This post took a bit longer than expected, but it were some busy days. First of all I want to give a quick update to the creation of the demo environment.
Update
I added HTTPS/SSL-support for the Webclient/Application Gateway setup – at least some initial support. I’m still not sure how to set this up both for the public and private listener of the Gateway. I also reworked the whole New-ApplicationGateway-CmdLet.
To handle the certificates I added a new block in Parameters.ps1. If you leave “Path” empty it will generate a new self-signed PFX-certificate and upload it to the KeyVault during creation:
$certificates = (
@{
Type = "ApplicationGateway"
DnsName = "scaleset.bctest.local"
Path = "" # Empty Path = generates new self-signed certificate
Password = $domainAdminPass
},
@{
Type = "ServiceInstance"
DnsName = ""
Path = "" # Empty Path = generates new self-signed certificate (will use the same as before, to only generate 1 Certificate in total)
Password = $domainAdminPass
},
@{
Type = "Webclient"
DnsName = ""
Path = "" # Empty Path = generates new self-signed certificate (will use the same as before, to only generate 1 Certificate in total)
Password = $domainAdminPass
}
)When handling certificates, it’ll also create a “ManagedIdentity” for the ApplicationGateway, which is used to provide the certificate-access to the KeyVault for the AppGW.
Final Thoughts
Well, of course there are a couple of things these modules don’t handle at the moment (it’s basically a v. 0.0.1.0). Some things that came to my mind and should be considered are at the very least the following:
- Use a Network Security Group (NSG) for the Virtual Network (or even different ones for your different Subnets)
- In a real production environment you might have to consider already existing Virtual Networks/Subnets more
- Just keep in mind that I’m no Network-expert or even an Azure-expert; there’s also a good chance that I’ll revise many parts of the current modules and templates
- Currently the created Scale Sets are not configured for auto-scaling. You either need to increase the instance count manually or add the rules yourself (but that is easy to do); I might add basic rule setup later
- The duration of the creation of the resource could still be increased (e.g. only update the network configuration of the Application-Scale Set once, instead of two times). Since each test-run takes quite a while I’ll work on it whenever there’s time
- I’m not completely sure, if it’s possible to create the Load Balancers (in this context) via ARM templates as well. Applying the Network Configuration to the Scale Set was pretty tricky (at least for me); but I’ll check if it’s possible (because I prefer ARM templates instead of doing it via Code)
If I can think of anything else, I’ll extend this list. Also I might remove/strike-through items, if I worked on it again. If you have additional remarks, please leave me a comment, write me on Twitter or open an issue on Github.
I hope you liked this little series and maybe learned something new. Since I’m gonna need these templates in upcoming projects myself (at least I think so right now), there is a good chance that there will be more updates to it, whenever I notice shortcomings in the current version. I’ll also add more detailed documentation to the CmdLets and the READMEs on GitHub. But right now I’m just glad that I came this far in the little spare time 😉
Hi,
We have a similar setup with an application gateway, with two application servers running IIS / Providing the Business Central server instance.
We have an issue in which when changing companies, we get a “something went wrong message” I think its something to do with cookies / the user sessions managed by the app gateway and the application servers.
Here is my forum post going over the issue, any help would be appreciated.
https://community.dynamics.com/forums/thread/details/?threadid=d45f5479-0518-ee11-8f6d-00224827e389