AZ-700 Microsoft Azure Networking Solutions- Azure Front Door

  1. Create a Front Door DEMO

Now we’re going to talk about the Azure front door service. The front door service, unlike application gateway and load balancer, is a global resource. It’s one of the few global resources in Azure. So you can assign your domain name could be Microsoft. com or getcloudskills. com to the front door endpoint and then that endpoint is basically distributing the traffic across multiple regions. Region one, region two, region three, you don’t have to have identical services in all regions because you can create the rules that says for this we get only sent to region one and two for this only gets sent to region three. For something else it gets sent to all three regions. So you’re basically establishing again rules based on path to different locations. And again, so this is a global service.

So you’re going to end up only having one no matter how many regions your application is loaded into. Now we’re going to switch into the portal and going to say create a resource and we are going to search for front door and front door is right there. Now you’ll notice when I did a search that I’m going to go back to this, sorry, that there is another front door that is called it’s in preview. The standard premium front door is in premium. Premium features are not usually on Microsoft tests. So we are just going to focus on what we call, let’s call it the classic front door. For now, even though it’s not classic service, we’re in the front door service. Now it’s fairly easy to set up until we get into configuration.

Now, even though it’s a global service, it still requires a resource group because all resources require a resource group and it’s going to inherit the location from the resource group. Now it’s not asking me for the location for the front door. It’s asking me for the resource group and just telling me what its thing is. So again, this is a global service. If we go on to the configuration side, we’re going to see very similar to our application gateway, our three boxes, the front end, the back end, and what rules, for whatever reason, they’re in a different order for what rules are going to be done for that load balancing setup. So I’m going to create a new one. Now you’ll notice that it has a fully qualified domain Azurefd net.

So if you want to set up this for your own custom domain, your getcloudskills. com for instance, you’re going to be using the registry and a CNAME in order to do a redirect. We have the question around affinity, which we have had the last couple of times and it is optional, just like application gateway to have a web application firewall. Same concept, it’s just the front door service also supports WAF. I’m going to turn that off for now and say add. So we’ve got a domain that’s going to serve as our front end. Now the next question is going to be where do we send the traffic to? Now I’m going to actually send the traffic to the west application gateway. I’ll just give it a name, add a back end.

Now when I bring this drop down, we can see all of the things that it supports. You can send it to Azure App Services, you can send it to an Azure Storage account. So this will be good for static websites, application gateway, API management, an IP address hosted in Azure Traffic Manager, or some other custom IP address that may be hosted outside AWS or on premises. I choose application gateway and you can see I’ve only got the one. So it’s been able to identify which application gateway I’m talking about. It knows the IP address, the port, and you can set up things like priority and wait. If you’re going to have multiple back ends and you want to have an uneven distribution of traffic status enabled, it’s going to check the route for health. I’m going to leave it at Http because I don’t think I have an Https set up for that.

And every 30 seconds it’s just going to do a head request to see it doesn’t pull down the full HTML, it just gets the headers and it’s going to try four times. It needs two to be successful. Let’s just say add. So now we have the front end, we have the back end, and how are we going to send traffic. And as we are forced to do, we only have one front end and one back end, so all traffic is going to be sent. Now, I don’t have Https set up, I don’t think, so I’m going to say Http only that from that front end I could do pattern based matching for path based matching. Now in this case it’s not required. And you can either do a forward, so the traffic is sent on to the server and then the client is always going through the front door service, or it can do a redirect, and so a redirect is basically changing the URL.

So they came in from Azure SJD test FD, and then they’re going to end up on the application gateway IP address. I won’t do that. I’ll just leave the domain as is. Http only forwarding we can enable or disable URL rewrite. And remember, we did this manually within the application gateway. We could do this automatically. And Azure front door has a caching service similar to the CDN, where it will actually store basically static content and it would not send it to the back end every time. And this can be saving your back end from a lot of traffic, like any CDN. So this is an interesting thing. We can have compression, so HTML is not always the most efficient format.

And so there are standards within the web community for basically Gzip and things like that, just compress requests so we can enable that, and we can just allow the default cache. So now we have front end, back end rules, and we’ve implemented caching and we’ve implemented compression. I won’t add any tags. I can say review and create. And when I click the create button, we’re going to have a front door service in front of our application gateway. And when we go to the URL in our browser, we’re going to get basically the response back from our VM with this as the URL, because we don’t have it rewriting the URL or forwarding. We have it forwarding, not redirecting. So I’ll click create. This is going to take a few minutes. So we’ll let it run.

  1. Test the Front Door

Alright, so let’s go to resource and yeah, we have our front door running enabled. I’m going to assume that we can go to the URL in a browser and we will be redirected to the correct spot. So let’s try that. So I added the nonsecure port 80 version of the URL in my browser and I’m taken to that familiar screen, which is the demo here. Let’s see what happens when we go to the server, which again is behind an application gateway, which is behind Azure front door. And let’s try stopping this machine. Now the trick here is the public IP would be lost, but that’s okay, because right now we’re doing everything private anyways. So we’ll stop the machine. So the machine is stopped and what would we expect to happen to our website? I’m going to hit just the browser reload button and wait, it’s still showing me this website.

And so what is happening? Well, remember, we set this up for Caching. So once we’ve requested the page, once Azure front door service has now got all of the information it needs to respond to the request. There’s nothing dynamic in here. And so the server, which is not even running anymore, is still able to respond to traffic because of the front door service. Now certainly this wouldn’t be true if your website has any type of dynamic elements. And then of course, Caching does introduce some trickiness because if you’re having things that do get updated, then you have to know how to clear the cache or wait for the cache to expire, et cetera. But as of right now, the clients are insulated from the website being down because of Caching.

And we can see this because I’m going to slam this with a bunch of requests. So ten or more requests. And we can see that there are in terms of the graphics here, requests are more than one. But if we looked at the back end request, then we still only have one request. So it does say three, but it probably includes the web page and the image and the icon or the request for the icon. So three is the total for a single page and there’s been no further requests. So we can see for sure that Caching is working. But what if we want to see it broken, right? Or we want to update the site? Well, we go into the front door designer and there’s this purge link cache. Purge allows you to invalidate everything. So we could have put a URL in there or we can say purge all, and we’re going to purge all the contents of the cache for a front door.

All right, so the content has been purged. Now what do we expect to happen when we refresh this? Now, caching should be clear on the front door. Now certainly if we go to the application gateway, we can see the request coming through and then we can see the healthy host count go from one down to zero. So certainly the application gateway knows that there’s an unhealthy host. So certainly the health probe is doing its job. So once purged, the application gateway is throwing an error because there’s zero healthy servers. And so this is an application gateway error that’s being passed through the front door service. So we can see that the front door is certainly doing its job. Up with the Caching redirecting traffic. All is working according to our expectation.

img