3.2 Azure Application Gateway
📘Microsoft Azure Networking Solutions (AZ-700)
Overview
Before identifying use cases, you must understand what Azure Application Gateway is.
- Azure Application Gateway is a Layer 7 (Application Layer) load balancer.
- It helps distribute incoming web traffic based on HTTP/HTTPS requests, not just IPs or ports.
- It can also secure, route, and optimize web applications.
Think of it as a smart traffic manager specifically for web applications in Azure.
Key Features Relevant for Use Cases
Knowing these features helps determine when to use it:
- URL-based routing
- Can direct requests to different backend servers based on the URL path.
- Example:
/imagesgoes to one server,/videosgoes to another.
- Multi-site hosting
- Host multiple websites on a single Application Gateway using different domains.
- Example:
www.contoso.comandblog.contoso.comon same gateway.
- SSL Termination
- Decrypts HTTPS traffic at the gateway instead of at the web server.
- Reduces load on backend servers.
- Web Application Firewall (WAF)
- Protects web apps from common threats like SQL injection and cross-site scripting.
- Can enable OWASP rules to block attacks.
- Session Affinity
- Keeps a user session on the same backend server.
- Useful for apps that store session state locally.
- Autoscaling
- Automatically scales capacity based on traffic load.
- Ensures performance during high traffic periods.
- Redirection & Rewriting
- Can rewrite URLs or redirect traffic, e.g., force HTTPS or redirect old URLs.
Exam-Focused Use Cases
Azure Application Gateway is used in situations where web application traffic management, security, and optimization are needed.
Here’s a breakdown of appropriate use cases:
1. Load Balancing HTTP/HTTPS Traffic
- Scenario: You have multiple web servers hosting the same application.
- Reason to use Application Gateway: It can distribute user traffic intelligently at Layer 7, based on URL paths or host headers.
- Example:
/apitraffic goes to API servers,/frontendtraffic goes to web servers.
2. Hosting Multiple Websites
- Scenario: Your organization hosts multiple websites or apps in the same Azure environment.
- Reason: Application Gateway allows multi-site hosting on a single gateway, reducing costs.
- Example:
shop.contoso.comandsupport.contoso.comon the same gateway.
3. Securing Web Applications
- Scenario: You need to protect your web apps from attacks like SQL injection, XSS, or DDoS.
- Reason: Enable the Web Application Firewall (WAF) feature.
- Example: A public-facing customer portal that must follow security compliance.
4. SSL Offloading
- Scenario: Your backend servers are under heavy load from decrypting HTTPS traffic.
- Reason: Application Gateway can handle SSL/TLS termination at the gateway, reducing backend load.
- Example: A web API that receives thousands of HTTPS requests per second.
5. Session Affinity for Stateful Applications
- Scenario: Your application needs to keep a user connected to the same server for the session.
- Reason: Application Gateway can use cookie-based session affinity.
- Example: Online shopping carts where a user’s cart is stored on a specific server.
6. URL-based Routing & Redirection
- Scenario: You want specific paths of a website to go to different servers.
- Reason: Application Gateway allows path-based routing and URL rewriting.
- Example:
/imagesserved from an image server,/videosserved from a video server.
7. Auto-scaling for Traffic Spikes
- Scenario: Your application experiences variable traffic (e.g., during product launches).
- Reason: Application Gateway can scale automatically to handle spikes.
- Example: Promotional campaigns with sudden high traffic on an e-commerce site.
When NOT to Use Application Gateway
Understanding limitations is also exam-relevant:
- Non-HTTP/S Traffic: If your traffic is TCP/UDP (like SSH, FTP), use Azure Load Balancer instead.
- Simple Load Balancing: If you just need basic round-robin load balancing without Layer 7 features, a standard Load Balancer is enough.
- Internal-only Apps without Web Requirements: For non-web apps, Application Gateway is overkill.
Exam Tip
For the AZ-700 exam:
- Remember: Application Gateway = Web App traffic + Security + Routing.
- Focus on Layer 7 routing, WAF, SSL offloading, session affinity, and multi-site hosting.
- Compare with Azure Load Balancer for TCP/UDP scenarios to know when not to use it.
Summary Table for Quick Revision
| Feature / Scenario | Use Case Example |
|---|---|
| Layer 7 Load Balancing | Distribute web traffic intelligently based on URL |
| Multi-site Hosting | Host multiple websites on one gateway |
| Web Application Firewall (WAF) | Protect against SQL injection, XSS, and other attacks |
| SSL Termination | Reduce backend server load by handling HTTPS at gateway |
| Session Affinity | Keep users on same server for shopping carts or sessions |
| URL-based Routing | Direct /images to image server, /videos to video server |
| Auto-scaling | Handle traffic spikes automatically |
| Redirection & Rewriting | Force HTTPS or redirect old URLs |
This covers everything you need to know for the exam about identifying appropriate use cases for Azure Application Gateway.
