Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Entra ID
Azure Load Balancer
SQL Server
Solution ideas
This article describes a solution idea. Your cloud architect can use this guidance to help visualize the major components for a typical implementation of this architecture. Use this article as a starting point to design a well-architected solution that aligns with your workload's specific requirements.
This solution provides a highly available deployment of SharePoint using a load balanced Microsoft Entra ID, highly available SQL always on instance, and highly available SharePoint resources.
Potential use cases
This solution address the capability to deliver highly available intranet capability to teams within your business, by using the latest and greatest support platforms.
Architecture
Use ExpressRoute or VPN Gateway for management access to resource group.
Dataflow
- Create resource group for the storage, network, and virtual machine, plus other dependent elements.
- Create virtual network to host the virtual machines and load balancers for the deployment. Ensure the network has appropriate network security groups implemented to protect network traffic flow.
- Create the storage accounts that will host the virtual hard disks (VHDs) for the machine images.
- Create the Active Directory installation using either a new virtual machine or Microsoft Entra Domain Services. If using Microsoft Entra Domain Services, consider synchronizing identities to Microsoft Entra ID with Microsoft Entra Connect.
- Create a Windows failover cluster and install a supported version of SQL Server on an Azure virtual machine (VM) or deploy pay-as-you-go instances of SQL Server.
- Deploy SharePoint onto multiple Azure VMs, or, use trial images from the gallery that already have SharePoint Server installed.
- Create the SharePoint farm.
- Set up an Azure external load balancer to direct incoming HTTPS traffic to the SharePoint server.
- Use ExpressRoute or VPN Gateway for management access to resource group.
- On-premises users can access the SharePoint sites via the internet, ExpressRoute, or VPN Gateway.
- External users can be granted access as required to the SharePoint sites for testing.
Components
- An Azure resource group is a logical container that holds related Azure resources for a solution. In this architecture, the resource group organizes and manages all components required for the SharePoint deployment, including networking, storage, and compute resources.
- Azure Virtual Network is a foundational networking service that enables secure communication between Azure resources and on-premises environments. In this architecture, the virtual network hosts the VMs and load balancers, and enforces traffic control through network security groups.
- Azure Storage accounts provide durable, highly available, and scalable cloud storage for various data types. In this architecture, Storage accounts host the virtual hard disks (VHDs) used by the VMs that run SharePoint and SQL Server.
- Microsoft Entra ID is an identity and access management service that enables secure access to Azure resources. In this architecture, it synchronizes identities from on-premises directories and supports single sign-on for users that access SharePoint.
- Microsoft SharePoint Server is an enterprise collaboration platform for content management and intranet solutions. In this architecture, SharePoint Server is deployed across multiple Azure VMs to form a highly available SharePoint farm.
- SQL Server is a relational database management system that stores and manages structured data. In this architecture, SQL Server is installed on Azure VMs in a Windows failover cluster to support high availability for SharePoint databases.
- Azure Load Balancer is a layer-4 load balancing service that distributes network traffic across multiple resources. In this architecture, an external load balancer directs incoming HTTPS traffic to the SharePoint servers to ensure availability and performance.
- ExpressRoute is a dedicated private connection service that extends on-premises networks into Azure over a private fiber link. In this architecture, ExpressRoute provides secure and reliable management access to the resource group and enables connectivity for on-premises users that access SharePoint sites.