About Me

My photo
I am an MCSE in Data Management and Analytics, specializing in MS SQL Server, and an MCP in Azure. With over 19+ years of experience in the IT industry, I bring expertise in data management, Azure Cloud, Data Center Migration, Infrastructure Architecture planning, as well as Virtualization and automation. I have a deep passion for driving innovation through infrastructure automation, particularly using Terraform for efficient provisioning. If you're looking for guidance on automating your infrastructure or have questions about Azure, SQL Server, or cloud migration, feel free to reach out. I often write to capture my own experiences and insights for future reference, but I hope that sharing these experiences through my blog will help others on their journey as well. Thank you for reading!

Different components of application gateway

    Different Components of Application Gateway 



Application gateway and its different capabilities.
Application gateway offers layer 7 load balancing capabilities for HTTP and HTTPs traffic.

 and when you compare the application gateway with the

load balancer, Load balancer offers layer 4 load balancing capabilities.

Whereas application gateway offers layer 7 load balancing capability.

However the load balancer can distribute different type of traffic whereas application gateway can distribute only HTTP and HTTPs traffic.

And one other difference between External load balancer and application gateway is application gateway always resides within the virtual network whereas load balancer you can choose whether it should be inside virtual network or outside virtual network.


And in terms of components of application gateway,
1.FrontEnd IP Configuration --> Application gateway  has a frontend IP configuration.
They are basically IP addresses to which the traffic will come to.
2.Backend pool ---> which basically contains pool of IP addresses where the traffic
will be destined to.
3.listeners--> Listeners are basically listens to the traffic that is coming to a particular port.
In this case either 80 or 443 for HTTPs traffic and rules are something that will map this listeners to the backend pool. So it will basically map the incoming traffic to a particular destination pool
4.Health probe--> which will basically monitor the health of the backend pool machines
5.HTTP settings which will define whether we should use cookie based session affinity or which  port in the backend pool that the traffic needs to be routed to and all those stuff.
6.web application firewall which can be used to protect your web application from some
common web attacks.

So these are the components of application gateway.

Let's go through some of the capabilities of application gateway.
 In terms of capabilities,
Capabilities


  1. HTTPS Load Balancing -- It can load balance HTTP or HTTPs traffic
  2. Web Application Firewall -- web application firewall to protect your web application against common web attacks
  3. Cookie based Session affinity -- you can use cookie based session infinity in order to route all the user session traffic to a particular backend server throughout the user session.
  4. SSL offload-- If you want to offload the SSL traffic at the application gateway level you can configure the application gateway to achieve it.
  5. URL based content routing->If you want to route your traffic based on the URL then you'll be able to do the same using application gateway.
  6. Multi-site routing -> if you want to host multiple sites on a single public IP address you can achieve the same using application gateway. Basically you can configure the application gateway in such a way based on the domain name.It will route the traffic to a particular backend pool.
  7. Health monitoring you can monitor the health of your backend virtual machines by configuring a health probe in application gateway.


So these are the different capabilities of application gateway.

Autoscaling public preview

In addition to the features described in this article, Application Gateway also offers a public preview of a new SKU [Standard_V2], which offers auto scaling and other critical performance enhancements.

Autoscaling - Application Gateway or WAF deployments under the autoscaling SKU can scale up or down based on changing traffic load patterns. Autoscaling also removes the requirement to choose a deployment size or instance count during provisioning.

Zone redundancy - An Application Gateway or WAF deployment can span multiple Availability Zones, removing the need to provision and spin separate Application Gateway instances in each zone with a Traffic Manager.

Static VIP - The application gateway VIP now supports the static VIP type exclusively. This ensures that the VIP associated with application gateway does not change even after a restart.

Faster deployment and update time as compared to the generally available SKU.

5X better SSL offload performance as compared to the generally available SKU.

Demo
1.How to load balance HTTP traffic using Application Gateway.
https://docs.microsoft.com/en-us/azure/application-gateway/quick-create-portal
2.How to configure application gateway to achieve URL based content routing.
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-create-url-route-portal
3.How to configure Application gateway for hosting multi site routing
4. How to Enable web application firewall on a Application Gateway and Simulate an Attack

to check whether your web application firewall is securing your web application against excesses attacks etc..

Scripts to configure Application gateway using Terraform <Coming soon>


Connect on Premise Network to Azure - Site to Site VPN Configuration using PowerShell

Login-AzureRmAccount


#create our base variables for our Resource Group
$rgName="RakAzureDC"
$locName="West Europe"
$saName="rakserverssa" #must be lower case
$vnetName="RakoNetAzure"

New-AzureRmResourceGroup -Name $rgName -Location $locName

 #Test-AzureName -Storage $saName

$saType="Standard_GRS"

New-AzureRmStorageAccount -Name $saName -ResourceGroupName $rgName –Type $saType -Location $locName

#Create Networking Components
#It's important to create one subnet named specifically GatewaySubnet. If you name it something else, our connection configuration will fail.
$Subnet=New-AzureRmVirtualNetworkSubnetConfig -Name Azure-Vnet-01 -AddressPrefix 10.10.10.0/27
$GatewaySubnet = New-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -AddressPrefix 10.10.10.32/29
New-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $rgName -Location $locName -AddressPrefix 10.10.10.0/24 -Subnet $Subnet,$GatewaySubnet -DnsServer 10.10.10.4,192.168.1.10

Get-AzureRmVirtualNetwork  -name $vnetName -ResourceGroupName $rgName | select subnets

$subnetIndex=0
$vnet=Get-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $rgName

$nicName= "Internal"
$staticIP="10.10.10.4"

#add a public IP address via $pip so we can connect to it if we need to
$pip = New-AzureRmPublicIpAddress -Name $nicName -ResourceGroupName $rgName -Location $locName -AllocationMethod Dynamic
$nic = New-AzureRmNetworkInterface -Name $nicName -ResourceGroupName $rgName -Location $locName -SubnetId $vnet.Subnets[$subnetIndex].Id -PublicIpAddressId $pip.Id -PrivateIpAddress $staticIP





# don't know what VM sizes we have, so lets take a look
Get-AzureRmVMSize -Location $locName | Select Name

#name and size our Domain Controller
$vmName="AZURE-DC01"
$vmSize="Standard_A2"
$vm=New-AzureRmVMConfig -VMName $vmName -VMSize $vmSize


$pubName="MicrosoftWindowsServer"
$offerName="WindowsServer"
$skuName="2012-R2-Datacenter"


$cred=Get-Credential -Message "Type the name and password of the local administrator account."
$vm=Set-AzureRmVMOperatingSystem -VM $vm -Windows -ComputerName $vmName -Credential $cred -ProvisionVMAgent -EnableAutoUpdate
$vm=Set-AzureRmVMSourceImage -VM $vm -PublisherName $pubName -Offer $offerName -Skus $skuName -Version "latest"
$vm=Add-AzureRmVMNetworkInterface -VM $vm -Id $nic.Id
$diskName="OSDisk"
$storageAcc=Get-AzureRmStorageAccount -ResourceGroupName $rgName -Name $saName
$osDiskUri=$storageAcc.PrimaryEndpoints.Blob.ToString() + "vhds/" + $diskName + ".vhd"
$vm=Set-AzureRmVMOSDisk -VM $vm -Name $diskName -VhdUri $osDiskUri -CreateOption fromImage
New-AzureRmVM -ResourceGroupName $rgName -Location $locName -VM $vm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#####################
#Provision Network




#add our local Network site
#Name Nickname for our on-premises network
#NewGatewayIPAddress is the IP address of your on-premises VPN
#AddressPrefix is your on-premises address space.


New-AzureRmLocalNetworkGateway -Name RakNetOnPremises -ResourceGroupName $rgName -Location $locName -GatewayIpAddress '122.167.33.81' -AddressPrefix '192.168.1.0/24'


#request a public IP address for the gateway

$gwpip= New-AzureRmPublicIpAddress -Name gwpip -ResourceGroupName $rgName -Location $locName -AllocationMethod Dynamic

#create the gateway IP addressing configuration

$vnet = Get-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $rgName
$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name 'GatewaySubnet' -VirtualNetwork $vnet
$gwipconfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name gwipconfig1 -SubnetId $subnet.Id -PublicIpAddressId $gwpip.Id

#create the gateway - may wait a while

New-AzureRmVirtualNetworkGateway -Name vnetgw1  -ResourceGroupName $rgName -Location $locName -IpConfigurations $gwipconfig -GatewayType Vpn -VpnType RouteBased

#https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-create-site-to-site-rm-powershell/#7-configure-your-vpn-device

#Get the public IP address for the next step of building our connection script for RRAS either via powershell or via the Portal

Get-AzureRmPublicIpAddress -Name gwpip -ResourceGroupName $rgName


#BUILD our RRAS Configuration

$gateway1 = Get-AzureRmVirtualNetworkGateway -Name vnetgw1 -ResourceGroupName $rgName

$local = Get-AzureRmLocalNetworkGateway -Name RakNetOnPremises -ResourceGroupName $rgName

New-AzureRmVirtualNetworkGatewayConnection -Name RakoToAzureVPN -ResourceGroupName $rgName -Location $locName -VirtualNetworkGateway1 $gateway1 -LocalNetworkGateway2 $local -ConnectionType IPsec -RoutingWeight 10 -SharedKey 'abc123'

Now you need to configure RRAS Server

After configuration of RRAS Server, try to connect.