Fortinet black logo

Handbook

Home FortiGSLB Handbook

Fabric connectors with AWS and Azure

Fabric connectors with AWS and Azure

The AWS and Azure connectors for FortiGSLB provide seamless integration with AWS EC2, and Azure virtual machine and load balancer environments; enabling comprehensive load balancing and visibility for your cloud-based servers. This solution leverages the full configuration from AWS and Azure, ensuring optimal distribution of traffic and enhanced performance for your applications.

This section covers the following:

Key Features of AWS and Azure connectors

  1. Automated Discovery and Configuration: Automatically integrate AWS EC2 instances and Azure VMs into FortiGSLB, simplifying configuration management.

  2. Intelligent Load Balancing: Distribute traffic across cloud instances based on health and performance metrics for optimal routing.

  3. Enhanced Visibility and Monitoring: Gain insights into server performance and traffic patterns through detailed analytics and reporting.

  4. Scalability and Flexibility: Easily scale application infrastructure and manage resources across AWS and Azure from a single interface.

Example Use Case

Scenario

A multinational e-commerce enterprise requires continuous availability and optimal performance for its web applications across multiple regions. The enterprise uses AWS EC2 instances in North America and Azure virtual machines in Europe to host its application servers.

Solution

  1. Integration

    • FortiGSLB connects to the enterprise's AWS and Azure environments, automatically discovering all EC2 instances and VMs.

    • The configuration details, including instance types, IP addresses, and region information, are imported into FortiGSLB.

  2. Load Balancing

    • FortiGSLB distributes incoming traffic based on server health and load, ensuring that no single server is overwhelmed.

    • Real-time health checks are performed to dynamically adjust traffic flow, directing users to the best-performing servers.

  3. Visibility

    • Detailed dashboards provide insights into server performance, traffic distribution, and user access patterns.

    • Alerts and notifications are set up for any performance issues or downtime, enabling proactive management.

  4. Scalability

    • Automatically integrate additional instances during peak times, optimizing costs during off-peak times.

Benefits of AWS and Azure connectors

  • Improved Performance: Ensures users are directed to the best-performing servers, reducing latency and enhancing user experience.

  • High Availability: Maintains application uptime by distributing traffic across multiple cloud instances and regions.

  • Comprehensive Monitoring: Provides deep visibility into server health and performance for informed decision-making.

How to configure a fabric connector with AWS

If you already have an AWS user with the necessary permissions and an Access key and Secret access key, you can skip to the last step.

  1. Log into your AWS account, then go to IAM > Users and create a new user.

    Assign the AmazonEC2FullAccess and AmazonEKSClusterPolicy permissions to the user.

  2. Generate Access Keys:

    1. Select the newly created user and generate a new pair of Access key and Secret access key where needed.

    2. For User Case, choose Third-party service.

  3. Log into FortiGSLB Cloud, go to Fabric Connectors and click Create Connector.

    Enter the following fields on this page:

    Field

    Description

    Name

    The name of the connector.

    Note: After you initially save the configuration, you can still edit the name later.

    Type

    Select the type of connector you are creating. In this case, choose AWS. For more details on the different options, refer to Fabric connectors.

    AWS Access Key

    Paste the Access Key from AWS.

    AWS Access Secret

    Paste the Secret Access Key from AWS.

    Region

    Eligible resources in the selected region will be synced to FortiGSLB. For guidance on factors to consider when choosing a region, refer to the AWS documentation.

    Click Save. The following should now be synchronized to FortiGSLB Cloud:

    • EC2 instances that are running, regardless of whether their IP addresses are dynamically assigned.

    • EC2 instances that are shut down but have an elastic IP assigned.

    Please note that AWS Load Balancers are not included as virtual servers as CNAMEs are not currently supported.

    Keep in mind the following for IPv6 Addresses:

    • EC2 instances or VMs with only IPv6 addresses will be synced, whether they are running or shut down.

    • EC2 instances or VMs with multiple IPv6 addresses will have each address treated as a separate virtual server in FortiGSLB.

How to configure a fabric connector with Azure

If you already have an Azure user with the necessary permissions and a Tenant ID, Client ID, Client Secret, and Subscription ID, you can skip to the last step.

  1. Create a New Application:

    1. Log into your Azure account and go to App Registration > New registration to create a new application.

    2. In the new application, create Client credentials.

    3. The tenant ID can be found on the application overview page.

  2. Assign Role to the Application:

    1. Go to Subscriptions > Access control (IAM) > Add role assignment.

    2. Search and select Virtual Machine Contributor > Next.

    3. Select members, then search and select the new application created in step 1.

    4. Review and assign. The subscription ID can be found on the Subscriptions overview page.

  3. Enter required information to FortiGSLB Cloud:

    Field Description
    Name

    The name of the connector.

    Note: After you initially save the configuration, you can still edit the name later.
    Type

    Select the type of connector you are creating. In this case, choose Azure. For more details on the different options, refer to Fabric connectors.
    Tenant ID Copy and paste the Tenant ID from Azure.
    Client ID

    Copy and paste the Client ID from Azure.
    Client Secret Copy and paste the Client Secret from Azure.
    Subscription ID Copy and paste the Subscription ID from Azure.

    Resource Group

    The resource group of your virtual server(s). For more information on resource groups and how to manage them, please refer to Azure documentation.

    Location

    Select the region of your virtual server(s) from the drop-down list. For more information on Azure regions, please refer to Azure documentation.

    1. Click Save. The following should be synchronized to FortiGSLB Cloud:

      • Virtual Machines that are running, regardless of whether their IP addresses are dynamically assigned.

      • Virtual Machines that are shut down but have a static IP assigned.

      • Load Balancers.

    Please note the following for Load Balancers:

    • A running VM added to a load balancer will be removed from the “Virtual Machines” list.

    • Load balancers will be synced even without any virtual machines.

    • If a VM is part of a Load Balancer, both its IPv4 and IPv6 addresses will not appear under “Virtual Machines.” If this VM is added to a pool, its virtual server status will be shown as down in “Virtual Machines.”

Virtual Server Status

When your AWS or Azure credentials have successfully connected to FortiGSLB, you will be able to see the EC2 instances, Virtual Machines, and Load Balancers from your AWS or Azure account.

To view your virtual servers, navigate to the edit connector page by going to Fabric Connectors and clicking on the edit icon corresponding to the connector you want to view.

The colored dots to the right of each virtual server indicate its status, as follows:

  • Green: The virtual server is “AVAILABLE.”

  • Red: The virtual server is “UNAVAILABLE,” which occurs when the EC2 or VM is down or when the key and credentials are deactivated.

  • Grey: The virtual server is "UNKNOWN".

    This occurs when an EC2 instance with both IPv4 and IPv6 addresses changes only one IPv4 address after rebooting. If the virtual server is part of a pool, it must be manually deleted and re-added.

    If an EC2 or VM has a single IPv4 address, it updates automatically after changes.

    A stopped VM with a detached static IPv4 address will show as grey.

    Updating credentials without access permission will also result in a grey status.

Running Instances with Dynamic IPs

Please note the following for running instances with Dynamic IPs:

  • If not added to a virtual server pool, the virtual server will be deleted if it is shut down.

  • If added to a virtual server pool, the virtual server will not be deleted if it is shut down.

Previous
Next

Fabric connectors with AWS and Azure

Fabric connectors with AWS and Azure

The AWS and Azure connectors for FortiGSLB provide seamless integration with AWS EC2, and Azure virtual machine and load balancer environments; enabling comprehensive load balancing and visibility for your cloud-based servers. This solution leverages the full configuration from AWS and Azure, ensuring optimal distribution of traffic and enhanced performance for your applications.

This section covers the following:

Key Features of AWS and Azure connectors

  1. Automated Discovery and Configuration: Automatically integrate AWS EC2 instances and Azure VMs into FortiGSLB, simplifying configuration management.

  2. Intelligent Load Balancing: Distribute traffic across cloud instances based on health and performance metrics for optimal routing.

  3. Enhanced Visibility and Monitoring: Gain insights into server performance and traffic patterns through detailed analytics and reporting.

  4. Scalability and Flexibility: Easily scale application infrastructure and manage resources across AWS and Azure from a single interface.

Example Use Case

Scenario

A multinational e-commerce enterprise requires continuous availability and optimal performance for its web applications across multiple regions. The enterprise uses AWS EC2 instances in North America and Azure virtual machines in Europe to host its application servers.

Solution

  1. Integration

    • FortiGSLB connects to the enterprise's AWS and Azure environments, automatically discovering all EC2 instances and VMs.

    • The configuration details, including instance types, IP addresses, and region information, are imported into FortiGSLB.

  2. Load Balancing

    • FortiGSLB distributes incoming traffic based on server health and load, ensuring that no single server is overwhelmed.

    • Real-time health checks are performed to dynamically adjust traffic flow, directing users to the best-performing servers.

  3. Visibility

    • Detailed dashboards provide insights into server performance, traffic distribution, and user access patterns.

    • Alerts and notifications are set up for any performance issues or downtime, enabling proactive management.

  4. Scalability

    • Automatically integrate additional instances during peak times, optimizing costs during off-peak times.

Benefits of AWS and Azure connectors

  • Improved Performance: Ensures users are directed to the best-performing servers, reducing latency and enhancing user experience.

  • High Availability: Maintains application uptime by distributing traffic across multiple cloud instances and regions.

  • Comprehensive Monitoring: Provides deep visibility into server health and performance for informed decision-making.

How to configure a fabric connector with AWS

If you already have an AWS user with the necessary permissions and an Access key and Secret access key, you can skip to the last step.

  1. Log into your AWS account, then go to IAM > Users and create a new user.

    Assign the AmazonEC2FullAccess and AmazonEKSClusterPolicy permissions to the user.

  2. Generate Access Keys:

    1. Select the newly created user and generate a new pair of Access key and Secret access key where needed.

    2. For User Case, choose Third-party service.

  3. Log into FortiGSLB Cloud, go to Fabric Connectors and click Create Connector.

    Enter the following fields on this page:

    Field

    Description

    Name

    The name of the connector.

    Note: After you initially save the configuration, you can still edit the name later.

    Type

    Select the type of connector you are creating. In this case, choose AWS. For more details on the different options, refer to Fabric connectors.

    AWS Access Key

    Paste the Access Key from AWS.

    AWS Access Secret

    Paste the Secret Access Key from AWS.

    Region

    Eligible resources in the selected region will be synced to FortiGSLB. For guidance on factors to consider when choosing a region, refer to the AWS documentation.

    Click Save. The following should now be synchronized to FortiGSLB Cloud:

    • EC2 instances that are running, regardless of whether their IP addresses are dynamically assigned.

    • EC2 instances that are shut down but have an elastic IP assigned.

    Please note that AWS Load Balancers are not included as virtual servers as CNAMEs are not currently supported.

    Keep in mind the following for IPv6 Addresses:

    • EC2 instances or VMs with only IPv6 addresses will be synced, whether they are running or shut down.

    • EC2 instances or VMs with multiple IPv6 addresses will have each address treated as a separate virtual server in FortiGSLB.

How to configure a fabric connector with Azure

If you already have an Azure user with the necessary permissions and a Tenant ID, Client ID, Client Secret, and Subscription ID, you can skip to the last step.

  1. Create a New Application:

    1. Log into your Azure account and go to App Registration > New registration to create a new application.

    2. In the new application, create Client credentials.

    3. The tenant ID can be found on the application overview page.

  2. Assign Role to the Application:

    1. Go to Subscriptions > Access control (IAM) > Add role assignment.

    2. Search and select Virtual Machine Contributor > Next.

    3. Select members, then search and select the new application created in step 1.

    4. Review and assign. The subscription ID can be found on the Subscriptions overview page.

  3. Enter required information to FortiGSLB Cloud:

    Field Description
    Name

    The name of the connector.

    Note: After you initially save the configuration, you can still edit the name later.
    Type

    Select the type of connector you are creating. In this case, choose Azure. For more details on the different options, refer to Fabric connectors.
    Tenant ID Copy and paste the Tenant ID from Azure.
    Client ID

    Copy and paste the Client ID from Azure.
    Client Secret Copy and paste the Client Secret from Azure.
    Subscription ID Copy and paste the Subscription ID from Azure.

    Resource Group

    The resource group of your virtual server(s). For more information on resource groups and how to manage them, please refer to Azure documentation.

    Location

    Select the region of your virtual server(s) from the drop-down list. For more information on Azure regions, please refer to Azure documentation.

    1. Click Save. The following should be synchronized to FortiGSLB Cloud:

      • Virtual Machines that are running, regardless of whether their IP addresses are dynamically assigned.

      • Virtual Machines that are shut down but have a static IP assigned.

      • Load Balancers.

    Please note the following for Load Balancers:

    • A running VM added to a load balancer will be removed from the “Virtual Machines” list.

    • Load balancers will be synced even without any virtual machines.

    • If a VM is part of a Load Balancer, both its IPv4 and IPv6 addresses will not appear under “Virtual Machines.” If this VM is added to a pool, its virtual server status will be shown as down in “Virtual Machines.”

Virtual Server Status

When your AWS or Azure credentials have successfully connected to FortiGSLB, you will be able to see the EC2 instances, Virtual Machines, and Load Balancers from your AWS or Azure account.

To view your virtual servers, navigate to the edit connector page by going to Fabric Connectors and clicking on the edit icon corresponding to the connector you want to view.

The colored dots to the right of each virtual server indicate its status, as follows:

  • Green: The virtual server is “AVAILABLE.”

  • Red: The virtual server is “UNAVAILABLE,” which occurs when the EC2 or VM is down or when the key and credentials are deactivated.

  • Grey: The virtual server is "UNKNOWN".

    This occurs when an EC2 instance with both IPv4 and IPv6 addresses changes only one IPv4 address after rebooting. If the virtual server is part of a pool, it must be manually deleted and re-added.

    If an EC2 or VM has a single IPv4 address, it updates automatically after changes.

    A stopped VM with a detached static IPv4 address will show as grey.

    Updating credentials without access permission will also result in a grey status.

Running Instances with Dynamic IPs

Please note the following for running instances with Dynamic IPs:

  • If not added to a virtual server pool, the virtual server will be deleted if it is shut down.

  • If added to a virtual server pool, the virtual server will not be deleted if it is shut down.

Previous
Next