Share a Virtual Network to Join Instances from the Same Resource Group

Introduction

When experiencing scalability issues, isolating resources can be a way of extending workloads in the cloud. An alternative solution for scalability issues is to use a multi-tier backend database internally connected to the application frontend.

This guide walks you through the internal connection process between a frontend stack (in this guide we use Bitnami WordPress and an existing backend (a sample MySQL with replication). Both belong to the same resource group, and the internal connection will be performed by sharing the same virtual network.

Assumptions and prerequisites

This guide focuses on the internal connection of frontend and backend stacks by sharing the same virtual network, both deployed in the same resource group. For the purposes of demonstration, we will use a WordPress and MySQL database with replication deployments as an example.

This guide makes the following assumptions:

  • You have an account in the Microsoft Azure Cloud.
  • You have basic knowledge about the elements that make up the Azure Resource Manager (ARM). For more information about the elements that make up the ARM, see the Azure official documentation.
  • You have a multi-tier solution running in an existing resource group, or you have created a new one during the deployment. (In this guide, we use a MySQL with replication).

Your deployments must meet the following prerequisites:

  • All resources have been launched using the ARM, and not the classic deployment mode. Learn how to check your deployment model.
  • The new deployment (a Bitnami WordPress stack) must be launched using the same subscription, region (location), and resource group as the existing deployment (in this guide, a Bitnami MySQL with replication deployment).
NOTE: If you have launched an application and a database in different resource groups, check our guide on how to connect instances in different private network using network peering.

Step 1: Deploy an application from the Azure Portal with a shared virtual network

Launch a cloud server with an application running on it. It must meet the prerequisites listed in the "Assumptions and prerequisites" section of the guide. To launch the cloud server, follow the instructions below:

  • Log in to your Microsoft Azure account. You will be redirected to your dashboard.
  • In the left-side menu, select "New" and in the marketplace search box, enter "wordpress bitnami".
  • Click on the first result. You will see the description of the application on the right side of the screen. To create the new virtual machine, click "Create".

    Create a WordPress deployment

  • In "Create virtual machine -> Basics" complete the required fields.

    IMPORTANT: Remember that the subscription, resource group, and location must be the same as in the existing MySQL with replication deployment.

    Basic configuration

To make sure that the subscription, resource group, and location match the values you have entered in the database deployment, you can navigate to the "Resource Group -> Deployments" section. To see a summary of the basic configuration, click the database deployment.

Database basic configuration

  • Choose the virtual machine size depending on your needs.

Once you have selected the size of the virtual machine, you must configure the network. This step is very important because it is when you configure the shared virtual network between the two instances (WordPress and MySQL with replication). The deployments share a VPN, and in order to avoid network conflicts, the system automatically assigns free IPs for both deployments in the address space.

To add the new virtual machine to the existing virtual network, follow the instructions below.

  • Click the "Virtual network" section. You will see a list of the existing virtual networks. Select the virtual network associated to the resource group you have selected in the "Basics" section.

    Share virtual network

  • Click "Subnet". It shows the subnet associated to the virtual network you have selected in the previous step.

    Check subnet

  • To ensure that the HTTP, HTTPS, and SSH inbound rules are enabled, click the "Network security group" section.

    Network security group rules

  • For the rest of parameters, you can customize them (if applicable) or leave the values defined by default.

Step 2: Restrict the application access to its public IP address

NOTE: Deleting the database's public IP address is optional. This step is recommended because, by default, all Bitnami stacks have a configured public IP address. By deleting the public IP address, you ensure that the database can only be reached internally.

Once you have deployed and configured the application with a shared virtual network, you must set its public IP address as the only way of accessing it externally. This step is essential because the goal of this guide is to connect both instances (application and database) internally. To do this, we perform the following actions:

  • Check the application and database connection
  • Disassociate the database Network Security Group (NSG) from the application network
  • Delete the database NSG and its public IP address

Checking the application and database connection

Before deleting the database NSG and its public IP address, we highly recommend to check if the application and database servers are internally connected. If any issues occur, you can debug them and change the database configuration to allow the internal connection between both servers.

The best way to check the connection is to try and connect to the database (backend) from the application (frontend) server. To check the internal connection, follow the instructions below:

Once you have connected to the frontend server, the next step is to connect to the backend database (MySQL with replication).

  • In the Resource Group panel, select the "Network interface" of the master node:

    Check database connection

  • On the resulting page, note the database's private IP address:

    Check database connection

  • From the shell prompt, run the following command. Remember to replace PRIV_DB_IP_ADDRESS with the IP address you have obtained in the previous step.

    $ mysql -u root -p -h PRIV_DB_IP_ADDRESS

You will be prompted to enter the root user password. This is the password you entered during the database deployment.

Now you are connected to the backend database. To ensure that the internal connection between the two instances (frontend and backend) has been successful, you can run the command below:

mysql> show databases;

You will see an output similar to the following:

+--------------------+
| Database           |
+--------------------+
| information_schema |
| bitnami            |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
5 rows in set (0.00 sec)

Now you can proceed with the remaining steps.

Disassociating the database NSG from the application network

  • In the Resource Group panel, select the "Virtual network" item from the list of resources:

    Dissasociate the network security group

  • On the resulting page, navigate to the left-side menu and select "Subnets", then double-click the subnet.

    Dissasociate the network security group

  • You will see a configuration summary for the selected subnet. Click on the "Network security group" section and select "None" in the resulting interface. Click "Save".

    Dissasociate the network security group

    Dissasociate the network security group

Deleting the database NSG and its public IP address

Now the database NSG is disassociated from the application network. It is time to delete both the database NSG and its public IP address.

  • In the Resource Group panel, select the "Network Security Group" item from the list of resources:

    Delete database network security group

  • On the resulting page, to delete the entire NSG, click "Delete".

    Delete database network security group

In the Resource Group panel, you should only see the application's NSG:

Delete database network security group

  • To delete the database's public IP address, select it from the list of resources in the Resource Group panel:

    Delete database network security group

  • On the resulting page, click "Dissociate", and then "Delete":

    Delete database network security group

    Delete database network security group

Now you should be able to access your application by entering its public IP address in a browser:

Access the application

Step 3: Migrate the current WordPress database and specify the new database IP and credentials

To use the new multi-tier database as the backend of the application, you must migrate the current WordPress database and specify the new IP and credentials of the remote database.

Learn how to migrate the current bitnami_wordpress database to the new remote database by following the how to create a database backup and the how to restore a database backup sections.

To specify the new database IP and credentials, change these values in the /opt/bitnami/apps/wordpress/htdocs//wp-config.php file.

To learn more about the topics discussed in this guide, see the links below:

azure

Bitnami Documentation