The Azure Application Gateway is a web traffic load balancer that operates at the application layer (Layer 7). Microsoft Azure utilizes Application Gateway to deliver high-level routing services (HTTP, HTTPS, and HTTP/2 traffic). The versatility provided by this tool is extensive, featuring SSL termination, cookie-based session affinity, URL rule-based routes, and many more.

Table of Contents

Overview of Azure Application Gateway

Below are some critical features of Azure Application Gateway:

  1. Web Application Firewall – Provides top-notch protection for your web applications against common web-induced threats like SQL injection and cross-site scripting.
  2. URL path-based routing – Allows you to direct your traffic based on the incoming URL path.
  3. HTTP/2 – This functionality allows the gateway to use the upgraded HTTP/2 protocol for communication.
  4. Websockets and GRPC – Real-time two-way communication between user devices.
  5. Multi-site hosting – You can assign multiple websites to a single application gateway.

Configuring Azure Application Gateway

Let’s go through the process of configuring an Azure Application Gateway. Before we start, ensure that you have an active subscription to Azure and access to the Azure portal. If not, you can create a free account on Azure.

Since the Application Gateway v2 SKU does not have internal load balancing/IP functionality, we will make use of the Standard SKU for this guide.

Step 1: Creating a Virtual Network

  1. Open the Azure Portal and sign in.
  2. Click on “Create a resource”.
  3. Search for “Virtual network”.
  4. Click on “Create”.
  5. Fill in the necessary details for the network. Keep in mind that the virtual network architecture is important as it will be used by your application gateway later.
  6. Once you’re ready, click “Review + create”.

Step 2: Creating the Application Gateway

  1. Navigate back to the Dashboard.
  2. Click on “Create a resource”.
  3. Search for “Application gateway”.
  4. Click on “Create”.
  5. Fill in the necessary details to set up the gateway. Make sure to select the virtual network you’ve created in the previous step.
  6. Once you’re ready, click “Review + create”.

The Azure Application Gateway works by directing user traffic to a specific address within your network based on the user’s HTTP request and predefined routing rules in the gateway. Therefore, you will need to configure the gateway’s settings for listeners, backend targets, and rules.

Step 3: Configure Listeners, Backend Targets, and Rules

  1. On the Application Gateway section in Azure portal, click on the name of the gateway you’ve just created.
  2. Under the Settings section, click on “Listeners.”
  3. Click “Add” and fill in the parameters, then save.
  4. Go back to the settings and select “Backend targets.”
  5. Click “Add” and fill in the parameters for your backend, then save.
  6. Go back to the settings, click “Rules” then “Basic.”
  7. Click “Add” and fill in the parameters, then save.

This concludes a basic configuration overview of the Azure Application Gateway. Note that there are many more features and settings you can tweak and optimize based on your individual needs, like adding SSL certificates, configuring advanced routing rules, and more.

Azure Application Gateway is essential for maintaining smooth, secure, and controlled web traffic to your applications and sites. As it is part of the Azure ecosystem, it pairs well with Azure’s scalability and robustness. Understanding its configuration is a vital part of mastering the AZ-104 Microsoft Azure Administrator exam.

Remember, practice is key when learning any new technology. So feel free to explore and experiment with configuring Azure Application Gateway to prepare for the AZ-104 Microsoft Azure Administrator exam.

Practice Test

Azure Application Gateway cannot be used to route traffic based on URL patterns. True/False?

  • True
  • False

Answer: False

Explanation: Azure Application Gateway allows you to route traffic based on URL patterns with its URL Path-Based Routing feature.

Azure Application Gateway supports ___________ to protect web applications from common web-based attacks.

  • A. Azure Firewall
  • B. Azure Sentinel
  • C. Web Application Firewall
  • D. Azure DDoS Protection

Answer: C. Web Application Firewall

Explanation: Azure Application Gateway has a built-in Web Application Firewall (WAF) that provides centralized protection of your web applications from common exploits and vulnerabilities.

Azure Application Gateway does not support multi-site hosting. True/False?

  • True
  • False

Answer: False

Explanation: Azure Application Gateway supports multi-site hosting, which means you can configure it to route traffic to multiple web applications.

Azure Application Gateway can integrate with Azure Key Vault to store certificates. True/False?

  • True
  • False

Answer: True

Explanation: Azure Application Gateway can integrate with Azure Key Vault for secure storage and management of SSL/TLS certificates.

Azure Application Gateway can load balance traffic within a region only. True/False?

  • True
  • False

Answer: False

Explanation: Azure Application Gateway supports global load balancing as well as regional load balancing through integration with Azure Traffic Manager.

Azure Application Gateway features ________, which allows web applications to make outbound connections to a public IP address.

  • A. Azure VPN Gateway
  • B. Managed NAT Gateway
  • C. ExpressRoute
  • D. None of the above

Answer: B. Managed NAT Gateway

Explanation: Managed NAT (Network Address Translation) gateway is a feature that allows web applications to make outbound connections to a public IP address.

Azure Application Gateway only supports HTTP traffic. True/False?

  • True
  • False

Answer: False

Explanation: In addition to HTTP, Azure Application Gateway also supports other protocols like HTTPS and WebSocket.

Azure Application Gateway cannot terminate SSL connections. True/False?

  • True
  • False

Answer: False

Explanation: Azure Application Gateway supports SSL termination, which allows the gateway to decrypt incoming traffic, relieving web servers of the computation intensive task.

The autoscaling feature in Azure Application Gateway allows it to scale dynamically based on the load. True/False?

  • True
  • False

Answer: True

Explanation: Azure Application Gateway supports autoscaling, which allows the gateway to scale based on load, ensuring applications can handle varying traffic levels efficiently.

Azure Application Gateway can be integrated with __________ for troubleshooting and monitoring network traffic.

  • A. Azure Monitor
  • B. Azure Logic Apps
  • C. Azure Functions
  • D. Azure Active Directory

Answer: A. Azure Monitor

Explanation: Azure Application Gateway can be integrated with Azure Monitor and Azure Log Analytics for a comprehensive monitoring platform that provides a view of network traffic.

Azure Application Gateway is a regional service and cannot span multiple regions. True/False?

  • True
  • False

Answer: True

Explanation: Azure Application Gateway is scoped to a region, although it can integrate with Azure Traffic Manager to achieve global load balancing.

Azure Application Gateway uses a probe to perform health checks on backend instances. True/False?

  • True
  • False

Answer: True

Explanation: Azure Application Gateway uses health probes to periodically check the health of backend instances, deciding where to route traffic based on these checks.

Azure Application Gateway does not support the integration with Application Insights. True/False?

  • True
  • False

Answer: False

Explanation: Azure Application Gateway supports integration with Application Insights for monitoring and analyzing application performance and usage patterns.

Azure Application Gateway cannot be configured to redirect HTTP traffic to HTTPS. True/False?

  • True
  • False

Answer: False

Explanation: Azure Application Gateway can be configured to automatically redirect HTTP traffic to HTTPS for improved security.

Azure Application Gateway does not support sticky sessions for user sessions that need to be routed to the same server. True/False?

  • True
  • False

Answer: False

Explanation: Azure Application Gateway supports session affinity-based routing, also known as sticky sessions, which can help when user sessions need to be maintained on the same server.

Interview Questions

What is Azure Application Gateway?

Azure Application Gateway is a web traffic load balancer that allows you to manage traffic to your web applications. It enables you to route traffic based on source IP address and port to a destination IP address and port.

What does the Azure Application Gateway offer?

Azure Application Gateway offers various features such as SSL termination, cookie-based session affinity, URL path-based routing, and Web Application Firewall (WAF).

Can you configure multiple sites with the Azure Application Gateway?

Yes, Azure Application Gateway allows you to configure multiple sites using the multi-site feature.

How is an Azure Application Gateway instance charged?

The Azure Application Gateway is charged per hour of operations, which includes both the gateway and the optional Web Application Firewall.

What is required to set up an Azure Application Gateway?

To set up an Azure Application Gateway, you need a virtual network, a subnet onto which the gateway is deployed, and at least one backend server or pool to receive the network traffic.

What does Web Application Firewall (WAF) in Azure Application Gateway provide?

WAF in Azure Application Gateway provides centralized protection of your web applications from common exploits and vulnerabilities. It’s based on rules from the OWASP core rule sets.

Is it possible to resize an Azure Application Gateway?

Yes, it’s possible to resize an Azure Application Gateway. You can choose a different size in the Gateway IP configurations settings.

What is the purpose of the Backend pool in Azure Application Gateway?

The backend pool in Azure Application Gateway is used to route requests to the backend servers that serve the request. Backend pools can be composed of NICs, virtual machine scale sets, public IPs, internal IPs, fully qualified domain names (FQDN), and multi-tenant back-ends like Azure App Service.

What is the role of listeners in Azure Application Gateway?

A listener in Azure Application Gateway waits for incoming connections to the IP address and port that are defined in a frontend port. When a client sends a request, the listener processes it and passes it to a rule for further processing.

Can we autoscale the Azure Application Gateway?

Yes, Azure Application Gateway has an autoscaling feature which allows the gateway to scale up or down based on the actual traffic patterns and ensure application availability.

How does cookie-based session affinity work in Azure Application Gateway?

In Azure Application Gateway, when cookie-based session affinity is enabled, it uses Gateway-managed cookies to affinitize client sessions to the backend servers for the duration of the session.

Does Azure Application Gateway support Http/2?

Yes, Azure Application Gateway supports Http/2 but it only supports Http/2 with backend servers when using the Standard_v2 and WAF_v2 SKUs.

Is IPv6 supported in Azure Application Gateway?

No, currently Azure Application Gateway only supports IPv4 addresses.

Can Azure Application Gateway be integrated with Azure Kubernetes Service (AKS)?

Yes, Azure Application Gateway can be integrated with Azure Kubernetes Service (AKS) to allow the ingress controller to use the Azure Application Gateway to expose HTTP and HTTPS routes to applications running in the AKS cluster.

What are Health Probes in Azure Application Gateway?

Health Probes in Azure Application Gateway are used to detect the health of the backend servers. If a backend server becomes unhealthy, the request is automatically routed to another healthy server. The health of the backend server is checked before forwarding the request.

Leave a Reply

Your email address will not be published. Required fields are marked *