And again, the question: What is the Azure Application Gateway? Azure Application Gateway is an application delivery controller (ADC) as a service, providing various load balancing functions at layer 7 (OSI Reference Model's application layer). It is highly available, scalable, and fully managed by the Azure platform.
The Azure Application Gateway currently provides the following features:
- HTTP Load Balancer: This is a load balancing method based on round robin for HTTP or HTTPS data traffic
What is round robin? Round robin refers to a scheduling process and allows several competing processes to access the required limited resources one by one for a short period of time. Round robin in the load balancing area exists in two forms:
- Load balancing for DNS: The module makes a request to a name server that provides a list of available IP addresses of the resource. The incoming traffic is then distributed evenly.
- Load balancing for routing: The module ensures that routes with the same node metric and the same target network are loaded in sequence during the package delivery.
- Cookie-based session affinity: This ensures that the one user session always remains on the same backend. By using gateway-managed cookies, the Application Gateway can route further traffic from a user session to the same backend for processing.
- Advanced SSL:
- SSL offload: With this function, the SSL connection on the Application Gateway is terminated and the traffic is forwarded unencrypted to the server. This results in a discharge of the server. The response of the server is then encrypted again by the Application Gateway before returning it to the client.
- End-to-end SSL: With this function, the SSL connection on the Application Gateway is terminated. Then the defined routing rules are applied to the data traffic, the packet is encrypted again, and finally the packet is forwarded to the corresponding backend based on the routing rules. Replies from the server go through the same process back to the end user.
- Azure web application firewall (WAF): The WAF (based on the Apache ModSecurity module) is an integral part of the Azure Application Gateway and protects your web apps from the most common exploits and security risks. These security problems include, for example, SQL injection, Cross-Site Scripting, and session hijacking.
The Azure WAF is based on the Open Web Application Security Project (OWASP) core rule set. You can find more information here: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project.
- Routing from application requests to an HTTP listener
- Support for WebSockets
- Support for application pools
If you want to integrate an Azure Application Gateway into your VNet, you need a separate subnet for the deployment.