Creating an Application Gateway

(Optional) This topic describes how to create an Application Gateway in Azure for managing and optimizing traffic routing to your applications.

Related topic

Deploying-BMC-AMI-Services-on-Azure-Cloud

  1. Log in to theAzure portal.

  2. From the tree in the left pane of the Azure portal, select Create a resource.
  3. On the Create a resource page, select Networking from the left pane, and then select Application Gateway under Popular Azure services.
    worddav6851f67ecbcbc23212b8e48f464c5162.png
  4. Select the Basics tab and follow these steps:

    1. Perform the following actions for the application gateway settings:

      Field

      Action

      Subscription

      Select your subscription.

      Resource group

      Select the following resource group name: amiai-resouce-group.

      Application gateway name

      Enter amiai-app-gateway.

      Region

      Select East US.

      Tier

      Select WAF V2.

      HTTP2

      Select Disabled.

      WAF Policy

      1. Click Create new and perform the following actions in the Create Web Application Firewall Policy window:
        The Create Web Application Firewall Policy window opens.
      1. In the Name field, enter the following name for the new policy: amiai-ag-waf-policy.
      2. Select the Add Bot Protection check box.
      3. Click OK.

      A basic WAF policy with a managed Core Rule Set (CRS) is created.

      Virtual network

      1. Click Create new.

      2. In the Create virtual network window, perform the following actions: 

        Field

        Action

        Name

        Select amiai-virtual-network.

        Subnet name (Application Gateway subnet)

        1. Click Manage subnet configuration
        2. On the Subnets page, click +Subnet.
        3. In the Add a subnet dialog box, follow these steps:
          1. In the Name field, enter amiai-app-gateway-subnet.
          2. Enter IPv4 address range that does not overlap with that of default.
          3. Accept the defaults and click OK.
        4. Return to Create application gateway page, and select amiai-app-gateway-subnet.
      3. Click OK to save the virtual network settings.
    2. Click Next: Frontends.
  5. On the Frontends tab, follow these steps:

    1. Perform the following actions:

      Field

      Action

      Frontend IP address type

      Verify that Public is selected.

      Public IPv4 address

      1. Click Add new.
      2. In Name field in the Add a public IP dialog box, enter amiai-public-ip.
      3. Click OK. 
    2. Click Next: Backends.
  6. On the Backends tab, follow these steps to create an empty backend pool:
    1. Click Add a backend pool.

    2. In the Add a backend pool section, perform the following actions:

      Field

      Action

      Name

      Enter amiai-backend-target.

      Add backend pool without targets

      Select Yes.

    3. Click Add.
    4. Click Next: Configuration.
  7. On the Configuration tab, follow these steps to create a routing rule to connect the frontend and backend pool that you created:
    1. In the Routing rules area, click Add a routing rule.
      image-2024-10-7_16-27-3-1.png

    2. In the Add a routing rule window, perform the following actions:

      Field

      Action

      Rule name

      Enter amiai-routing.

      Priority

      Enter 1.

    3. On the Listener tab in the Add a routing rule window, perform the following actions:

      Field

      Action

      Listener name

      Enter amiai-listener.

      Frontend IP

      Select Public IPv4 to choose the public IP that you created for the frontend.

      Protocol

      Select HTTPS.

      Port

      Enter 443.

      Https Settings

      Choose a certificate

      Select Upload a certificate.

      Cert name

      Enter your certificate name.

      PFX certificate file

      Select the PFX certificate file.

      Password

      Enter your password for the PFX file.

      For the other fields on the Listener tab, leave the default values.
      image-2024-10-7_16-30-12-1.png

    4. On the Backend targets tab in the Add a routing rule window, perform the following actions:

      Field

      Action

      Backend target

      Select amiai-backend-target from the menu.

      Backend settings

      1. Click Add new to create a new backend setting, which determines the behavior of the routing rule.

      2. In the Add Backend setting window, perform the following actions:

        Field

        Action

        Backend settings name 

        Enter amiai-backend-settings

        Backend port 

        Enter 8000

        For the other fields in this dialog box, leave the default values. You will create custom probes later.

      3. In the Add Backend setting window, click Add.

      image-2024-10-7_16-30-58-1.png

    5. In the Add a routing rule window, click Add to save the routing rule and return to the Configuration tab.
      image-2024-10-7_16-31-26-1.png
  8. Click Next: Tags and then, on the next tab, click Next: Review + create.
  9. Review the settings on the Review + create tab, and then click Create to create the virtual network, the public IP address, and the application gateway.
  10. Wait until the deployment finishes successfully before proceeding to the next step.
  11. Click amiai-app-gateway.
  12. Note down the Frontend Public IP address. You will use it to access the BMC AMI AI Application over the web.
    image-2024-10-7_16-32-29-1.png
  13. In the left pane, click SSL settings
  14. Click +SSL Profiles to add a new SSL policy. 
  15. Enter a name for your SSL profile, such as AMIAI-SSL-Policy
  16. On the Client Authentication tab, click Upload a new certificate and upload your certificate. 
  17. On the SSL Policy tab:
    1. Select the Enable listener-specific SSL Policy checkbox. 
    2. Select the Predefined radio button. 
    3. From the Policy name menu, select the recommended policy. 
  18. Click Add

To create a DNS zone

A DNS zone contains the DNS entries for a domain. To start hosting your domain in Azure DNS, you create a DNS zone for that domain name.

  1. From the Home page, select Create a resource, enter DNS zone into Search services and marketplace, and then select DNS zone.
  2. In the DNS zone window, select Create.
    worddav2e29171ebdefa567c291386072ad3075.png
  3. From the menu, select the Subscription and Resource group.
  4. In the Name field, enter the domain name. For example, amiaiazure.com.
  5. Review the settings on the Review + create tab, and then click Create.
  6. Wait for the deployment to finish.

To create a DNS record

DNS records are created for your domain inside the DNS zone. A new address record, known as an A record, is created to resolve a host name to an IPv4 address.

  1. Using the search bar at the top of the window, search for your resource group and select it.
    image-2024-10-7_16-36-6-1.png

  2. On the Resources tab, click the DNS zone name that you just created.

    To find it more easily, enter DNS zone in the Filter for any field field. In this example, it is amiaiazure.com.

  3. At the top of the amiaiazure.com DNS zone page, click Record sets.
    image-2024-10-7_16-36-33-1.png
  4. On the next page, click +Add.

  5. In the Add record set window, enter or select the following values:

    Field

    Action

    Name

    Enter www.

    Type

    Select A.

    Important

    A record set is the most common, but there are other record types for mail servers (MX), IP v6 addresses (AAAA), and so on.

    TTL

    Enter 1.

    TTL unit

    Select Hours.

    IP address

    Enter the Public IP address of the application gateway created.

  6. At the bottom of the dialog box, click Add.

To create Health probes

  1. From the search bar at the top, in the Resource groups window, follow these steps:
    1. Select your resource group.
      image-2024-10-7_16-38-16-1.png
    2. Click the gateway service you created. In this example, it is amiai-app-gateway.
  2. In the left pane in the amiai-app-gateway window, expand Settings, click Health probes, and then click +Add.
    image-2024-10-7_16-39-5-1.png

  3. In the Add health probe window, perform the following actions, and then click Add:

    Field

    Action

    Name

    Enter health-probe-vm.

    Protocol

    Select HTTP.

    Host

    Enter Private IP of the virtual machine.

    Port (Select No for Pick port from backend settings)

    Enter 8000.

    Path

    Enter /admin/

    Backend settings

    Select amiai-backend-settings.

    I want to test the backend health before adding the health probe

    Clear this check box.

  4. In the left pane in the amiai-app-gateway window, expand Settings, and select Backend settings > amiai-backend-settings.
  5. In the Host name section in the Add Backend setting window, follow these steps:
    1. For the Use custom probe option, select Yes.
    2. From the Custom probe menu, select health-probe-vm.
    3. Click Save.
      image-2024-10-7_16-40-6-1.png
  6. In the left pane in the amiai-app-gateway window, expand Settings, and select Backend pools > amiai-backend-target.
  7. In the Edit backend pool window, follow these steps:
    1. For the Add backend pool without targets toggle option, select No.
    2. For Target type, select Virtual machine, and in the Target field, select the VM.
      image-2024-10-7_16-41-7-1.png
    3. Click Save.
  8. On the toolbar in the amiai-app-gateway window, select Backend health.
    The Backend health window now indicates that the health status is unhealthy.
  9. The health status becomes healthy only after you have successfully run all the steps in this runbook and deployed the BMC AMI AI Services.
    image-2024-10-7_16-41-54-1.png
    image-2024-10-7_16-42-16-1.png


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*