Azure Traffic Manager – Network Connectivity and Security-2

Azure Application Gateway offers the following features and capabilities:

• Web application firewall: One of the features of Application Gateway is its Web Application Firewall (WAF). It offers centralized protection of up to 40 web apps from common vulnerabilities and exploits. It is based on rules from the Open Web Application Security Project (OWASP) 3.1, 3.0, or 2.2.9. Common exploits include Cross-Site Scripting Attacks (XSS) and SQL injection attacks. With WAF, you can centralize the prevention of such types of attacks, which makes security management a lot easier and gives a better assurance to the administrators than if this is handled in the application code. Also, by patching a known vulnerability at a central location instead of in every application separately, administrators can react a lot faster to security threats.
• URL path-based routing: This allows you to route traffic, based on URL paths, to different backend server pools.
• Autoscaling: Azure Application Gateway Standard v2 offers autoscaling, whereby the number of application gateway or WAF deployments can scale based on incoming traffic. It also provides zone redundancy, whereby the deployment can span multiple availability zones.
• Static VIP ensures that the Virtual IP address (VIP) associated with the application gateway does not change after a restart. Additionally, it offers faster deployment and update times and five times better Secure Sockets Layer (SSL) offload performance than the other pricing tier.
• SSL termination: Azure Application Gateway offers SSL termination at the gateway. After the gate, the traffic will be transported unencrypted to the backend servers. This will eliminate the need for costly encryption and decryption overheads. End-to-end SSL encryption is also supported for cases that need encrypted communication, such as when an application can only accept a secure connection or for other security requirements.
• Connection draining: This feature will remove backend pool members during planned service updates. You can enable this setting at the backend HTTP setting and during rule creation. This setting can be applied to all the members of the backend pool. When this feature is enabled, Azure Application Gateway makes sure that all the deregistering instances in the pool do not receive any new requests.
• Custom error pages: You can create custom error pages using your custom layout and branding instead of the displayed default error pages.
• Multiple-site hosting: With multiple-site hosting, more than one web app can be configured on the same application gateway. You can add up to 100 web apps to the application gateway, and each web app can be redirected to its pool of backend servers.
• Redirection: Azure Application Gateway offers the ability to redirect traffic on the gateway itself. It provides a generic redirection mechanism that can be used for global redirection, whereby traffic is redirected from and to any port you define by using rules. An example of this could be an HTTP to HTTPS redirection. It also offers path-based redirection, where the HTTP to HTTPS is only redirected to a specific site area and provides redirection to external sites.
• Session affinity: This feature is useful when you want to maintain a user session on the same server. The gateway can direct traffic from the same user session to the same server for processing by using gateway-managed cookies. This is used in cases where session states are stored locally on the server for the user session.
• WebSocket and HTTP/2 traffic: Azure Application Gateway natively supports the WebSocket and HTTP/2 protocols. These protocols enable full-duplex communication between the client and the server over a long-running TCP connection, without the need for polling. These protocols can use the same TCP connection for multiple requests and responses, which results in more efficient utilization of resources. These protocols work over the traditional HTTP ports 80 and 443.
• Rewrite HTTP headers: Azure Application Gateway can also rewrite the HTTP headers for incoming and outgoing traffic. This way, you can add, update, and remove HTTP headers while the request/response packets are moved between the client and the backend pools.

Azure Application Gateway comes in the following tiers:

• Standard: By selecting this tier, you will use Azure Application Gateway as a load balancer for your web apps.
• Standard v2: In addition to the previous Standard tier, this tier offers autoscaling, zone redundancy, and support for static VIPs.
• WAF: By selecting this tier, you are going to create a web application firewall.
• WAF v2: In addition to the previous WAF tier, this tier offers autoscaling, zone redundancy, and support for static VIPs.

Azure Application Gateway comes in three different sizes. The following table shows the average performance throughput for each application gateway: