A scalable and secure entry point for the fast delivery of global web applications
Article Summary (TL;DR)
In brief, the Azure Front Door service is a “booster” for a web application (a.k.a. website) performance over the global network (a.k.a. internet). It provides closer connections to the overseas end users via the vast Microsoft global network system. The front door also provides SSL and DDoS security implementation and customisable firewall rules, which provide secure connections out of the box.
The service is implemented via the Azure portal and it can also be scaled up and down to fit a company’s overall utilisation. The Azure front door service provides many useful web application perks, although it only seems applicable for highly used global applications.
At the highest level Azure Front Door is a web application acceleration platform; its main purposes are to provide reliability, high availability and scalable attributes - all while enabling a performance boost for your application's load time.
A backstory for the Front Door
Although the Azure Front Door service has only recently been made available to the commercial public, it has been around as an internal process for Microsoft for over 5 years. It started with Bing, firstly on the user side, and then later added to the enterprise application side too. Because of its success in generating a performance boost and providing more reliability to its end users - Microsoft slowly incorporated more and more of their workloads into the Front Door process; leading up to today where they have: Microsoft Office, Xbox Live, MSN, Skype, Cortana, Window's, OneDrive and Microsoft Teams all running on the Front Door service. Today, any customer can take advantage of this service.
What's the process?
Generally, when users connect to certain websites and applications from around the globe, they will need to make those connections to the regional deployment of the applications backend. Therefore, if said users are located within a very far away country in contrast to where the server is hosting the application, then they will need to make these connections over a long internet network process. This can not only induce slow load times, but also other network errors due to this process being unreliable. “A CDN or ADN (Content delivery network/Application delivery network) can provide services for distribution, routing and logistics in order to enable a more stable delivery by modifying local and global connections into separate processes. The Front Door POPs are the points of presence for these CDNs and they aid in providing an end-user connection that is much closer to the user, and consecutively maintain long-haul connections to the applications back end” (Azure, 2018). Therefore, these CDN’s can provide a much closer “SSL handshake” for the end user, whilst correspondingly connecting to the backend – where because of the warm connections that are consistently being re-used, there is a prevalent performance boost. You as a user, can define, monitor and manage these global routing processes more specifically to optimise for the best performance and even for global failover for high availability.
(Announcing public preview of Azure Front Door Services, 2018)
Why is it important?
“Azure Front Door uses a TCP-based anycast protocol process as well as Microsoft’s global network, this further ensures higher availability and reliability - all while maintaining the performance boost” (Microsoft, 2018).
The Microsoft WAN is a vastly comprehensive network of fiber cable across 54 regions. The service is capable of massive SSL offloads for applications and as mentioned earlier is being used for some of Microsoft’s biggest and most used services in today's world (e.g. - Xbox Live, as of 2018 - reaps about 59m daily users).
Azure front door also takes care of security as well. For example, the front door provides SSL, WAF and DDoS protection for your web application, with the option to customise your own rules for the firewall. This makes these global connections much more secure. The service also provides global HTTP/HTTPS load balancing, which is where the enhanced reliability of this service really shows. This means that if your application is hosted in more than one region and an instance (server) of your application goes down somewhere, due to a multitude of different reasons (even planned maintenance), the front door process will redirect users to the nearest instance that is still up and running.
Other Front Door benefits include:
- Multiple site/Backend pool hosting on the same Front Door configuration.
- Session affinity for cookies and use of user data.
- Protocol support - IPv6 and HTTP/2 traffic
Front Door also natively supports end-to-end IPv6 connectivity and HTTP/2 protocols.
(Azure Front Door Service , 2018)
How does it compare to Azures already existing Traffic Manager?
Below is a table that outlines the main differences between the Azure Traffic Manager and the newer Azure Front Door service.
(Load-balancing with Azure's application delivery suite, 2018)
Azure Front Door is a consumption-based service, meaning that you pay for what you use. When the service first came about – many of the services were free, however Microsoft later added incurred charges for going above certain thresholds on the different attributes of the service. You can view the current pricing here.
The consumption-based pricing that is used for the Azure Front Door is the same type of pricing that is used a lot throughout all the different services that the Azure portal can provide. Outbound data transfers refer to the data that is transmitted from the POPs to the users that are requesting it whereas Inbound data transfers are vice versa – i.e. data coming from the user. Routing rules refer to the customisable routes the Front Door allows for configuration – each route is a distinct combination of http(s) protocol, front-end hosts/domains and path patterns.
In conclusion, Azure Front Door is a service that has been utilised by Microsoft internally for years. However, more recently the service has become commercially available, alongside the many different services that are implemented on Azure. There are many benefits to applying the Front Door process to a web application, if it is a globally requested website. For example, the service reduces the unreliable nature of the standard network process due to the several deployments it does to the Microsoft global POPs and this same process also boosts overall performance at the same time (due to the warm re-usage of these connections). As well as this, it provides SSL, DDoS security and customisable WAF rules too, these security attributes aid in granting a secure protocol for your users and safety from external threats. The service even allows for multiple different sites to be hosted on one Front door configuration, meaning you don’t have to pay for separate instances. Overall, the Azure Front door enables web developers to provide faster, highly available, more reliable and secure global applications to their end users.
Announcing public preview of Azure Front Door Services. (2018, September 24). Retrieved from Microsoft Azure: https://azure.microsoft.com/en-us/blog/announcing-public-preview-of-azure-front-door-service/
Azure front door pricing. (2019, March 21). Retrieved from Microsoft Azure: https://azure.microsoft.com/en-us/pricing/details/frontdoor/
Azure, M. (2018). Azure Front Door. Retrieved from Azure Microsoft: https://azure.microsoft.com/en-us/services/frontdoor/
Developer, M. (2018, September 24). Azure Front Door Service . Retrieved from Youtube: https://www.youtube.com/watch?v=3Di9H1V0zuc
Finn, A. (2018, October 8). What is Azure Front Door. Retrieved from Petri: https://www.petri.com/what-is-azure-front-door
Load-balancing with Azure's application delivery suite. (2018, September 10). Retrieved from Microsoft Azure: https://docs.microsoft.com/en-us/azure/frontdoor/front-door-lb-with-azure-app-delivery-suite