Microsoft Azure Application Gateway is a virtual appliance that provides ADC (application delivery controller) as a part of its service.
Azure Application Gateway instills several layer 7 load balancing capacities for client applications. It enables clients to optimize their web farm efficiency by offloading the Central Processing Unit-intensive SSL termination to an application gateway.
In addition, it provides layer 7 routing capabilities, which include income traffic distribution through the cookie-based session affinity, URL path-based routing and round-robin the capability to host several websites behind singular Application Gateway.
WAF (web application firewall) is provided as a standard component of the application gateway WAF SKU. It secures web-based applications from exploits and web vulnerabilities.
The configuration of Azure Application Gateway could be either an internet facing gateway, an internal only gateway, or the mix of both.
Web application firewall - The WAF or the web application firewall integrated into the Azure Application Gateway secures web-based applications from session hijacks, cross-site scripting breaches, SQL injection, and common web attacks.
HTTP load balancing - Azure Application Gateway performs the balancing of load through the round-robin. The load is balanced at the Layer 7, which is applied for only HTTP(S).
Cookie-based session affinity – This function is a useful feature when users need to maintain the user session on the similar back-end. The Application Gateway, by deploying Gateway-managed cookies, directs the traffic from the user session to the similar back-end to enable processing. This function is crucial for cases where the session is locally saved on back-end servers for user sessions.
The SSL (Secure Sockets Layer offload) – The feature on Azure Application Gateway eliminates the expensive business of HTTPS traffic decrypting off client web servers.
Through terminating SSL connection on Application Gateway, plus forwarding an unencrypted request to a server, it relieves a web server from the burden of decryption.
Application Gateway performs re-encrypts on the response prior to returning the response back to clients. This function is critical in specific environments wherever the back-end is placed in a similar virtual network like the Application Gateway is in Azure.
End to End SSL - Azure Application Gateway combines the end to end traffic encryption. The Application Gateway achieves this through terminating SSL connection on application gateway. Subsequently, the Application Gateway applies routing methods to the incoming traffic, performs re-encryption of the packet, and sends it to the relevant back-end as determined by the routing rules. Any response received from web server gets through an identical method back to users.
URL-based content routing – This feature on Azure Application Gateway enables the use of unique back-end servers, on the basis of the traffic. The Traffic of a web folder or a CDN can be directed to different back-ends. The feature lessens the unwanted back-end load, which doesn't serve any specific content.
Multi-site routing - The Azure Application gateway permits users to consolidate a maximum of twenty websites on one application gateway.
Support for Websocket - This is another superb feature available on the Azure Application Gateway that provides support for the WebSocket.
Health checking - Azure Application Gateway leverages default health checking for back-end resources. It performs custom monitoring to check specific scenarios.
SSL Policies and Ciphers - This inbuilt function of Azure Application Gateway presents the capability to restrict the supported cipher suites, SSL protocol versions as well as the format in which these are processed.
Request Redirect - The Request Redirect feature in Azure Application Gateway incorporates the ability to redirect the requests of HTTP to the HTTPS listener.
Multi-tenant back-end support - Azure Application Gateway (AAG) facilitates the configuration of multi-tenant back-end services such as API Gateway and Azure Web Apps as back-end pool members.
Superior Diagnostics - The AAG offers advanced diagnostics and supports access logs. The Firewall logs can be made available for WAF enables the Application Gateway resources.
Applications which need requests from the same client session to reach the similar back-end virtual machine. Some of the typical examples of such applications are shopping cart and webmail server applications.
It eliminates the SSL termination burden for the web server farms.
Applications, such as content delivery network, that require many HTTP requests on the similar long-running TCP connection to be load balanced or routed to diverse the back-end servers.
Those applications support the WebSocket traffic.
It secures web-based applications from session hijacks, cross-site scripting attacks, SQL injection and other common web attacks.
There is a consistent distribution of the traffic on various routing models such as URL path or the domain headers.
MS AAG (Azure Application Gateway) is highly available, fully managed and it is scalable. This Gateway provides superior logging capabilities and advanced diagnostics for high performance and improved manageability.
When users create an internal ILB IP or the application gateway, a public VIP endpoint is used for incoming network traffic. This internal ILB IP or the public VIP is enabled by the Azure Load Balancer which is being operating at transport level or TCP/UDP, with all network traffic loads balanced to application gateway worker examples.
The Azure application gateway subsequently routes the HTTP/HTTPS traffic on its set configuration, which can be a cloud service, an external or an internal IP address, or the virtual machine.
Balancing the Application Gateway traffic load as Azure-managed service enables provisioning of the layer 7 load balancer at the back of the Azure software load balancer.
The Azure Traffic manager could be applied to achieve the following scenario as it is observed in the image below. Here, the Traffic Manager facilitates redirection and the availability of incoming traffic to varied application gateway resources at various regions, while the application gateway deploys the layer 7 load balancing.
MS's Azure Application Gateway is at present available in three variants - Small, Medium, and Large. The Small sizes are designed for testing and development scenarios.
Users can create a maximum of fifty application gateways for a Small instance subscription. Every application gateway could have ten instances each, and could consist of twenty HTTP listeners.
Please visit to the ‘Application Gateway service limits’ on the Microsoft website to get a comprehensive view of the application gateway limits.
|Microsoft Azure Infrastructure Solutions 70-533||Microsoft Azure Solutions 70-532|
|Azure Solutions Architect||Microsoft Azure Certification|
Free Demo for Corporate & Online Trainings.