top of page
Search

Application Gateway (AGW)

Updated: Dec 27, 2024

Application Gateway (AGW) is a web traffic manager for your web applications (one or multiple)

  • With AGW, on top of load balancing your workloads, you can make routing decisions based on URI path or host headers.

  • It can be used to terminate TLS/SSL. TLS/SSL termination can be useful to allow unencrypted traffic between AGW and backend servers, saving some of the processing load needed to encrypt and decrypt said traffic. Application Gateway also supports end-to-end TLS/SSL encryption.

  • It includes a web application firewall called Web application firewall (WAF) that protects your workload from common exploits like SQL injection attacks or cross-site scripting attacks, to name a few.

  • It provides an application delivery controller (ADC) as a service, offering various Layer 7 load-balancing capabilities. It can be used to optimize web farm productivity by offloading CPU-intensive SSL termination to the gateway.


How is Azure Application Gateway used?

It primarily provides a complete, cloud-based, secure, and scalable load-balancing solution for web applications and services. Some ways to use it include;





  • Deliver and manage load-balancing solutions for websites, web applications or internet-based services.

  • Provide load balancing for internal web-enabled/powered services

  • Deliver cookie-based session affinity service

  • Enable SSL offloading service that takes the encryption/decryption burden out of the primary web server.


Application gateway end-to-end communication

Application gateway end-to-end communication

Application Gateway Features

Application Gateway includes the following features.


Secure Sockets Layer (SSL/TLS) termination

SSL/TLS termination is a security feature that encrypts data transmitted between the internet and your web application. Azure Application Gateway handles this encryption, protecting sensitive information during transit. This offloads the SSL/TLS workload from your web servers, improving their performance and scalability.


Autoscaling

Autoscaling automatically adjusts the number of web server instances based on incoming traffic. This ensures optimal performance and resource utilization. When traffic increases, the gateway can automatically add more instances to handle the load. Conversely, when traffic decreases, it can reduce the number of instances to save costs.


Zone Redundancy

Zone redundancy provides high availability by distributing your application across multiple Azure availability zones. If one zone fails, your application continues to operate in another zone, minimizing downtime. This is crucial for important applications that need continuous service.


Static VIP

A static VIP (Virtual IP) is a single, unchanging public IP address assigned to your application. This simplifies DNS configuration and user experience. Users can access your application using a consistent and predictable address, regardless of backend server changes.


Web Application Firewall (WAF)

A web application firewall (WAF) safeguards your web application against typical web attacks like SQL injection, cross-site scripting (XSS), and DDoS attacks.. Azure Application Gateway offers a built-in WAF with customizable rules to safeguard your application and data.


Ingress Controller for AKS

The Ingress Controller for AKS integrates Azure Application Gateway with Azure Kubernetes Service (AKS), simplifying traffic management for containerized applications. It provides a consistent way to expose your services to external users and load balance traffic across multiple pods.


URL-based routing

URL-based routing allows you to direct traffic to different backend pools based on the incoming URL path. This enables you to host multiple websites or web applications on a single Application Gateway instance.


Multiple-site hosting

With multiple-site hosting, you can host multiple websites or web applications under a single Application Gateway. This simplifies management and reduces costs.


Redirection

Redirection permits users to be directed to various URLs according to particular conditions. For example, you can redirect HTTP traffic to HTTPS or send users to a specific landing page.


Session affinity

Session affinity maintains user sessions on the same web server, ensuring a consistent experience. This is important for applications that rely on session state, such as shopping carts or user profiles.


Websocket and HTTP/2 traffic

Azure Application Gateway supports WebSocket and HTTP/2 protocols, enabling modern web applications to deliver real-time content and improve performance.


Connection draining

Connection draining gracefully removes traffic from unhealthy servers, preventing service interruptions. This allows the server to finish processing existing requests before they are removed from the load-balancing pool.


Custom error pages

Custom error pages provide informative and user-friendly messages when errors occur. You can customize the content and appearance of these pages to match your website's branding.


Rewrite HTTP headers and URL

You can modify HTTP headers and URLs using rewrite rules. This can be used for various purposes, such as optimizing content delivery, security, or SEO.


Sizing

Sizing your Application Gateway involves selecting the appropriate SKU based on your expected traffic, throughput, and connection requirements. Azure offers different SKUs with varying levels of performance and capacity to meet diverse application needs.


Application Gateway Configuration

For Application Gateway, there are two SKUs that are available – v1 SKUs and v2 SKUs. Each of these SKUs has two tiers – Standard and Web Application Firewall (WAF). So, Azure offers four different tiers for application gateway.

  • Standard

  • Standard v2

  • WAF

  • WAF v2


Feature comparison between v1 SKU and v2 SKU

Feature comparison between v1 SKU and v2 SKU



Comments

bottom of page