Azure Application Gateway is a web traffic load balancer that helps you control traffic to your web applications. It is integrated with Azure Cloud Services and offers multi-regional redirection, run-time scalability, and automatic failover for internal web-based applications and services.
The topics covered in this blog are:
- What is Azure Application Gateway?
- Why is Azure Application Gateway Needed?
- Azure Application Gateway Components
- How does Azure Application Gateway Work?
- Azure Application Gateway Features
- Azure Application Gateway Step-by-Step Configuration
- Azure Application Gateway Pricing
What is Azure Application Gateway?
Azure Application Gateway offers HTTP-based load balancing, which allows you to create HTTP-based routing rules. Azure Application Gateway provides application-level routing and load balancing, allowing developers to build reliable and scalable websites and web applications.
This web traffic load balancer operates on the OSI model’s Layer 7 and allows you to control traffic for your web applications. Unlike typical load balancers that function at Layer 4 and route traffic based on the source IP address and port, Azure Application Gateway makes routing choices based on additional parameters of an HTTP request, such as URI path or host headers. It is a very helpful and valuable tool for web traffic managers, and it operates similarly to the AWS Application Gateway.
Why is Azure Application Gateway Needed?
Many businesses, retailers, and suppliers all across the world use their clients’ web applications to accept online credit card payments. The whole process involves payment processing, verification, and reporting, all of which must be completed efficiently and securely.
The deployment strategy and application architecture to achieve such activities were mostly created using classic Active Server Pages (ASP). One of the most significant disadvantages of classic ASP was that it was hosted on a single instance of a Windows 2003 32-bit OS server and was not PCI compliant. This legacy system utilized a regular Microsoft SQL Server 2005 database for storage and had no DLL documentation. Apart from that, the system lacked the capacity to grow on-demand and regulate system downtime, among other things. As the system had not been changed for over 15 years, it lacked the ability to accommodate the current security and high-capacity infrastructure requirements.
Considering all the above-mentioned problems with the legacy system, customers are aimed at transitioning to Azure Application Gateway through the IaaS platform. The major thought behind this transition was to deliver a sophisticated and secure payment platform featuring all the current security features. Transitioning from legacy systems to IaaS migration through Azure was a win-win situation for organizations and their clients.
Also Read: Our blog post on Azure Certification Path 2022.
Azure Application Gateway Components
An application gateway acts as the single point of contact for clients. It routes incoming application traffic across different backend pools, which include Azure VMs, Azure App Service, virtual machine scale sets, and external servers. To distribute traffic, an application gateway employs numerous components, and these components are:
- Frontend IP Addresses
- Request Routing Rules
- HTTP Settings
- Backend Pools
- Health Probes
1. Frontend IP addresses
The IP address connected to an application gateway is known as the “frontend IP address.” You can set up an application gateway to have a private IP address, a public IP address, or both. An application gateway supports one private or one public IP address. Your virtual network and public IP address must be in the same place as your application gateway. After it’s created, a frontend IP address is connected to a listener.
A listener is a logical entity that monitors the network for new incoming connection requests. A listener accepts a request if the protocol, hostname, port, and IP address associated with the request match the same elements associated with the listener setup. Before you can utilize an application gateway, you must first configure at least one listener. There can be multiple listeners linked to an application gateway, and they can be utilized for the same protocol. When a listener detects incoming client requests, the application gateway directs them to members of the backend pool specified in the rule.
3. Request Routing Rules
A request routing rule is an important component of an application gateway because it defines how traffic on the listener is routed. The rule binds the listener, the backend HTTP settings, and the back-end server pool.
When a listener receives a request, the request routing rule either passes it to the backend or redirects it to another location. If the request is sent to the backend, the request routing rule specifies which backend server pool it should be routed to. The request routing rule also specifies whether the headers of the request are to be modified. One listener can be assigned to one rule.
4. HTTP Settings
An application gateway directs traffic to the backend servers by utilizing the port number, protocol, and other options mentioned in this component. The port and protocol specified in the HTTP settings decide whether traffic between the application gateway and backend servers is encrypted or not.
5. Backend Pools
A backend pool directs requests to backend servers, who serve the requests. Backend pools can contain:
- Public IP addresses
- virtual machine scale set.
- Internal IP addresses
- Multitenant backends (such as App Service)
You can set up separate backend pools for certain sorts of requests. For example, create one backend pool for general requests, and another one for requests to the microservices for your application.
6. Health Probes
By default, an application gateway checks the health of all resources in its backend pool and eliminates unhealthy ones automatically. When sick instances become available, it monitors them and adds them back to the healthy backend pool, as well as responding to health probes.
Check Out: Top 30 Azure Data Factory Interview Questions.
How does Azure Application Gateway Work?
The Azure Application Gateway handles web traffic on one or more web applications by acting as a load balancer enabler. The Azure Application Gateway works in two parts :
- Accepting incoming requests.
- Route the request to the backend pool.
1. Accepting incoming requests
- The application gateway employs the Domain Name System (DNS) server to resolve domain names before the user submits any request. Azure controls the DNS entry since all the application gateways are on the azure.com domain.
- Azure DNS will return the front-end IP address to the client.
- The application gateway receives the incoming requests on the listener and the HTTP listener checks for connection requests. Listeners are set to use the front-end IP address.
- The header and body of every request are evaluated against the rules of the Web Application Firewall (WAF) to determine whether the request is legal or a security risk. Valid requests are directed to the backend pool, while invalid requests are blocked. Web Application Firewall (WAF) has 2 modes of prevention: prevention mode and detection mode. In prevention mode, invalid requests are stopped, while in detection mode, requests are analyzed, recorded, and then delivered to the backend.
2. Route the request to the backend pool
- The routing request rule in the listener is checked by Application Gateway to determine which backend server to route the request to.
- Application gateway sends the request from the listener to a specified backend pool depending on the URL path or redirects the request to an external site or other ports.
- The application gateway utilized the round-robin technique to route the requests from the listener to the healthy backend servers. Healthy servers have health probes; if there are many requests, the requests are load-balanced on the server.
- Once the backend server is chosen, a new TCP session will be established depending on the HTTP settings. These HTTP settings will offer protocol, port, and other routing information for establishing new sessions on the backend server.
- Traffic between the gateway and the backend server might be encrypted or unencrypted depending on the HTTP settings.
Also Read: Our blog post on Azure Databricks.
Azure Application Gateway Features
Let us discuss some Azure Application Gateway Features:
1. Secure Sockets Layer (SSL/TLS) Termination
The application gateway enables end-to-end SSL/TLS encryption because of compliance requirements, security requirements, or because the application may only accept a secure connection. It also allows SSL/TLS termination at the gateway, after which traffic is normally routed unencrypted to backend servers. This functionality enables web servers to be unburdened by expensive encryption and decryption overhead.
Azure Application Gateway Standard v2 can be configured for a fixed-size deployment or auto-scaling. This SKU doesn’t support various instance sizes. The Application Gateway Standard is available in three sizes: small, medium, and large.
3. Zone Redundancy
A standard v2 Application Gateway can stretch across several availability zones, giving higher fault resilience and avoiding the need to deploy an individual application gateway in each zone.
4. Session Affinity
By employing gateway-managed cookies, the Application Gateway can direct subsequent traffic from a user session to the same server for processing. This is significant in circumstances when the session state is kept locally on the server for a user session.
5. Static VIP
The application gateway Standard_v2 SKU supports the static VIP type exclusively. This assures that the VIP connected with the application gateway doesn’t change even during the lifespan of the application gateway.
In the past, we employed strategies such as dedicated pool construction, whose single goal is to reroute requests it gets on HTTP to HTTPS. The application gateway enables the ability to reroute traffic on the application gateway. Application Gateway redirection capability isn’t restricted to HTTP to HTTPS redirection alone. It also permits redirection to an external site as well.
Azure Application Gateway Standard v2 offers auto-scaling and can scale up or down depending on changing traffic load patterns. It also eliminates the obligation to pick a deployment size or instance count during provisioning.
8. Multiple-Site Hosting
Multiple-site hosting allows us to set up more than one website on the same application gateway instance. This capability enables us to build a more efficient topology for our deployments by connecting up to 100 websites to one Application Gateway. Each website can be pointed to its own pool.
9. Web Application Firewall
A Web Application Firewall (WAF) is a service that offers centralized protection of your web applications against common exploits and vulnerabilities. WAF is based on rules from the OWASP core rule sets 3.1, 3.0, and 2.2.9.
10. URL-Based Routing
Depending on the URL PathRouting enables us to route traffic to backend server pools based on the URL path of the request. One of the situations is rerouting requests for various categories of material to different pools.
Read More: About Azure Bastion.
Azure Application Gateway Step-by-Step Configuration
1. Login into the Azure Portal.
Note: If you don’t have a Microsoft Azure account then check out this blog on how to create Microsoft Azure free account.
2. Click on the Create a resource button, and a new window will appear. Select Networking and then Application Gateway.
3. Now, from the Create application gateway page, pick the Basic tab and fill in the details.
4. Next, go to the Frontends tab and select the Frontend IP address type.
5. Now add a backend pool from the Backend tab.
6. Now click on the Configuration Tab and select the Frontends, Routing rules, and Backend pools.
7. Now select the tags and click on the Review + Create button to create a new application gateway.
8. A new Azure Application Gateway will be created as myAppGateway. Here, users can add new VMs and backend pools.
Also Check: Our blog post on Azure Sentinel.
Azure Application Gateway Pricing
Microsoft provides its Application Gateway with multiple price levels. The cost of the service varies from company to company based on the overall use and the gateway type. As the Application Gateway is delivered as a SaaS platform, there are no upfront expenses and nothing paid in the name of contract termination fees. The terms and conditions provided by Microsoft are usually for a pay-as-you-go contract.
Check out: Official Pricing Doc.
Azure Application Gateway is a Microsoft Azure service that aids in the management of traffic directed toward a user’s web application. It is an effective and scalable load-balancing controller that offers high availability. It can be easily integrated with different Azure applications and services.
- Azure Application Gateway Official Document
- Azure Application Gateway Components Official Document
- Microsoft Azure Certification Path in 2022
- Microsoft Azure Traffic Manager: Features, Routing Methods & Overview
- Top 30 Azure Data Factory Interview Questions and Answers
- Azure Free Account | A Step-By-Step Guide For Beginners