What is Azure Application Gateway?
Azure Application Gateway is a load balancing solution provided by Microsoft Azure. This web traffic load balancer works on Layer 7 of the OSI model and enables you to manage traffic for your web applications. Unlike traditional load balancers that operate at Layer 4 and route traffic based on source IP address and port, Azure Application Gateway makes routing decisions based on additional attributes of an HTTP request such as URI path or host headers.
Azure Application Gateway gives you application-level routing and load balancing services that let you build a scalable and highly-available web front end in Azure.
Azure Application Gateway is a helpful tool for web traffic managers, and it works similar to AWS Application Gateway wherein we can make routing decisions based on URI or host headers. For example, you can route traffic based on the incoming URL. If /Images or /Videos are in the URL, then you can route to the specific set of servers configured for Images or Videos. It can also be used for SSL or TLS termination as well.
The following is an example to help you understand the concept better:
You can route traffic based on the incoming URL. If you request an image and it has a corresponding image URL, you will be routed to a particular incoming URL. Similarly, if a video is the incoming URL, you will be routed to another set of servers, which is specifically optimized for videos.
If you are interested in learning Azure, take a look at our Azure tutorial to learn more!
Get 100% Hike!
Master Most in Demand Skills Now !
Why is Azure Application Gateway Needed?
Many enterprises, merchants, and suppliers around the globe access their clients’ web applications to perform online credit card payments. The entire process includes processing, verification, and reporting of payment that must be done efficiently and securely.
The deployment setup and architecture of applications to accomplish such tasks was primarily developed using classic Active Server Pages (ASP). One of the biggest drawbacks of classic ASP was that it was hosted on a single instance Windows 2003 32-bit OS server and was not PCI compliant. This legacy system used a standard Microsoft SQL server 2005 database for storage and had no documentation pertaining to the DLLs. Apart from this, some of the other capabilities the system lacked were the inability to scale on-demand and control system downtime. As the system had not been upgraded for over 15 years, it lacked the ability to support the latest security and high-capacity infrastructure standards.
Considering all the above-mentioned drawbacks of the legacy system, clients aimed at shifting to Azure Application Gateway via the IaaS platform. The main notion behind this shift was to provide an advanced and secure payment platform having all the latest security features. What further strengthened the decision to switch to Azure was to reduce maintenance requirements and costs, increase performance, and achieve zero downtime and data loss.
Transitioning from legacy systems to IaaS migration via Azure was a win-win situation for enterprises and their customers. In some cases, unencrypted communication to servers is not acceptable because of security standards, compliance, etc. In those scenarios, AFW is helpful for end-to-end TLS/SSL encryption.
In order to further comprehend what makes Azure Payment Gateway an excellent service for enterprises and their customers, let us discuss some of its features in detail.
To gain an in-depth understanding of Azure, please check out this video on Azure full course:
Benefits of Azure Application Gateway
Generally, Azure Application Gateway has a couple of exciting features, ranging from improving security and handling dynamic workload to performance optimization and much more. Let us discuss the features of Azure Application Gateway in detail:
It is something that helps in gracefully removing the backend member from the pool. For example, if there is a set of five servers in a pool and one of them is reported as unhealthy by the health probe or it requires a periodic update, then the Application Gateway helps in the removal of that particular server.
All existing connections to that particular server are kept until all requests to that server are completed.
Secure Socket Layer (SSL) termination:
Azure Application Gateway helps in SSL termination at the gateway level itself, allowing communication between backend instances. This feature removes the encryption and decryption overhead from the backend server, and that makes the entire process a little faster and also decreases the response time. But this feature is sometimes not accessible to businesses. That is why, there is an end-to-end SSL feature that prevents data being read or secretly modified.
Web application firewall:
This is probably one of the most interesting features of Azure Application Gateway; it provides centralized protection of web applications from common security threats and vulnerabilities. It supports open web application security project (OWASP).
Multiple site hosting:
This feature of Azure Application Gateway allows a single application gateway to host multiple sites, upto 100+ websites, that point to the same application gateway. For example, if you have multiple websites, you can point all of them to the same application gateway. The application gateway can then send it to the respective URL based on the incoming URL.
One of the most important benefits of Azure Application Gateway is redirection. It is very useful in cases where an application gets the request over HTTP, but it has to be redirected to HTTPS. Through the gateway, redirection can be easily done to external websites as well.
It handles the dynamic workload by scaling up and down. This feature is useful in eliminating the problem of estimating the size instances needed to be deployed.
In Application Gateway, session affinity is maintained by transferring the income request from the session to the same server. This is required when the session is maintained at the local server.
This feature helps in providing static VIP to Application Gateway whenever needed. Static VIP feature ensures that its endpoint addresses will not change over its lifecycleHeader Rewrite, allowing it to perform operations, such as add, remove, or update HTTP request and response headers, on Application Gateway.
How does Azure Application Gateway Work?
In this section of the blog, you will learn how Application Gateway works. Let us first understand how it accepts request:
When a user sends a request to the Application Gateway, the domain name is resolved by a Domain Name System (DNS) server. The request can be from the public internet or over the intranet, depending on the configuration. Azure controls the DNS entry because all application gateways are in the azure.com domain. The Azure DNS then returns the IP address to the client, which is called the frontend IP address of the application gateway.
The application gateway accepts incoming traffic from one or more listeners. A listener is a logical entity that checks for connection requests sent on the public or private IP addresses and has a defined set of rules.
To establish connections from the client-side, the application gateway is configured with a frontend IP address, protocol, and port number. If a web application firewall (WAF) is in use, the application gateway checks the request headers and the body, if present, against WAF rules. This helps in determining whether a request is a valid request or a security threat. In the case of the former, the request is routed to the backend, but if it is the latter, the request is blocked as a security threat. If the request is in detection mode, it is evaluated and logged but still forwarded to the backend server.
Master the core concepts of Azure through this Azure Course for becoming a Certified Administrator.
Step-by-step Configuration of Azure Application Gateway
Step 1: Visit the Azure portal and search for “Application gateways” and then click “Add”.
Step 2: After this, fill in all the basic details such as the resource group, autoscaling details, and virtual network. Also create a new VNet, if it does not exist before, and then click on “Frontends”.
Step 3: After you have clicked on “Frontend” in the previous step, choose “Frontend IP address type”, create a new Public IP address, and then click on “Backends”.
Step 4: Now, select the required backend pool for the application gateway and then click on “Configuration”.
Step 5: Under “Configuration”, add a routing rule; enter the “Rule name” and then specify the routing rules here along with the backend targets. Turn “Error page url” to Yes to add a link for the static web page to a storage account.
Step 6: For each backend target, create a specific HTTP setting; click on “Create new” under “HTTP setting”, and specify the backend protocol and port.
Step 7: To add a routing rule, specify the target type, path, and HTTP setting for that backend target. After that, click on “Save changes” and go back to routing rules.
Step 8: The default route and multiple path-based rule targets will appear under Backend targets; here, click on “Add” after filling in the details.
Step 9: You will be able to view Frontends, Routing rules, and Backend pools for the application gateway; click on “Review + create” to deploy the application gateway.
Step 10: Click on “Go to resource” to access the application gateway, and copy the Frontend public IP address of the application gateway to test it.
Step 11: As the last step of the configuration, paste the IP address, along with the specific path-based routing, to check if the application gateway is running.
Check out our Microsoft Azure Training Bangalore, to help you master its core concepts.
Azure Application Gateway Pricing
Microsoft offers its Application Gateway with different pricing tiers. The cost of the service varies from company to company depending on the total usage and the gateway type. As the Application Gateway is offered as a SaaS platform, there are no upfront fees and nothing is charged in the name of contract termination fees. Microsoft’s terms and conditions offer standard clauses for a pay-as-you-go contract.
The following image mentions how the basic pricing for the Azure Application Gateway will work for an organization operating from central USA:
As you can see from the image, the price of a small application gateway with no firewall service starts at about $18 a month for 730 hours. This basic fee can also go up to around $233 a month for 730 hours of operation in case of a large gateway type with a firewall. One thing must also be taken into consideration before opting for this is that the firewall usage will cost an additional $327 a month.
Azure Application Gateway is an effective and scalable load-balancing controller that offers high availability and integrations; it can be easily integrated with different Azure applications.
In general, Azure Application Gateway is highly praiseworthy for its ease of use, and most users appreciate this feature. It also has another significant advantage, i.e., being automatically updated and patched. The credit of this goes to its SaaS service model. Another major advantage of the solution is the availability of plenty of customization options and the application of custom traffic rules and groups of traffic rules.
Caught up with doubts? No worries, our Azure community is there to help you!