• Articles
  • Tutorials
  • Interview Questions

What is Azure Front Door?

What is Azure Front Door?

Table of content

Show More

The underlying technology of Azure Front Door has facilitated scaling and protection for many popular Microsoft services including Office 365, Xbox, LinkedIn, Bing, and Teams.

Azure Front Door can help transform enterprise applications into robust personalized modern applications. These applications boast high performance and content that reaches a global audience. Let us learn a little bit more about Azure Font Door.

Go through Intellipaat’s Azure Training Video:

Video Thumbnail

What is Azure Front Door?

It is an application delivery network (ADN) as a service that offers various Layer 7 load-balancing capabilities for applications. The service is highly available, scalable, and fully managed by Azure.

Azure Front Door offers dynamic site acceleration (DSA) as well as global load balancing with near real-time failover. For enterprises that have a global reach, the performance of their web applications is greatly impacted by the proximity of the consumer.

For a better and more consistent experience, enterprises may use content delivery networks (CDNs) with several distribution points and deliver content to consumers rapidly because of optimized connections and proximity.

Azure Front Door service leverages the anycast protocol that goes beyond providing traditional CDN capabilities and offers advanced security capabilities including DDoS attack prevention.

The infrastructure for this globally distributed multi-tenant service is shared across all its customers. Creating a Front Door profile will define a specific configuration as per the requirements of an application. Changes made to a Front Door do not impact other Front Door configurations.

Core Capabilities of Azure Front Door

The following are the core capabilities of Azure Front Door:

  1. Application and API acceleration through the implementation of anycast to optimize the connectivity to Azure application services and reduce the latency for end users.
  2. SSL offload eliminates expensive decryption computation by endpoints and moves the function higher up in the stack.
  3. Global HTTP load balancing enables the construction of geo-distributed services by developers and allows Azure to determine endpoint availability and intelligent routing to local and available endpoints.
  4. Web Application Firewall or WAF at edge web application filtering protects against DDoS attacks or malicious users at the edge without disrupting backend services.

Features Supported by Azure Front Door

The key features of the Azure Front Door are mentioned below:

  • Accelerated performance of applications with the help of split-TCP-based anycast protocol
  • Hosting of multiple websites for efficient application infrastructure
  • Cookie-based session affinity
  • Intelligent health probe monitoring for backend resources
  • URL-path-based routing for requests
  • SSL offloading and certificate management
  • Define custom domain
  • Application security with integrated WAF
  • Using URL redirect; redirects HTTP traffic to HTTPS
  • Custom forwarding path with URL rewrite
  • Native support of end-to-end IPv6 connectivity and HTTP/2 protocol

Cloud Computing EPGC IITR iHUB

Azure Front Door Architecture

Let us now understand the routing architecture of Azure Front Door. When it receives client requests, it will either answer them if caching is enabled or forward them to the right application backend as a reverse proxy.

Creating an Azure Front Door Architecture involves creating a frontend host. This acts as a global endpoint for the application. A backend pool is then required for configuring the backend services such as an app service web application. Finally, routing rules need to be established to route traffic from the frontend host configuration to the backend pool.

Microsoft Azure Front Door Architecture

Additionally, load balancing functions send periodic heartbeats to the backend pool. This helps in the detection of the online status of endpoints. If an endpoint is not available, an alternative endpoint will be used to route the traffic.

How Does Azure Front Door Work?

Azure Front Door helps provide fast, secure, and scalable access to web applications. It also helps protect cloud-based apps and provides high-bandwidth content. How exactly does it do that? Let us take a look!

It optimizes the time required to access the content. In the following image, users are connecting to the content that is hosted in a custom domain. Azure Front Door is employed at several edge locations. Its CDN features optimize the access to backend content with access security provided by the firewall.

Routing performed by Azure Front Door depends on the routing method selected and the backend health. It supports four routing methods:

  • Latency: Ensures requests are sent to the lowest latency backends within the acceptable sensitivity range
  • Priority: Implements administrator-assigned priorities to the backends whenever a primary backend needs to be configured to service all traffic
  • Weighted: Uses administrator-assigned weights to backends when traffic needs to be distributed across a set of backends
  • Session Affinity: Facilitates configuration of session affinity for frontend hosts or domains, ensuring requests from the same end-user are sent to the same backend

Azure Front Door performs backend health monitoring by periodically assessing the health of all configured backends. The responses from these backends determine the most responsive backend resources to route client requests.

Azure Front Door’s web application firewall (WAF) capabilities protect web applications from exploits and vulnerabilities. App security management can be quite challenging as web applications are oftentimes targeted.

It runs at the network’s edge, where it is close to potential attacks to prevent them from getting into the network. The firewall is based on policies that can be associated with multiple instances of Azure Front Door. These firewall policies consist of:

  • Managed rule sets, a collection of pre-configured rules
  • Custom rules that can be added

A rule consists of:

  • A condition to determine whether a rule applies to traffic
  • A priority to determine the order of the rules being processed
  • An action such as Allow, Block, Log, or Redirect
  • A mode out of the following two:
    • Detection: WAF only monitors and logs without any other action
    • Prevention: WAF takes the defined action

Note: If present, custom rules are processed first.

Get 100% Hike!

Master Most in Demand Skills Now!

When Is Azure Front Door Used?

The following Azure Front Door stock-keeping units SKUs are available:

  • Azure Front Door Standard: Content-delivery optimized
  • Azure Front Door Premium: Security optimized

The decision depends on whether the other features offered by Azure Front Door Standard and Azure Front Door Premium are required.

CriteriaAnalysis
ScalabilityEnterprises that host scalable content will benefit more from using Azure Front Door.
PricingReview the pricing considerations based on monthly charges, hourly billing, or extra charges for custom rules.
Content DeliveryAzure Front Door Standard is a good choice when it comes to content optimization without extensive security capabilities.
SecurityAzure Front Door Premium is the better option for enhanced security requirements.

To decide the product that meets the requirements, the following criteria and the product recommendations should be reviewed.

Scalability

If there are no requirements for hosting global, scalable web applications, an enterprise may not benefit from. However, if the enterprise deals with building, operations, and scaling out dynamic web applications and static content, it could make use of the Azure Front Door SKUs.

Consider Azure Front Door when:

  • Defining, managing, and monitoring the global routing of web traffic
  • Optimizing for top-tier, end-user performance and reliability through quick global failover

Pricing

Azure Front Door pricing is based on the inbound and outbound data transfers and routing rules. The pricing for Azure Web Application Firewall and Azure Content Delivery Network includes:

  • A monthly charge per policy
  • Other charges for custom rules and managed rule sets

Billing is based on the following criteria:

  • A fixed base fee calculated on an hourly basis
  • Inbound data transfers
  • Outbound data transfers
  • Requests incoming from clients to Azure Front Door points of presence

Content Delivery

Azure Front Door Standard can be considered if we want to:

  • Optimize content delivery
  • Provide for the acceleration of both static and dynamic content
  • Make use of basic security capabilities
  • Support global load balancing
  • Use domain and certificate management
  • Use SSL offload
  • Benefit from enhanced traffic analytics

Security

Azure Front Door Premium is more suitable when we need Standard features along with it:

  • Extensive security capabilities across WAF
  • BOT protection
  • Integration with Microsoft Threat Intelligence and security analytics
  • Private link support

Conclusion

One of the primary benefits of using Azure Front Door is taking advantage of Microsoft’s dedicated private global network—from the Edge point of presence (PoP) to the application. The traffic goes over this network providing much higher network reliability. Even if an application is not hosted on Azure, it is still routed to the nearest point. This results in a dedicated network for end-users boosting network reliability and performance.

Course Schedule

Name Date Details
Azure Training 23 Nov 2024(Sat-Sun) Weekend Batch View Details
30 Nov 2024(Sat-Sun) Weekend Batch
07 Dec 2024(Sat-Sun) Weekend Batch

About the Author

Senior Cloud Computing Associate

Rupinder is a distinguished Cloud Computing & DevOps associate with architect-level AWS, Azure, and GCP certifications. He has extensive experience in Cloud Architecture, Deployment and optimization, Cloud Security, and more. He advocates for knowledge sharing and in his free time trains and mentors working professionals who are interested in the Cloud & DevOps domain.