Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

🏠 Back to Blog

Azure Front Door

  • Azure Front Door is a global, scalable entry-point that uses the Microsoft global edge network to create fast, secure, and widely scalable web applications.
  • Azure Front Door provides a range of features, including global load balancing, WAF capabilities, and statis and dynamic content caching (CDN) capabilities.
  • By default, Azure Front Door will route requests to the endpoint with the lowest latency using one of it’s 150 global points of presence.

Overview

  • Global Load Balancing: Azure Front Door provides global load balancing to ensure that users are directed to the closest and healthiest endpoint.
  • Web Application Firewall (WAF): Azure Front Door includes a Web Application Firewall (WAF) that provides protection against common web vulnerabilities and attacks.
  • SSL Offloading: Azure Front Door can terminate SSL connections, offloading the SSL decryption/encryption process from your web servers.
  • Session Affinity: Azure Front Door supports session affinity, ensuring that client requests are directed to the same backend server for the duration of a session.
  • URL-Based Routing: You can configure Azure Front Door to route traffic based on URL paths, enabling you to direct requests to different backend pools based on the URL.
  • Custom Domains: Azure Front Door supports custom domains, allowing you to use your own domain name for the service.
  • Scalability: Azure Front Door is designed to scale automatically based on demand, ensuring that your application can handle increased traffic.
  • Monitoring and Analytics: Azure Front Door provides detailed monitoring and analytics to help you track the performance and health of your web applications.
  • High Availability: Azure Front Door is built on a highly available and resilient infrastructure, ensuring that your applications remain accessible even in the event of failures.
  • Integration with Azure Services: Azure Front Door can be integrated with other Azure services, such as Azure CDN and Azure Application Gateway, to provide additional functionality and capabilities.

CDN

  • Azure Front Door can serve as a content delivery network (CDN) by caching content at edge locations to reduce latency and improve performance.

Components

  • An instance of the Front Door service is referred to as the Front Door Profile. We can create up to 500 Standard or Premium Front Door Profiles per subscription.
  • To perform it’s functions, Azure Front Door relies on 3 components:
    • Endpoints: Receives incoming traffic
      • 10 endpoints can be created for a Standard Tier Front Door Profile.
      • 25 Endpoints can be created for a Premium Tier Profile.
      • When you create an endpoint, a default domain name is created for you. You can choose to create a custom domain as well. Standard Tier supports up to 100 custom domains, while Premium Tier supports up to 500 custom domains.
        • When adding a custom domain, HTTPS is enforced and we need to specify the SSL/TLS certificate to use. Two options are available for this:
          • Azure Managed Certificate: Azure Front Door will automatically create and manage the certificate for you. Not available for Wildcard domains. Only available for apex domains and subdomains.
          • Bring Your Own Certificate (BYOC): You can upload your own certificate.
          • Renewal for apex domain certificates requires domain revalidation.
    • Origin Groups: Like a backend pool, where requests are distributed to.
      • Front Door supports both Azure and non-Azure endpoints.
    • Routes: Map Endpoints to Origin Groups
      • We can add up to 100 routes for a Standard Tier Front Door Profile and 200 routes for a Premium Tier Profile.

Rule Sets

  • To perform more granular processing or customizations beyond the capabilities of routes in Front Door, we can use rule sets. Rule sets are a set of rules that can be applied to incoming traffic to Front Door. The allow for granular customization of how requests are handled at the Front Door edge and can even override the origin group for a given request. In a Standard tier resource, we can have a max of 100 rule sets, while in a premium tier resource we can have up to 200 rule sets.
  • Rule sets consists of if/then/else rules.

Service Tiers (SKU)

  • Azure Front Door is offered in 3 tiers:

    • Classic: The original service tier for front door. Uses the Microsoft.Network provider and does not support many features. Microsoft no longer recommends using this tier. Microsoft offers a zero-downtime migration path to the Standard and Premium tiers.
    • Standard: Uses the Microsoft.Cdn provider.
    • Premium: Uses the Microsoft.Cdn provider.