Tutorial / Cram Notes
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. As an integral component for deploying web applications, Application Gateway offers various layer 7 load balancing capabilities for Azure. When preparing for the AZ-104 Microsoft Azure Administrator exam, understanding how to configure Azure Application Gateway is key. The configurations cover creating the Application Gateway, configuring routing rules, backend pools, health probes, and listeners.
Creating the Application Gateway
Initialize the Basic Settings:
- Subscription: Choose the Azure subscription in which you want to create the Application Gateway.
- Resource Group: Select an existing resource group or create a new one.
- Name: Provide a unique name for the Application Gateway.
- Region: Choose the region where your Application Gateway will be located.
Specify the Virtual Network:
The Application Gateway must be part of a virtual network. You can either select an existing VNet or create a new one. Generally, a dedicated subnet is created just for the Application Gateway.
Choose a Tier and Size:
- Tier: Choose between Standard, Standard_v2, or WAF (Web Application Firewall) depending on your requirements.
- Instance Count: Configure the number of instances based on your workload’s demands.
Set Up the IP Address:
You can assign either a public or a private IP address. Public IPs are used when the application needs to be accessible from the internet, while private IPs are used for internal-only access.
Configuring Backend Pools
Backend pools are the groups of servers that will serve the traffic for the Application Gateway.
Define Backend Pool:
Create a backend pool by assigning it a name and adding backend targets, which can be virtual machines, IP addresses, or fully qualified domain names (FQDNs).
Assign Targets:
Targets can be added to the backend pool that the Application Gateway will route traffic to. These are often your web servers or applications.
Setting Up Listeners
Listeners are essential to determine how the Application Gateway should respond to incoming traffic.
Configure Basic Listener Properties:
- Frontend IP Configuration: Choose the public or private IP created earlier.
- Port: Commonly HTTP (80) or HTTPS (443) is used.
- Protocol: Select the protocol (HTTP or HTTPS). If HTTPS is selected, you must also provide an SSL certificate.
Advanced Listener Configuration:
For multi-site hosting, SNI (Server Name Indication) enables the Application Gateway to host multiple secure websites with a single listener.
Routing Rules Configuration
Routing rules determine the path of the traffic from the listener to the backend pool.
Create a Rule:
Assign a name for the rule and select the listener that it applies to.
Backend Target:
Choose the backend pool that the rule should route the traffic to.
Backend HTTP Settings:
Configure how the Application Gateway communicates with the backend servers. It includes settings like HTTP or HTTPS protocol, cookie-based affinity, and connection draining.
Configuring Health Probes
Health probes are used to monitor the health of the backend servers.
Probe Settings:
- Configure the probe settings by specifying the probe protocol (HTTP or HTTPS), host name, path, and interval at which the probe will ping the backend servers to check their health.
Assign Probes to HTTP Settings:
Once created, assign these probes to the corresponding HTTP settings that are used by the routing rules.
Final Validation and Deployment
After configuring the Application Gateway, validate the settings and perform any necessary configurations and scaling considerations. Then, you can proceed to create the Application Gateway.
Azure Application Gateway also includes an array of advanced features, such as URL-based routing, redirection, session affinity, WebSocket support, and more. These features offer granular control over web application traffic and enhance the user experience.
Monitoring and Management
Post-deployment, monitoring is crucial for maintaining the Application Gateway. Azure provides metrics and logs that should be observed to ensure the Application Gateway operates as intended. In the case of outages or performance issues, the metrics can help identify and resolve problems quickly.
Scaling and Performance
When configuring the Application Gateway, consider the expected load and performance requirements. Azure Application Gateway offers auto-scaling in the Standard_v2 and WAF_v2 tiers, allowing it to scale automatically based on the current traffic load.
In summary, configuring Azure Application Gateway involves setting up frontend IP configurations, backend pools, HTTP settings, listeners, routing rules, and health probes. The system should be constantly monitored and managed to ensure optimal performance and availability. Understanding these steps and effectively implementing them is essential for the AZ-104 Microsoft Azure Administrator exam.
Practice Test with Explanation
Answers to multiple choice questions:
False: Azure Application Gateway supports URL-based content routing.
B: Load balancing HTTP and HTTPS traffic.
C: SSL termination.
A: True. To enable the WAF feature, you must use the v2 SKU.
E: Both B and D – Auto-scaling is available in Standard_v2 and WAF_v2 SKUs.
D: NAT gateway is not a component of Azure Application Gateway.
A: True. Azure Application Gateway can be integrated with Azure Traffic Manager for geographic routing.
A: Blob storage is required to store access logs.
B: False. Azure Application Gateway can route traffic based on other attributes like URI path and host headers, not just the originating IP.
C: Backend HTTP settings should be set up to determine the response wait time before considering a backend failure.
Explanation: Azure PowerShell and Azure CLI can be used to configure and manage Azure Application Gateway, providing a command-line approach to administration.
Interview Questions
What is Azure Application Gateway?
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications.
What are the key features of Azure Application Gateway?
The key features of Azure Application Gateway include SSL termination, URL-based routing, multi-site routing, session affinity, Web Application Firewall (WAF), and autoscaling.
What is SSL termination in Azure Application Gateway?
SSL termination is the process of decrypting HTTPS traffic at the Application Gateway and forwarding it to the backend pool over HTTP. It helps offload the compute-intensive task of SSL decryption from the backend servers.
What is URL-based routing in Azure Application Gateway?
URL-based routing enables you to route traffic based on the URL path of the incoming request. You can create routing rules that match specific URL paths and forward traffic to different backend pools.
What is multi-site routing in Azure Application Gateway?
Multi-site routing enables you to host multiple websites on a single Application Gateway. You can define multiple listeners and routing rules that match different hostnames and route traffic to different backend pools.
What is session affinity in Azure Application Gateway?
Session affinity (also known as sticky sessions) ensures that a user’s requests are always routed to the same backend server in a backend pool. This can improve application performance and user experience.
What is a Web Application Firewall (WAF) in Azure Application Gateway?
A Web Application Firewall (WAF) is a feature of Azure Application Gateway that helps protect your web applications from common web vulnerabilities and attacks.
What is autoscaling in Azure Application Gateway?
Autoscaling is a feature of Azure Application Gateway that automatically scales the gateway instances up or down based on the incoming traffic.
What are the prerequisites for deploying Azure Application Gateway?
The prerequisites for deploying Azure Application Gateway include a virtual network, subnet, public IP address, and backend servers.
Can Azure Application Gateway be deployed across multiple regions?
No, Azure Application Gateway can only be deployed within a single region.
Can Azure Application Gateway be used for TCP traffic?
Yes, Azure Application Gateway can be used for both HTTP and HTTPS traffic as well as for TCP traffic.
Can Azure Application Gateway be used with Azure Kubernetes Service (AKS)?
Yes, Azure Application Gateway can be used with AKS to expose your Kubernetes services to the internet or to other virtual networks.
How can I monitor Azure Application Gateway?
You can monitor Azure Application Gateway using Azure Monitor, which provides a range of metrics and logs to help you understand the performance and health of the gateway.
What is the pricing model for Azure Application Gateway?
The pricing model for Azure Application Gateway is based on the number of gateway instances and data processing rates.
What is the maximum number of listeners and rules that can be configured in Azure Application Gateway?
The maximum number of listeners and rules that can be configured in Azure Application Gateway depends on the selected SKU and the number of gateway instances.
Great blog on configuring Azure Application Gateway! Very helpful for my AZ-104 prep.
Thank you! This post really helped me understand the basics of setting up an Application Gateway in Azure.
Could someone explain the differences between WAF_v1 and WAF_v2 for Azure Application Gateway?
I’m having trouble with custom probes in Azure App Gateway. Any advice on setting them up correctly?
This article was so detailed! I really appreciate the step-by-step guidance.
When configuring SSL termination, do I need to install certificates on each backend VM as well?
What are the costs involved with using Azure Application Gateway?
Thanks, this was exactly what I needed to get started with Azure Application Gateway!