If multiple Access Gateway and Identity Server virtual machines have been created and configured for clustering, you can configure an Azure load balancer for each cluster to balance the load of incoming requests across the clustered machines. A separate load balancer is used for an Identity Server cluster and an Access Gateway cluster.
The following procedures provide the differences in configuration details for Identity Server and Access Gateway load balancer wherever required. Repeat the steps and create separate load balancers for Identity Server and Access Gateway clusters.
Important points to consider before configuring an Azure load balancer for Access Manager:
All nodes of a cluster must be deployed in the same availability set. For example, all Identity Server nodes in a cluster are deployed in the same availability set, and all Access Gateway nodes in a cluster are deployed in a different availability set.
Separate load balancers are required for Identity Server and Access Gateway.
The Configuring a Load Balancer section includes examples assuming that the default ports are used (8080/8443 for Identity Server and 80/443 for Access Gateway). You can use iptables to configure the listeners on Identity Server to use other ports. See Translating Identity Server Configuration Port.
Azure load balancer supports HTTP and TCP health check probe. It does not support the HTTPS probe.
As such, using the Access Gateway heartbeat URL requires additional steps that are covered in the section To Create a Reverse Proxy for Health Probe.
NOTE:For scaling recommendations, see Recommendations for Scaling Access Manager Components in Public Cloud.