Azure Application Gateway

Azure Application Gateway


Consider Mr Ranjan, has a web application hosted on a group of VMs in Azure With increasing traffic, it’s crucial to ensure the application can manage the load without downtime or performance degradation.

To address this, you can implement Azure Application Gateway to evenly distribute incoming traffic across the VMs. This approach allows you to scale your application horizontally, ensuring it can handle higher traffic volumes without becoming overwhelmed.

Beyond its load-balancing capabilities, Azure Application Gateway offers additional functionalities such as SSL termination and cookie-based session affinity. SSL termination allows you to offload the encryption and decryption of traffic from your servers, improving their performance. Cookie-based session affinity ensures that users remain connected to the same server throughout their session, enhancing the user experience.

Azure Application Gateway (AAG) helps manage traffic to your web applications while enhancing their performance and security. Acting as a Layer 7 web traffic load balancer, AAG enables precise traffic management based on HTTP request attributes like URI path or host headers. Additionally, AAG offers features such as SSL termination and cookie-based session affinity.

Supporting multiple protocols, including HTTP/S, HTTP/2, and WebSocket, AAG can integrate with a web application firewall to protect against potential vulnerabilities. It also facilitates end-to-end request encryption, ensuring comprehensive security for your web applications.

There are two primary methods of routing traffic:

Path-based routing: Use this option to direct traffic based on the URL path of incoming requests. For instance, if the incoming URL is https:///ankitranjan.com/images, traffic containing /images can be routed to a specific server pool optimized for images. Similarly, if the URL contains /video, traffic can be routed to a different server pool tailored for videos.

Multiple site routing: This option is ideal when managing multiple sites like ankitranjan.com and azureguy.com. You can register multiple DNS names (CNAMEs) for the Application Gateway’s IP address, specifying each site’s name. This allows you to configure multiple web applications on the same AAG instance

AAG has a few components that need to be configured to route requests to a poll of web servers.
The following diagram shows the AAG components:
Azure Application Gateway components
Here are some of the key components of Azure Application Gateway:

? Listeners: These are logical constructs that validate incoming connection requests based on factors like port number, communication protocol, host computer, and internet protocol address.

? Routing rules: These rules dictate how Azure Application Gateway routes traffic to the backend pool. You can define rules based on criteria such as the URL path of the incoming request or the host header.

? HTTP settings: These settings specify how Azure Application Gateway directs traffic to the backend servers. They are associated with one or more request-routing rules.

? Backend pool: This comprises backend servers to which Azure Application Gateway directs traffic. These servers can be specific virtual machines, virtual machine scale sets, IP addresses/FQDNs, or app services. After creating a backend pool, you must link it with one or more request-routing rules. Health probes are essential for each backend pool to ensure redirection to healthy servers based on probe results.

  • Health probes: These probes assess the health of backend servers. Establishing a custom probe for each backend HTTP setting is recommended for better control over health monitoring.

In addition, you can configure SSL certificates and Web Application Firewall:

SSL certificates: These certificates facilitate SSL/TLS offloading, allowing Azure Application Gateway to manage the SSL decryption and encryption process.

WAF (Web Application Firewall): This security feature safeguards your web applications against common attacks like SQL injection and cross-site scripting.

Azure Application Gateway configuration

As evident, Azure Application Gateway offers advanced Layer 7 capabilities for managing traffic to your web application in Azure. The array of features, including SSL termination, cookie-based session affinity, URL-based routing, health probes, and a web application firewall, alongside authentication and authorization, collectively make Azure Application Gateway a comprehensive solution for your web application traffic management requirements in Azure.

Imagine your web application isn't just confined to one Azure region but spread across multiple regions. Your aim is to guarantee that users can always access the speediest backend possible. In such a scenario, Azure Front Door emerges as a viable solution.        
"In our upcoming post, we'll explore the fundamental functionalities of Azure Front Door.

Microsoft Azure Microsoft Azure DevOps Microsoft Learn

要查看或添加评论,请登录

Ankit Ranjan (DevOps Engineer)的更多文章

  • What is Azure Pipelines?

    What is Azure Pipelines?

    Azure Pipelines Benefits of Azure Pipelines Azure Pipelines offers a fast, reliable, and secure way to automate the…

  • Installing Docker on Windows 11 using WSL 2: A Step-by-Step Guide

    Installing Docker on Windows 11 using WSL 2: A Step-by-Step Guide

    Docker has become a crucial tool for developers, enabling seamless and portable application deployment. Prerequisites…

  • Safeguard Your Azure Route Server with Azure DDoS Protection

    Safeguard Your Azure Route Server with Azure DDoS Protection

    This guide walks you through securing your Azure Route Server by integrating it with Azure DDoS Protection in a virtual…

  • Protect your public load balancer with Azure DDoS Protection

    Protect your public load balancer with Azure DDoS Protection

    Azure DDoS Protection provides advanced mitigation features like adaptive tuning, attack alert notifications, and…

  • Create a public load balancer with an IP-based backend

    Create a public load balancer with an IP-based backend

    This Edition will teach us how to create a public load balancer with an IP-based backend pool. Traditionally, an Azure…

  • Load Balancer and its Different Types

    Load Balancer and its Different Types

    Global Load Balancer The Azure Standard Load Balancer enables cross-region load balancing, providing geo-redundant high…

  • Inbound NAT Rule

    Inbound NAT Rule

    Inbound NAT rules enable connections to virtual machines (VMs) in an Azure virtual network using a public IP address…

  • Azure Availability Set

    Azure Availability Set

    As part of a high-availability deployment, virtual machines are typically organized into multiple availability sets to…

    8 条评论
  • Azure Load Balancer (Part 2)

    Azure Load Balancer (Part 2)

    What is Azure Front Door Azure Front Door helps you deliver content, files, apps, and APIs with better availability…

  • Azure Load Balancer (Part-1)

    Azure Load Balancer (Part-1)

    Load balancing involves the efficient distribution of incoming network traffic across multiple backend servers or…

社区洞察

其他会员也浏览了