3.13 Introduction to Application Gateways

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

18 hours 43 minutes
Video Transcription
Welcome back. Here we are in our next episode with an introduction to application gateways.
Our objectives include to finding what an application Gateway is looking at some of its features and some of the skews that we have available.
So first, what is an azure application Gateway
and as your application, Gateway is a lot like the load balancers we just learned about, but they do so much more. They're designed for managing traffic to your Web applications, but with a lot more options.
The load balancers we just learned about operate on layer four or the transport layer of the O. S. I model and route traffic using things like source I p import
application gateways. Kick this up a notch by making routing traffic decisions based on the http request being made like the your AI path or host headers.
This is known as layer seven or application layer routing
application Gateways can also perform SSL or teal This termination.
This means an incoming connection is terminated at the gateway and the secure connection decrypted. This unencrypted traffic is then passed to the back and servers where the Web servers no longer have to deal with the overhead of encryption and decryption of the traffic,
even though the traffic from the application gateway to the back end servers is on your internal virtual network. Sometimes this isn't doable for compliance reasons, so you may have to leave that traffic encrypted anyway. And the AP Gateway supports end to end encryption as well.
So let's talk about some of the additional features are application Gateway gives us.
First is the Web application firewall or waf, which I think is a big distinction from using an app gateway, as opposed to using a bricklayer load balancer.
The Web application firewall provides protection of Web applications based on rules from the open Web applications Security project or a WASP.
This is a set of rules that protect against comment, exploits and vulnerabilities and order to make your Web app more secure.
These include protecting from sequel injection attacks or cross site scripting.
Next is the ability to have a static VIP or virtual I P address.
In version two of the standard and WF versions of the gateway, you consign a static virtual i P address to the gateway, and that remains there for the lifetime of the gateway. If you don't assign a static VIP. The VIP can change when you start or stop the application Gateway.
Next is you r l based rounding. This allows for routing traffic to specific backend server pools based on the euro Earl of the http request.
For example, we could route a Z Tech 300 dotcom four slash picks to a server pool responsible for serving up pictures. And then we could route a Z Tech 300 dot com forward slash docks to a server pull responsible for serving up documents.
AP gateways also support multi site hosting, which means you can configure and handle request for multiple websites on the same app. Gateway,
a regular at Gateway, can handle up to 100 websites or a Web application. Firewall can handle up to 40 websites,
much like our euro based routing. Incoming requests for different domain names can be routed to different server pools.
Another feature we have is apt. Gateways also support redirection. Common scenario for this would be routing an http request over to H T T. P s to ensure the connection is encrypted insecure, like our load balancer, we can also configure session affinity by making sure we keep a user session on the same server.
This is done through Gateway managed session cookies.
Theat Gateway can also perform connection draining. As we saw in our last demo, we had to wait until our Web oh to server failed health checks before the traffic was moved. Webo three. With connection draining, we can have graceful removal of a back end server in the pool to ensure connections are no longer being sent to it.
Once it is drained and no longer receiving connections, we could perform maintenance on that server, then place it back in the back and server pool.
Finally, we have auto scaling app. Gateways using the standard V two or waf ee to skew can scale up or down automatically based on changes in your incoming traffic load.
With auto scaling, we don't have to choose a deployment size or instant count. When we provisioned the APP gateway,
we'll learn a little bit more about the different skews available for AP gateways in an upcoming slide.
Like our load balancer, we can also use health probes to determine the health of our back end servers.
Application gateways monitor the health of its back end servers and will add remove servers automatically. It uses the same port that is defined for the AP inside the APP gateway setting.
This ensures that is testing the same port that customers will be accessing on the backend server.
The default health probe is used when no custom health probe is configured.
The default probe will make a request to the Web app on the back end. Servers healthy. Http Response code between 203 99.
The default probe checks for health every 30 seconds.
you can't create a custom health probe, and that will give you more options, such as configuring the probe, Interval the Earl and Path to test and how many failed responses air needed before marking a back end server. Unhealthy.
Now I've mentioned the application gateway size and skews that we have available, so let's take a look at those first. There is a version one where you can define the app gateway as small, medium or large. You can also provisions a standard gateway or one including the Web application firewall we spoke about earlier.
The table on the right shows the average performance throughput for each size when SSL offloading is enabled.
The small instant size is meant for testing and development scenarios.
Perversion to. We already discussed that we can implement auto scaling, where the app gateway can dynamically scale in and out based on performance.
Version two can also be configured with a set number of instances if auto scaling is not desired.
And this also comes in the standard or Web application firewall varieties
that does it for some of the concepts with our application. Gateway. Let's follow this up with a quick quiz question. What is your EL based routing?
Euro based routing is the ability to route traffic based on the euro two specific back in servers. And this is available inside of our application Gateway and is not available in the load balancers we learned about in the previous episodes.
Coming up next, I think it's gonna be good that we jump out and take a look at an application gateway demo so we can submit some of these concepts we just learned about
See you in the next episode
Up Next