An Introduction to Azure Front Door
Azure Front Door is a Platform as a Service (PaaS) provided by Microsoft, which helps to make your app services globally available, highly responsive, and secure with just a few mouse clicks. The technology was developed by Microsoft years ago, and famous SaaS applications like Office 365 already benefit from it.
To give a better impression of Front Door, let's take an example:
You are planning to offer a website that provides users with the latest shopping opportunities. The application is globally available and used 24/7 by thousands of users at the same time. To provide an optimal experience when visiting your website, you need to make sure that the app services are highly available and respond to the user's requests in "no time".
But, to avoid spending too much money, you don't want to provide your app services in every single Azure region. And, you don't want to pay and administrate a lot of different additional services.
In regards to the requirements mentioned above, we must consider the following aspects:
Global Distribution with area-specific routing
Every user shall get to the app service instances of its region to minimize latency and increase responsiveness.
Using Custom Domains
Users shall get to the services via custom URLs.
Communication via HTTPS
The communication between website and app services shall be secure.
The app services shall be protected against DDoS and other malicious attacks.
The providing of static content shall be accelerated.
Good news! Azure Front Door can do all of this for you!
It provides security with the integrated Web Application Firewall (WAF), distributes load via a Load Balancer, utilizes Routing Filters to route traffic based on paths, and takes care of your custom domain https communication.
With the Front Door designer's help, it is easy to create the frontend/domains, the backend pools with your app service instances, and routing rules.
There are two possibilities in the frontends/domains section: use the predefined one "front door name.azurefd.net" or a custom domain. In both cases, Front Door can manage an SSL certificate, or you can choose a custom certificate.
Additionally, a Web Application Firewall is available, which brings a lot of detection or prevention against malicious attacks.
In case the app services rely on sessions, there is an option to enable session affinity, which means that based on cookie data, the client will always communicate with the same backend service.
The backend pool section allows the user to define numerous backends from different types, e.g., App Service, Storage, API Management, and Public IP Address.
Furthermore, in Front Door, the load balancing is configurable, and it sends health probes to the backends and considers the results for the load balancing.
The routing rules section allows defining routing rules for HTTP and HTTPS traffic based on URL patterns. The traffic can then be forwarded or redirected to one of the backend pools. Here, the forwarding protocol can be HTTPS only, HTTP only, or matching to the request.
Besides, caching, as well as URL rewriting, can be activated.
A Front Door service can provide different purposes at the same time. Since various frontends/domains, routing rules, and backend pools are configurable simultaneously, it can, e.g., forward traffic to app services and storage concurrently.
The only limitation worth mentioning is that Front Door is exclusively handling OSI Layer 7 traffic, which means HTTP and HTTPS.
It is swift since it routes traffic via the Microsoft Network internally, which gives a boost in comparison to "standard" traffic managers.
Since nothing is for free, the costs for Azure Front Door rely on the following parameters:
- Outbound Data Transfer - traffic in GB
- Inbound Data Transfer - traffic in GB
- Routing Rules - based on the number of rules
- Web Application Firewall (WAF) - based on the number of policies
- Custom Rules - based on the number of rules and processed requests
- Managed Rulesets - based on the number of rulesets and processed requests
If you need global, real-time performance and availability, and out-of-box security for your web-based applications, Azure Front Door can help you with just a few clicks.
Azure Front Door offers a combination of PaaS services, but you only need to configure it centrally.
Furthermore, due to the boost mechanisms by routing traffic via Microsoft Network, it routes requests to the closest instances of your app services, which means there is no need to provide instances in each region worldwide.
Following a list of valuable links about Azure Front Door:
Azure Front Door - Overview Page (by Microsoft)
Azure Front Door documentation (by Microsoft)