Microsoft Ignite–Building Enterprise Grade Applications With Azure Networking’s Delivery Suite

Speakers: Daniel Grickholm & Amit Srivastava

I arrived late to this session after talking to some product group people in the expo hall.

Application Gateway Demo

We see the number of instances dynamically increase and cool down – I think there was an app on Kubernetes in the background.

Application Gateway

Application gateway ingress controller for AKS v2.

  • Attach WAG to AKS clusters.
  • Load balance from the Internet to pods
  • Supports features of K8s ingress resource – TLS, multisite and path-based

Demo: we see a K8s containers app published via the WAG. The backend pool is shown – IPs of containers. Deleting the app in K8s removes the backend pool registration from the WAG (this fails in the demo).

Web Application Firewall

WIN_20180927_13_08_49_Pro

WIN_20180927_13_10_55_Pro

Demo – WAF

App behind a firewall with no exclusion parameters. Backend pool is a simple PHP application. Second firewall is using the same backend VM as a backend pool – a scan exclusion is set up to ignore any field which matches a “comments” string. The second one allows a comment post, the other one does not.

WIN_20180927_13_18_03_Pro

WIN_20180927_13_19_03_Pro

WIN_20180927_13_19_41_Pro

WIN_20180927_13_20_03_Pro

Get performance closer to the customer. Runs in edge sites, not the azure data centers.

WIN_20180927_13_21_53_Pro

WIN_20180927_13_21_53_Pro

Once you hit an edge site via front door, you are on the Azure WAN.

WIN_20180927_13_25_42_Pro

ADN = application delivery network

WIN_20180927_13_25_42_Pro

Big focus on SLA HA and performance. Built for Office.

WIN_20180927_13_25_42_Pro

5 years old and mature.

Can work in conjunction with WAG, even if there is some overlap, e.g. SSL termination.

WIN_20180927_13_25_42_Pro

What will be in the next demo:

WIN_20180927_13_25_42_Pro

Has an app for USA in Central US. Another for UK deployed in UK South. Shows the front door creation – Name/resource group, Configuration screen during creation is a bit different for Azure. Create a global CName and session affinity in fron end hosts. Create backends – app service, gateways, etc. You can set up host headers for custom domains, priority, port translation, priority for failover, weight for load balancing. You can add health probes to the backend pools, to a URL path, HTTP/S, and set the interval. Finally you create a routing rule; this maps frontend hosts to backend pools. You can set if it should be HTTP and/or HTTPS.

Skips to one he created earlier. When he browses the two apps that are in it, he is sent to the closest instance – in central US. You can set up  rules to block certain countries.

You can implement rate limiting and policies for fairness.

You can implement URL rewrites to map to a different path on the web servers.

This is like traffic manager + WAG combined at the edges of the Azure WAN.

WIN_20180927_13_43_14_Pro

WIN_20180927_13_43_50_Pro

Front Door load balances between regions. WAG load balances inside the region – that’s why they work together.

WIN_20180927_13_43_50_Pro

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.