbring |
KumudD |
I want to create a load balancer so that I can load balance internal traffic to VMs. |
load-balancer |
na |
quickstart |
na |
infrastructure-services |
08/27/2020 |
allensu |
seodec18 |
Get started with Azure Load Balancer by using Azure PowerShell to create an internal load balancer and two virtual machines.
- An Azure account with an active subscription. Create an account for free.
- Azure PowerShell installed locally or Azure Cloud Shell
[!INCLUDE updated-for-az]
[!INCLUDE cloud-shell-try-it.md]
If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 5.4.1 or later. Run Get-Module -ListAvailable Az to find the installed version. If you need to upgrade, see Install Azure PowerShell module. If you're running PowerShell locally, you also need to run Connect-AzAccount to create a connection with Azure.
An Azure resource group is a logical container into which Azure resources are deployed and managed.
Create a resource group with New-AzResourceGroup:
- Named myResourceGroupLB.
- In the eastus location.
## Variables for the command ##
$rg = 'MyResourceGroupLB'
$loc = 'eastus'
New-AzResourceGroup -Name $rg -Location $loc
Note
Standard SKU load balancer is recommended for production workloads. For more information about skus, see Azure Load Balancer SKUs.
Before you deploy VMs and test your load balancer, create the supporting virtual network resources.
Create a virtual network with New-AzVirtualNetwork:
- Named myVNet.
- In resource group myResourceGroupLB.
- Subnet named myBackendSubnet.
- Virtual network 10.0.0.0/16.
- Subnet 10.0.0.0/24.
- Subnet named AzureBastionSubnet.
- Subnet 10.0.1.0/24.
## Variables for the command ##
$rg = 'myResourceGroupLB'
$loc = 'eastus'
$sub = 'myBackendSubnet'
$spfx = '10.0.0.0/24'
$vnm = 'myVNet'
$vpfx = '10.0.0.0/16'
$bsub = 'AzureBastionSubnet'
$bpfx = '10.0.1.0/24'
## Create backend subnet config ##
$subnetConfig =
New-AzVirtualNetworkSubnetConfig -Name $sub -AddressPrefix $spfx
## Create Azure Bastion subnet
$bassubConfig =
New-AzVirtualNetworkSubnetConfig -Name $bsub -AddressPrefix $bpfx
## Create the virtual network ##
$vnet =
New-AzVirtualNetwork -ResourceGroupName $rg -Location $loc -Name $vnm -AddressPrefix $vpfx -Subnet $subnetConfig,$bassubConfig
Use New-AzPublicIpAddress to create a public ip address for the bastion host:
- Named myPublicIPBastion
- In resource group myResourceGroupLB.
- In the eastus location.
- Allocation method static.
- Standard sku.
## Variables for the command ##
$rg = 'myResourceGroupLB'
$loc = 'eastus'
$ipn = 'myPublicIPBastion'
$all = 'static'
$sku = 'standard'
$publicip =
New-AzPublicIpAddress -ResourceGroupName $rg -Location $loc -Name $ipn -AllocationMethod $all -Sku $sku
Use New-AzBastion to create a bastion host:
- Named myBastion.
- In resource group myResourceGroupLB.
- In virtual network myVNet.
- Associated with public ip address myPublicIPBastion.
## Variables for the commands ##
$rg = 'myResourceGroupLB'
$nmn = 'myBastion'
## Command to create bastion host. $vnet and $publicip are from the previous steps ##
New-AzBastion -ResourceGroupName $rg -Name $nmn -PublicIpAddress $publicip -VirtualNetwork $vnet
It can take a few minutes for the Azure Bastion host to deploy.
Create network security group to define inbound connections to your virtual network.
Create a network security group rule with New-AzNetworkSecurityRuleConfig:
- Named myNSGRuleHTTP.
- Description of Allow HTTP.
- Access of Allow.
- Protocol (*).
- Direction Inbound.
- Priority 2000.
- Source of the Internet.
- Source port range of (*).
- Destination address prefix of (*).
- Destination Port 80.
## Variables for command ##
$rnm = 'myNSGRuleHTTP'
$des = 'Allow HTTP'
$acc = 'Allow'
$pro = '*'
$dir = 'Inbound'
$pri = '2000'
$spfx = 'Internet'
$spr = '*'
$dpfx = '*'
$dpr = '80'
$rule1 =
New-AzNetworkSecurityRuleConfig -Name $rnm -Description $des -Access $acc -Protocol $pro -Direction $dir -Priority $pri -SourceAddressPrefix $spfx -SourcePortRange $spr -DestinationAddressPrefix $dpfx -DestinationPortRange $dpr
Create a network security group with New-AzNetworkSecurityGroup:
- Named myNSG.
- In resource group myResourceGroupLB.
- In location eastus.
- With security rules created in previous steps stored in a variable.
## Variables for command ##
$rg = 'myResourceGroupLB'
$loc = 'eastus'
$nmn = 'myNSG'
## $rule1 contains configuration information from the previous steps. ##
$nsg =
New-AzNetworkSecurityGroup -ResourceGroupName $rg -Location $loc -Name $nmn -SecurityRules $rule1
This section details how you can create and configure the following components of the load balancer:
- A frontend IP pool that receives the incoming network traffic on the load balancer.
- A backend IP pool where the frontend pool sends the load balanced network traffic.
- A health probe that determines health of the backend VM instances.
- A load balancer rule that defines how traffic is distributed to the VMs.
Create a front-end IP with New-AzLoadBalancerFrontendIpConfig:
- Named myFrontEnd.
- Private ip address of 10.0.0.4.
## Variables for the commands ##
$fe = 'myFrontEnd'
$rg = 'MyResourceGroupLB'
$ip = '10.0.0.4'
## Command to create frontend configuration. The variable $vnet is from the previous commands. ##
$feip =
New-AzLoadBalancerFrontendIpConfig -Name $fe -PrivateIpAddress $ip -SubnetId $vnet.subnets[0].Id
Create a back-end address pool with New-AzLoadBalancerBackendAddressPoolConfig:
- Named myBackEndPool.
- The VMs attach to this back-end pool in the remaining steps.
## Variable for the command ##
$be = 'myBackEndPool'
$bepool =
New-AzLoadBalancerBackendAddressPoolConfig -Name $be
A health probe checks all virtual machine instances to ensure they can send network traffic.
A virtual machine with a failed probe check is removed from the load balancer. The virtual machine is added back into the load balancer when the failure is resolved.
Create a health probe with Add-AzLoadBalancerProbeConfig:
- Monitors the health of the virtual machines.
- Named myHealthProbe.
- Protocol TCP.
- Monitoring Port 80.
## Variables for the command ##
$hp = 'myHealthProbe'
$pro = 'http'
$port = '80'
$int = '360'
$cnt = '5'
$probe =
New-AzLoadBalancerProbeConfig -Name $hp -Protocol $pro -Port $port -RequestPath / -IntervalInSeconds $int -ProbeCount $cnt
A load balancer rule defines:
- Frontend IP configuration for the incoming traffic.
- The backend IP pool to receive the traffic.
- The required source and destination port.
Create a load balancer rule with Add-AzLoadBalancerRuleConfig:
- Named myHTTPRule
- Listening on Port 80 in the frontend pool myFrontEnd.
- Sending load-balanced network traffic to the backend address pool myBackEndPool using Port 80.
- Using health probe myHealthProbe.
- Protocol TCP.
## Variables for the command ##
$lbr = 'myHTTPRule'
$pro = 'tcp'
$port = '80'
## $feip and $bePool are the variables from previous steps. ##
$rule =
New-AzLoadBalancerRuleConfig -Name $lbr -Protocol $pro -Probe $probe -FrontendPort $port -BackendPort $port -FrontendIpConfiguration $feip -BackendAddressPool $bePool -DisableOutboundSNAT
Note
The virtual machines in the backend pool will not have outbound internet connectivity with this configuration.
For more information on providing outbound connectivity, see:
Outbound connections in Azure
Options for providing connectivity:
Outbound-only load balancer configuration
What is Virtual Network NAT?
Create an internal load Balancer with New-AzLoadBalancer:
- Named myLoadBalancer
- In eastus.
- In resource group myResourceGroupLB.
## Variables for the command ##
$lbn = 'myLoadBalancer'
$rg = 'myResourceGroupLB'
$loc = 'eastus'
$sku = 'Standard'
## $feip, $bepool, $probe, $rule are variables with configuration information from previous steps. ##
$lb =
New-AzLoadBalancer -ResourceGroupName $rg -Name $lbn -SKU $sku -Location $loc -FrontendIpConfiguration $feip -BackendAddressPool $bepool -Probe $probe -LoadBalancingRule $rule
Create three network interfaces with New-AzNetworkInterface:
- Named myNicVM1.
- In resource group myResourceGroupLB.
- In location eastus.
- In virtual network myVNet.
- In subnet myBackendSubnet.
- In network security group myNSG.
- Attached to load balancer myLoadBalancer in myBackEndPool.
## Variables for command ##
$rg = 'myResourceGroupLB'
$loc = 'eastus'
$nic1 = 'myNicVM1'
$vnt = 'myVNet'
$lb = 'myLoadBalancer'
$ngn = 'myNSG'
## Command to get virtual network configuration. ##
$vnet =
Get-AzVirtualNetwork -Name $vnt -ResourceGroupName $rg
## Command to get load balancer configuration
$bepool =
Get-AzLoadBalancer -Name $lb -ResourceGroupName $rg | Get-AzLoadBalancerBackendAddressPoolConfig
## Command to get network security group configuration ##
$nsg =
Get-AzNetworkSecurityGroup -Name $ngn -ResourceGroupName $rg
## Command to create network interface for VM1 ##
$nicVM1 =
New-AzNetworkInterface -ResourceGroupName $rg -Location $loc -Name $nic1 -LoadBalancerBackendAddressPool $bepool -NetworkSecurityGroup $nsg -Subnet $vnet.Subnets[0]
- Named myNicVM2.
- In resource group myResourceGroupLB.
- In location eastus.
- In virtual network myVNet.
- In subnet myBackendSubnet.
- In network security group myNSG.
- Attached to load balancer myLoadBalancer in myBackEndPool.
## Variables for command ##
$rg = 'myResourceGroupLB'
$loc = 'eastus'
$nic2 = 'myNicVM2'
$vnt = 'myVNet'
$lb = 'myLoadBalancer'
$ngn = 'myNSG'
## Command to get virtual network configuration. ##
$vnet =
Get-AzVirtualNetwork -Name $vnt -ResourceGroupName $rg
## Command to get load balancer configuration
$bepool =
Get-AzLoadBalancer -Name $lb -ResourceGroupName $rg | Get-AzLoadBalancerBackendAddressPoolConfig
## Command to get network security group configuration ##
$nsg =
Get-AzNetworkSecurityGroup -Name $ngn -ResourceGroupName $rg
## Command to create network interface for VM2 ##
$nicVM2 =
New-AzNetworkInterface -ResourceGroupName $rg -Location $loc -Name $nic2 -LoadBalancerBackendAddressPool $bepool -NetworkSecurityGroup $nsg -Subnet $vnet.Subnets[0]
Set an administrator username and password for the VMs with Get-Credential:
$cred = Get-Credential
Create the virtual machines with:
- Named myVM1.
- In resource group myResourceGroupLB.
- Attached to network interface myNicVM1.
- Attached to load balancer myLoadBalancer.
- In Zone 1.
- In the eastus location.
## Variables used for command. ##
$rg = 'myResourceGroupLB'
$vm = 'myVM1'
$siz = 'Standard_DS1_v2'
$pub = 'MicrosoftWindowsServer'
$off = 'WindowsServer'
$sku = '2019-Datacenter'
$ver = 'latest'
$zn = '1'
$loc = 'eastus'
## Create a virtual machine configuration. $cred and $nicVM1 are variables with configuration from the previous steps. ##
$vmConfig =
New-AzVMConfig -VMName $vm -VMSize $siz | Set-AzVMOperatingSystem -Windows -ComputerName $vm -Credential $cred | Set-AzVMSourceImage -PublisherName $pub -Offer WindowsServer -Skus $sku -Version $ver | Add-AzVMNetworkInterface -Id $nicVM1.Id
## Create the virtual machine ##
New-AzVM -ResourceGroupName $rg -Zone $zn -Location $loc -VM $vmConfig
- Named myVM2.
- In resource group myResourceGroupLB.
- Attached to network interface myNicVM2.
- Attached to load balancer myLoadBalancer.
- In Zone 2.
- In the eastus location.
## Variables used for command. ##
$rg = 'myResourceGroupLB'
$vm = 'myVM2'
$siz = 'Standard_DS1_v2'
$pub = 'MicrosoftWindowsServer'
$off = 'WindowsServer'
$sku = '2019-Datacenter'
$ver = 'latest'
$zn = '2'
$loc = 'eastus'
## Create a virtual machine configuration. $cred and $nicVM2 are variables with configuration from the previous steps. ##
$vmConfig =
New-AzVMConfig -VMName $vm -VMSize $siz | Set-AzVMOperatingSystem -Windows -ComputerName $vm -Credential $cred | Set-AzVMSourceImage -PublisherName $pub -Offer WindowsServer -Skus $sku -Version $ver | Add-AzVMNetworkInterface -Id $nicVM2.Id
## Create the virtual machine ##
New-AzVM -ResourceGroupName $rg -Zone $zn -Location $loc -VM $vmConfig
Note
Standard SKU load balancer is recommended for production workloads. For more information about skus, see Azure Load Balancer SKUs.
Before you deploy VMs and test your load balancer, create the supporting virtual network resources.
Create a virtual network with New-AzVirtualNetwork:
- Named myVNet.
- In resource group myResourceGroupLB.
- Subnet named myBackendSubnet.
- Virtual network 10.0.0.0/16.
- Subnet 10.0.0.0/24.
- Subnet named AzureBastionSubnet.
- Subnet 10.0.1.0/24.
## Variables for the command ##
$rg = 'myResourceGroupLB'
$loc = 'eastus'
$sub = 'myBackendSubnet'
$spfx = '10.0.0.0/24'
$vnm = 'myVNet'
$vpfx = '10.0.0.0/16'
$bsub = 'AzureBastionSubnet'
$bpfx = '10.0.1.0/24'
## Create backend subnet config ##
$subnetConfig =
New-AzVirtualNetworkSubnetConfig -Name $sub -AddressPrefix $spfx
## Create Azure Bastion subnet
$bassubConfig =
New-AzVirtualNetworkSubnetConfig -Name $bsub -AddressPrefix $bpfx
## Create the virtual network ##
$vnet =
New-AzVirtualNetwork -ResourceGroupName $rg -Location $loc -Name $vnm -AddressPrefix $vpfx -Subnet $subnetConfig,$bassubConfig
Use New-AzPublicIpAddress to create a public ip address for the bastion host:
- Named myPublicIPBastion
- In resource group myResourceGroupLB.
- In the eastus location.
- Allocation method static.
- Standard sku.
## Variables for the command ##
$rg = 'myResourceGroupLB'
$loc = 'eastus'
$ipn = 'myPublicIPBastion'
$all = 'static'
$sku = 'standard'
$publicip =
New-AzPublicIpAddress -ResourceGroupName $rg -Location $loc -Name $ipn -AllocationMethod $all -Sku $sku
Use New-AzBastion to create a bastion host:
- Named myBastion.
- In resource group myResourceGroupLB.
- In virtual network myVNet.
- Associated with public ip address myPublicIPBastion.
## Variables for the commands ##
$rg = 'myResourceGroupLB'
$nmn = 'myBastion'
## Command to create bastion host. $vnet and $publicip are from the previous steps ##
New-AzBastion -ResourceGroupName $rg -Name $nmn -PublicIpAddress $publicip -VirtualNetwork $vnet
It can take a few minutes for the Azure Bastion host to deploy.
Create network security group to define inbound connections to your virtual network.
Create a network security group rule with New-AzNetworkSecurityRuleConfig:
- Named myNSGRuleHTTP.
- Description of Allow HTTP.
- Access of Allow.
- Protocol (*).
- Direction Inbound.
- Priority 2000.
- Source of the Internet.
- Source port range of (*).
- Destination address prefix of (*).
- Destination Port 80.
## Variables for command ##
$rnm = 'myNSGRuleHTTP'
$des = 'Allow HTTP'
$acc = 'Allow'
$pro = '*'
$dir = 'Inbound'
$pri = '2000'
$spfx = 'Internet'
$spr = '*'
$dpfx = '*'
$dpr = '80'
$rule1 =
New-AzNetworkSecurityRuleConfig -Name $rnm -Description $des -Access $acc -Protocol $pro -Direction $dir -Priority $pri -SourceAddressPrefix $spfx -SourcePortRange $spr -DestinationAddressPrefix $dpfx -DestinationPortRange $dpr
Create a network security group with New-AzNetworkSecurityGroup:
- Named myNSG.
- In resource group myResourceGroupLB.
- In location eastus.
- With security rules created in previous steps stored in a variable.
## Variables for command ##
$rg = 'myResourceGroupLB'
$loc = 'eastus'
$nmn = 'myNSG'
## $rule1 and $rule2 are variables with configuration information from the previous steps. ##
$nsg =
New-AzNetworkSecurityGroup -ResourceGroupName $rg -Location $loc -Name $nmn -SecurityRules $rule1
This section details how you can create and configure the following components of the load balancer:
- A frontend IP pool that receives the incoming network traffic on the load balancer.
- A backend IP pool where the frontend pool sends the load balanced network traffic.
- A health probe that determines health of the backend VM instances.
- A load balancer rule that defines how traffic is distributed to the VMs.
Create a front-end IP with New-AzLoadBalancerFrontendIpConfig:
- Named myFrontEnd.
- Private ip address of 10.0.0.4.
## Variables for the commands ##
$fe = 'myFrontEnd'
$rg = 'MyResourceGroupLB'
$ip = '10.0.0.4'
## Command to create frontend configuration. The variable $vnet is from the previous commands. ##
$feip =
New-AzLoadBalancerFrontendIpConfig -Name $fe -PrivateIpAddress $ip -SubnetId $vnet.subnets[0].Id
Create a back-end address pool with New-AzLoadBalancerBackendAddressPoolConfig:
- Named myBackEndPool.
- The VMs attach to this back-end pool in the remaining steps.
## Variable for the command ##
$be = 'myBackEndPool'
$bepool =
New-AzLoadBalancerBackendAddressPoolConfig -Name $be
A health probe checks all virtual machine instances to ensure they can send network traffic.
A virtual machine with a failed probe check is removed from the load balancer. The virtual machine is added back into the load balancer when the failure is resolved.
Create a health probe with Add-AzLoadBalancerProbeConfig:
- Monitors the health of the virtual machines.
- Named myHealthProbe.
- Protocol TCP.
- Monitoring Port 80.
## Variables for the command ##
$hp = 'myHealthProbe'
$pro = 'http'
$port = '80'
$int = '360'
$cnt = '5'
$probe =
New-AzLoadBalancerProbeConfig -Name $hp -Protocol $pro -Port $port -RequestPath / -IntervalInSeconds $int -ProbeCount $cnt
A load balancer rule defines:
- Frontend IP configuration for the incoming traffic.
- The backend IP pool to receive the traffic.
- The required source and destination port.
Create a load balancer rule with Add-AzLoadBalancerRuleConfig:
- Named myHTTPRule
- Listening on Port 80 in the frontend pool myFrontEnd.
- Sending load-balanced network traffic to the backend address pool myBackEndPool using Port 80.
- Using health probe myHealthProbe.
- Protocol TCP.
## Variables for the command ##
$lbr = 'myHTTPRule'
$pro = 'tcp'
$port = '80'
## $feip and $bePool are the variables from previous steps. ##
$rule =
New-AzLoadBalancerRuleConfig -Name $lbr -Protocol $pro -Probe $probe -FrontendPort $port -BackendPort $port -FrontendIpConfiguration $feip -BackendAddressPool $bePool
Create a public load Balancer with New-AzLoadBalancer:
- Named myLoadBalancer
- In eastus.
- In resource group myResourceGroupLB.
## Variables for the command ##
$lbn = 'myLoadBalancer'
$rg = 'myResourceGroupLB'
$loc = 'eastus'
$sku = 'Basic'
## $feip, $bepool, $probe, $rule are variables with configuration information from previous steps. ##
$lb =
New-AzLoadBalancer -ResourceGroupName $rg -Name $lbn -SKU $sku -Location $loc -FrontendIpConfiguration $feip -BackendAddressPool $bepool -Probe $probe -LoadBalancingRule $rule
Create three network interfaces with New-AzNetworkInterface:
- Named myNicVM1.
- In resource group myResourceGroupLB.
- In location eastus.
- In virtual network myVNet.
- In subnet myBackendSubnet.
- In network security group myNSG.
- Attached to load balancer myLoadBalancer in myBackEndPool.
## Variables for command ##
$rg = 'myResourceGroupLB'
$loc = 'eastus'
$nic1 = 'myNicVM1'
$vnt = 'myVNet'
$lb = 'myLoadBalancer'
$ngn = 'myNSG'
## Command to get virtual network configuration. ##
$vnet =
Get-AzVirtualNetwork -Name $vnt -ResourceGroupName $rg
## Command to get load balancer configuration
$bepool =
Get-AzLoadBalancer -Name $lb -ResourceGroupName $rg | Get-AzLoadBalancerBackendAddressPoolConfig
## Command to get network security group configuration ##
$nsg =
Get-AzNetworkSecurityGroup -Name $ngn -ResourceGroupName $rg
## Command to create network interface for VM1 ##
$nicVM1 =
New-AzNetworkInterface -ResourceGroupName $rg -Location $loc -Name $nic1 -LoadBalancerBackendAddressPool $bepool -NetworkSecurityGroup $nsg -Subnet $vnet.Subnets[0]
- Named myNicVM2.
- In resource group myResourceGroupLB.
- In location eastus.
- In virtual network myVNet.
- In subnet myBackendSubnet.
- In network security group myNSG.
- Attached to load balancer myLoadBalancer in myBackEndPool.
## Variables for command ##
$rg = 'myResourceGroupLB'
$loc = 'eastus'
$nic2 = 'myNicVM2'
$vnt = 'myVNet'
$lb = 'myLoadBalancer'
$ngn = 'myNSG'
## Command to get virtual network configuration. ##
$vnet =
Get-AzVirtualNetwork -Name $vnt -ResourceGroupName $rg
## Command to get load balancer configuration
$bepool =
Get-AzLoadBalancer -Name $lb -ResourceGroupName $rg | Get-AzLoadBalancerBackendAddressPoolConfig
## Command to get network security group configuration ##
$nsg =
Get-AzNetworkSecurityGroup -Name $ngn -ResourceGroupName $rg
## Command to create network interface for VM2 ##
$nicVM2 =
New-AzNetworkInterface -ResourceGroupName $rg -Location $loc -Name $nic2 -LoadBalancerBackendAddressPool $bepool -NetworkSecurityGroup $nsg -Subnet $vnet.Subnets[0]
Use New-AzAvailabilitySet to create an availability set for the virtual machines:
- Named myAvSet.
- In resource group myResourceGroupLB.
- In the eastus location.
## Variables used for the command. ##
$rg = 'myResourceGroupLB'
$avs = 'myAvSet'
$loc = 'eastus'
New-AzAvailabilitySet -ResourceGroupName $rg -Name $avs -Location $loc
Set an administrator username and password for the VMs with Get-Credential:
$cred = Get-Credential
Create the virtual machines with:
- Named myVM1.
- In resource group myResourceGroupLB.
- Attached to network interface myNicVM1.
- Attached to load balancer myLoadBalancer.
- In the eastus location.
- In the myAvSet availability set.
## Variables used for command. ##
$rg = 'myResourceGroupLB'
$vm = 'myVM1'
$siz = 'Standard_DS1_v2'
$pub = 'MicrosoftWindowsServer'
$off = 'WindowsServer'
$sku = '2019-Datacenter'
$ver = 'latest'
$loc = 'eastus'
$avs = 'myAvSet'
## Create a virtual machine configuration. $cred and $nicVM1 are variables with configuration from the previous steps. ##
$vmConfig =
New-AzVMConfig -VMName $vm -VMSize $siz | Set-AzVMOperatingSystem -Windows -ComputerName $vm -Credential $cred | Set-AzVMSourceImage -PublisherName $pub -Offer WindowsServer -Skus $sku -Version $ver | Add-AzVMNetworkInterface -Id $nicVM1.Id
## Create the virtual machine ##
New-AzVM -ResourceGroupName $rg -Location $loc -VM $vmConfig -AvailabilitySetName $avs
- Named myVM2.
- In resource group myResourceGroupLB.
- Attached to network interface myNicVM2.
- Attached to load balancer myLoadBalancer.
- In the eastus location.
- In the myAvSet availability set.
## Variables used for command. ##
$rg = 'myResourceGroupLB'
$vm = 'myVM2'
$siz = 'Standard_DS1_v2'
$pub = 'MicrosoftWindowsServer'
$off = 'WindowsServer'
$sku = '2019-Datacenter'
$ver = 'latest'
$loc = 'eastus'
$avs = 'myAvSet'
## Create a virtual machine configuration. $cred and $nicVM2 are variables with configuration from the previous steps. ##
$vmConfig =
New-AzVMConfig -VMName $vm -VMSize $siz | Set-AzVMOperatingSystem -Windows -ComputerName $vm -Credential $cred | Set-AzVMSourceImage -PublisherName $pub -Offer WindowsServer -Skus $sku -Version $ver | Add-AzVMNetworkInterface -Id $nicVM2.Id
## Create the virtual machine ##
New-AzVM -ResourceGroupName $rg -Location $loc -VM $vmConfig -AvailabilitySetName $avs
It takes a few minutes to create and configure the three VMs.
Use Set-AzVMExtension to install the Custom Script Extension.
The extension runs PowerShell Add-WindowsFeature Web-Server to install the IIS webserver and then updates the Default.htm page to show the hostname of the VM:
## Variables for command. ##
$rg = 'myResourceGroupLB'
$enm = 'IIS'
$vmn = 'myVM1'
$loc = 'eastus'
$pub = 'Microsoft.Compute'
$ext = 'CustomScriptExtension'
$typ = '1.8'
Set-AzVMExtension -ResourceGroupName $rg -ExtensionName $enm -VMName $vmn -Location $loc -Publisher $pub -ExtensionType $ext -TypeHandlerVersion $typ -SettingString '{"commandToExecute":"powershell Add-WindowsFeature Web-Server; powershell Add-Content -Path \"C:\\inetpub\\wwwroot\\Default.htm\" -Value $($env:computername)"}'
## Variables for command. ##
$rg = 'myResourceGroupLB'
$enm = 'IIS'
$vmn = 'myVM2'
$loc = 'eastus'
$pub = 'Microsoft.Compute'
$ext = 'CustomScriptExtension'
$typ = '1.8'
Set-AzVMExtension -ResourceGroupName $rg -ExtensionName $enm -VMName $vmn -Location $loc -Publisher $pub -ExtensionType $ext -TypeHandlerVersion $typ -SettingString '{"commandToExecute":"powershell Add-WindowsFeature Web-Server; powershell Add-Content -Path \"C:\\inetpub\\wwwroot\\Default.htm\" -Value $($env:computername)"}'
Create a network interface with New-AzNetworkInterface:
- Named myNicTestVM.
- In resource group myResourceGroupLB.
- In location eastus.
- In virtual network myVNet.
- In subnet myBackendSubnet.
- In network security group myNSG.
## Variables for command ##
$rg = 'myResourceGroupLB'
$loc = 'eastus'
$nic1 = 'myNicTestVM'
$vnt = 'myVNet'
$ngn = 'myNSG'
## Command to get virtual network configuration. ##
$vnet =
Get-AzVirtualNetwork -Name $vnt -ResourceGroupName $rg
## Command to get network security group configuration ##
$nsg =
Get-AzNetworkSecurityGroup -Name $ngn -ResourceGroupName $rg
## Command to create network interface for myTestVM ##
$nicTestVM =
New-AzNetworkInterface -ResourceGroupName $rg -Location $loc -Name $nic1 -NetworkSecurityGroup $nsg -Subnet $vnet.Subnets[0]
Set an administrator username and password for the VM with Get-Credential:
$cred = Get-Credential
Create the virtual machine with:
- Named myTestVM.
- In resource group myResourceGroupLB.
- Attached to network interface myNicTestVM.
- In the eastus location.
## Variables used for command. ##
$rg = 'myResourceGroupLB'
$vm = 'myTestVM'
$siz = 'Standard_DS1_v2'
$pub = 'MicrosoftWindowsServer'
$off = 'WindowsServer'
$sku = '2019-Datacenter'
$ver = 'latest'
$loc = 'eastus'
## Create a virtual machine configuration. $cred and $nicTestVM are variables with configuration from the previous steps. ##
$vmConfig =
New-AzVMConfig -VMName $vm -VMSize $siz | Set-AzVMOperatingSystem -Windows -ComputerName $vm -Credential $cred | Set-AzVMSourceImage -PublisherName $pub -Offer WindowsServer -Skus $sku -Version $ver | Add-AzVMNetworkInterface -Id $nicTestVM.Id
## Create the virtual machine ##
New-AzVM -ResourceGroupName $rg -Location $loc -VM $vmConfig
-
Sign in to the Azure portal.
-
Find the private IP address for the load balancer on the Overview screen. Select All services in the left-hand menu, select All resources, and then select myLoadBalancer.
-
Make note or copy the address next to Private IP Address in the Overview of myLoadBalancer.
-
Select All services in the left-hand menu, select All resources, and then from the resources list, select myTestVM that is located in the myResourceGroupLB resource group.
-
On the Overview page, select Connect, then Bastion.
-
Enter the username and password entered during VM creation.
-
Open Internet Explorer on myTestVM.
-
Enter the IP address from the previous step into the address bar of the browser. The default page of IIS Web server is displayed on the browser.
:::image type="content" source="./media/quickstart-load-balancer-standard-internal-portal/load-balancer-test.png" alt-text="Create a standard internal load balancer" border="true":::
To see the load balancer distribute traffic across all three VMs, you can customize the default page of each VM's IIS Web server and then force-refresh your web browser from the client machine.
When no longer needed, you can use the Remove-AzResourceGroup command to remove the resource group, load balancer, and the remaining resources.
## Variable for command. ##
$rg = 'myResourceGroupLB'
Remove-AzResourceGroup -Name $rg
In this quickstart
- You created a standard or basic internal load balancer
- Attached virtual machines.
- Configured the load balancer traffic rule and health probe.
- Tested the load balancer.
To learn more about Azure Load Balancer, continue to What is Azure Load Balancer? and Load Balancer frequently asked questions.
- Learn more about Load Balancer and Availability zones.