Views:
This option describes how to deploy a scale set of virtual appliances with Gateway Load Balancer. Deploying with Gateway Load Balancer provides a simpler process that requires very few changes to your existing network environment. Gateway Load Balancer also adds additional layers of availability which translates to minimal disruption if a virtual appliance experiences an outage.
The image below shows an example of the traffic flow for this deployment using Gateway Load Balancer.
Azure_ScaleSet_GWLB=2e00ab2f-3417-4a83-9f8c-58f17ba5d011.png
Scale set traffic flow
Important
Important
Internet connectivity notice
During the Deploy the Network Security virtual appliance step, the Network Security virtual appliance is configured behind a standard internal load balancer. The placement of this load balancer blocks the outbound internet connectivity by default unless internet connectivity has been explicitly declared. For this deployment, we recommend that you add a NAT gateway to the management subnet to allow outbound connectivity. This option is configured before the Network Security virtual appliance is deployed.

Set up network environment Parent topic

To set up your environment you will complete these tasks:

Procedure

  1. Deploy the Network Security virtual appliance scale set
  2. Connect the Gateway Load Balancer to the public load balancer

What to do next

Before you begin Parent topic

Set up Azure Monitor before you begin this deployment. Write down the Log Monitor Workspace ID and Log Monitor Primary Key.
Generate a Trend Micro Cloud One appliance deployment token and review Azure's naming conventions.

Deploy the virtual network and the Network Security virtual appliance Parent topic

The Network Security virtual appliance is available from the Azure Marketplace as a public offer. To deploy the Network Security virtual appliance, navigate to Azure Portal → Marketplace → Trend Micro Cloud One™ – Network Security.
Manually add virtual appliances if the Azure Marketplace deployment does not properly register the virtual appliance(s) to Network Security.
Gather the following information before you begin the deployment:

Procedure

  1. Log into Azure and select Create a resource (this will direct you to the Marketplace).
  2. Search for Trend Micro Network Security.
  3. Next to Select a plan, choose Scale Set VM with Gateway Load Balancer in the dropdown menu.
  4. Click Create.
  5. Enter the following information in the Basics tab:
  6. Select the following information in the Networking tab:
    1. Select New Inspection VNet
    2. Select the subnets for the new Inspection VNet
    3. For NAT Gateway, choose Create new to automatically create a new NAT gateway when you deploy the virtual appliance, choose Select existing if you already manually created a NAT gateway, or choose Ignore if your Management subnet already has internet connectivity.
  7. Enter or select the following information in the Advanced tab:
    • (Suggested) Keep the Boot diagnostics setting enabled
    • Select your boot diagnostic account, or create a new one
  8. Click Review + CreateDeploy.

Connect the Gateway Load Balancer to the public load balancer Parent topic

Use the following steps to connect your existing public load balancer to the Gateway Load Balancer that was created when you deployed the Network Security virtual appliance from the Marketplace.
Note
Note
Your public load balancer must have a Standard SKU to connect to the GWLB. Learn more.

Procedure

  1. From the Azure portal, navigate to the Load balancers resource page.
  2. Select the public load balancer that you want to connect to your Gateway Load Balancer.
  3. Under Settings in the left navigation, click Fronted IP configuration.
  4. Select the Frontend load balancer, then select your Gateway Load Balancer from the dropdown menu.
  5. Click Save after making your configuration changes.