In a recent blog post, Microsoft introduced the general availability (GA) of Azure Front Door (AFD), a scalable and secure entry point for web applications. The underlying technology in Azure Front Door has been in place inside of Microsoft for the past five years where it has enabled scaling and protection for many popular Microsoft services, including Office 365, Bing, Xbox, LinkedIn and Microsoft Teams. Microsoft provided a public preview of the technology back in September 2018, and is now available to all customers.
For organizations that have web applications with global reach, the performance of these applications can be impacted by the proximity of the consumer. In order to provide a better, and more consistent experience, organizations may leverage Content Delivery Networks (CDNs) which have several distribution points and deliver content to consumers faster due to proximity and optimized connections.
Azure Front Door takes advantage of the anycast protocol, which goes beyond providing traditional CDN capabilities by also providing advanced security capabilities, including preventing Distributed Denial of Service (DDoS) attacks.
Image source: (screenshot) https://www.youtube.com/watch?v=3Di9H1V0zuc
One of the primary benefits of using Azure Front Door is taking advantage of Microsoft’s global network. Sharad Agrawal, a senior program manager at Microsoft, explains:
We use our global network, it’s a dedicated private network of Microsoft, from the edge PoP (Point of presence), to your application. This traffic goes over Microsoft’s global network so there is much higher network reliability. Even if your application is not hosted on Azure, we still route it to the nearest point where the application is and then exit from that application, so you get a dedicated network for your end users and so it just boosts your network performance and reliability.
The core capabilities of Azure Front Door include:
- Application and API acceleration through the use of anycast which will optimize the connectivity to Azure application services and reduce the latency for end users.
- Global HTTP load balancing allows developers to build out geo-distributed services and lets Azure determine endpoint availability and intelligent routing to local, and available, endpoints.
- SSL offload relieves endpoints of performing expensive decryption computation and moves the function higher-up in the stack.
- WAF @ Edge web application filtering provides protection against DDoS attacks or malicious users at the edge without impacting backend services.
Image source: (screenshot) https://www.youtube.com/watch?v=3Di9H1V0zuc
Microsoft has customers leveraging Azure Front Door. Agrawal describes a common use case:
Customers come to AFD today focused on their core business needs to improve performance, scale their application, enable instant failover, or enable complex application architectures like IaaS and PaaS, on-prem + cloud, or multi-cloud hybrid experiences. AFD can be quickly and easily integrated into your application’s existing or new architecture and starts working out of the box. Adding AFD in front of your application or API also enables your customers to gain the benefit of our constant improvements and optimizations at the edge such as TCP Fast Open, WAN optimizations and improvements to SSL such as SSL session resumption. This means your users get optimized connectivity experiences day 1 with Front Door.
Creating an Azure Front Door involves creating a frontend host that is a global endpoint for your application. Next, a backend pool is required where you configure your backend services such as an App Service Web Application. Lastly, routing rules need to be established that will route traffic from your frontend host configuration to your backend pool. In addition to traffic routing, load balancing functions will send periodic heartbeats to the backend pool to detect whether endpoints are online. In the event an endpoint is no longer available, traffic will be routed to an alternative endpoint.
Image source: (screenshot) https://www.youtube.com/watch?v=3Di9H1V0zuc
In an Azure Friday demo, Agrawal demonstrated the response times of retrieving a 100kb file. In the following image, the left window represents this file being retrieved through Azure Front Door, the right window represents the file being retrieved directly from the web application. When using Azure Front Door, the average response time, over 50 actions, was .46478 vs .74118 a direction connection.
Image source: (screenshot) https://www.youtube.com/watch?v=3Di9H1V0zuc
For additional information on Azure Front Door, please refer to the product documentation.