Azure Application Gateway
Ankit Ranjan (DevOps Engineer)
Actively Seeking Azure DevOps/Cloud Role | DevOps Engineer | Automating & Reducing Developer Toil | Modernising IAC like Jam on the Bread | Microsoft Certified: Azure Admin Associate | Certified Terraform Associate |
Consider Mr Ranjan, has a web application hosted on a group of VMs in Azure With increasing traffic, it’s crucial to ensure the application can manage the load without downtime or performance degradation.
To address this, you can implement Azure Application Gateway to evenly distribute incoming traffic across the VMs. This approach allows you to scale your application horizontally, ensuring it can handle higher traffic volumes without becoming overwhelmed.
Beyond its load-balancing capabilities, Azure Application Gateway offers additional functionalities such as SSL termination and cookie-based session affinity. SSL termination allows you to offload the encryption and decryption of traffic from your servers, improving their performance. Cookie-based session affinity ensures that users remain connected to the same server throughout their session, enhancing the user experience.
Azure Application Gateway (AAG) helps manage traffic to your web applications while enhancing their performance and security. Acting as a Layer 7 web traffic load balancer, AAG enables precise traffic management based on HTTP request attributes like URI path or host headers. Additionally, AAG offers features such as SSL termination and cookie-based session affinity.
Supporting multiple protocols, including HTTP/S, HTTP/2, and WebSocket, AAG can integrate with a web application firewall to protect against potential vulnerabilities. It also facilitates end-to-end request encryption, ensuring comprehensive security for your web applications.
There are two primary methods of routing traffic:
Path-based routing: Use this option to direct traffic based on the URL path of incoming requests. For instance, if the incoming URL is https:///ankitranjan.com/images, traffic containing /images can be routed to a specific server pool optimized for images. Similarly, if the URL contains /video, traffic can be routed to a different server pool tailored for videos.
Multiple site routing: This option is ideal when managing multiple sites like ankitranjan.com and azureguy.com. You can register multiple DNS names (CNAMEs) for the Application Gateway’s IP address, specifying each site’s name. This allows you to configure multiple web applications on the same AAG instance
AAG has a few components that need to be configured to route requests to a poll of web servers.
The following diagram shows the AAG components:
领英推荐
Here are some of the key components of Azure Application Gateway:
? Listeners: These are logical constructs that validate incoming connection requests based on factors like port number, communication protocol, host computer, and internet protocol address.
? Routing rules: These rules dictate how Azure Application Gateway routes traffic to the backend pool. You can define rules based on criteria such as the URL path of the incoming request or the host header.
? HTTP settings: These settings specify how Azure Application Gateway directs traffic to the backend servers. They are associated with one or more request-routing rules.
? Backend pool: This comprises backend servers to which Azure Application Gateway directs traffic. These servers can be specific virtual machines, virtual machine scale sets, IP addresses/FQDNs, or app services. After creating a backend pool, you must link it with one or more request-routing rules. Health probes are essential for each backend pool to ensure redirection to healthy servers based on probe results.
In addition, you can configure SSL certificates and Web Application Firewall:
SSL certificates: These certificates facilitate SSL/TLS offloading, allowing Azure Application Gateway to manage the SSL decryption and encryption process.
WAF (Web Application Firewall): This security feature safeguards your web applications against common attacks like SQL injection and cross-site scripting.
As evident, Azure Application Gateway offers advanced Layer 7 capabilities for managing traffic to your web application in Azure. The array of features, including SSL termination, cookie-based session affinity, URL-based routing, health probes, and a web application firewall, alongside authentication and authorization, collectively make Azure Application Gateway a comprehensive solution for your web application traffic management requirements in Azure.
Imagine your web application isn't just confined to one Azure region but spread across multiple regions. Your aim is to guarantee that users can always access the speediest backend possible. In such a scenario, Azure Front Door emerges as a viable solution.
"In our upcoming post, we'll explore the fundamental functionalities of Azure Front Door.
Microsoft Azure Microsoft Azure DevOps Microsoft Learn