SlideShare a Scribd company logo

Deploy secure, scalable, and highly available web apps with Azure Front Door Service

Download as PPTX, PDF
Stamo Petkov
Stamo Petkov

The document summarizes a presentation about the Azure Front Door Service. The presentation discusses how the Front Door Service provides global load balancing and traffic management for web applications deployed to Azure. It enables deploying applications behind the Front Door to gain benefits like SSL offloading, caching, and failover across data centers. The presentation also covers how the Front Door Service integrates with features like the Azure Web Application Firewall for added security and protection against attacks. It concludes with a demo of the Front Door Service in action.

1 of 23
Downloaded 36 times
April 27 GLOBAL AZURE BOOTCAMP IS POWERED BY: Deploy secure, scalable, and highly available web apps with Azure Front Door Service
Thanks to our Sponsors: Global Sponsor: Platinum Sponsors: Gold Sponsors: Silver Sponsors:
Speaker Bio • Stamo Petkov • Information services Plc. • Head of Microsoft Technologies department • Contact o s.g.petkov@is-bg.net o stamo.petkov@gmail.com o https://github.com/stamo o http://bg.linkedin.com/in/stamopetkov o https://www.facebook.com/stamo.petkov o @stamo_petkov
Agenda • Azure Front Door Service o Anycast o Split TCP o Health probes o Caching o Architecture • Azure Front Door application protection o Azure web application firewall (WAF) • Demo • Summary • Q&A
Azure Front Door Service Application Delivery Network
Azure Front Door Service Office 365 Azure Skype Bing Azure DevOps MSN OneDrive Xbox Cortana Windows Teams Build on the “battle-tested” platform used to power reliable and fast global services at Microsoft Front Door enables Bing to operate at scale with competitive performance while also scaling agile development across many independent microservices. “Azure DevOps has onboarded all of its microservices to the Azure Front Door Service over the past year. It provides us with significant benefits in terms of both performance and reliability.”
Selecting the Front Door environment for traffic routing (Anycast) • Routing to the Azure Front Door environments leverages Anycast for both DNS (Domain Name System) and HTTP (Hypertext Transfer Protocol) traffic, so user traffic will go to the closest environment in terms of network topology (fewest hops) • Front Door organizes its environments into primary and fallback "rings“ • The outer ring has environments that are closer to users • The inner ring has environments that can handle the failover for the outer ring environment in case an issue happens • The outer ring is the preferred target for all traffic, but the inner ring is necessary to handle traffic overflow from the outer ring
Global application delivery with Azure Front Door Service
Connecting to Front Door environment (Split TCP) • Split TCP is a technique to reduce latencies and TCP problems by breaking a connection that would incur a high round-trip time into smaller pieces • One TCP connection with a large round-trip time (RTT) to application backend is split into two TCP connections • The short connection between the end user and the Front Door environment gets established over three short round trips • The long connection between the Front Door environment and the backend can be pre-established and reused across multiple end-user calls • The effect is multiplied when establishing a SSL/TLS (Transport Layer Security) connection as there are more round trips to secure the connection
Connection establishment and response Web Apps Mobile Apps API Apps Logic Apps Functions
Make your apps faster, reduce backend load Web Apps Mobile Apps API Apps Logic Apps Functions
Identifying available backends in the backend pool • In order to determine the health of each backend, each Front Door environment periodically sends a synthetic HTTP/HTTPS request to each of your configured backends • Front Door uses responses from these probes to determine the "best" backends to which it should route real client requests • A 200 OK status code indicates the backend is healthy. Everything else is considered a failure • Azure Front Door Service uses the same three-step process across all algorithms to determine health o Exclude disabled backends o Exclude backends that have health probes errors o Out of the set of healthy backends in the backend pool, Front Door additionally measures and maintains the latency (round-trip time) for each backend • If health probes fail for every backend in a backend pool, then Front Door considers all backends healthy and routes traffic in a round robin distribution across all of them
Caching with Azure Front Door Service • Delivery of large files o Front Door uses a technique called object chunking to deliver large files o Front Door environment requests the file from the backend in chunks of 8 MB o After the chunk arrives at the Front Door environment, it is cached and immediately served to the user. Front Door then pre-fetches the next chunk in parallel o Front Door caches any chunks as they're received and so the entire file doesn't need to be cached on the Front Door cache • File compression o Front Door can dynamically compress content on the edge, resulting in a smaller and faster response to your clients o Supports gzip and Brotli compression. If a request supports gzip and Brotli compression, Brotli compression takes precedence o When a request for an asset specifies compression and the request results in a cache miss, Front Door performs compression of the asset directly on the POP server o The resulting item is returned with a transfer-encoding: chunked
Caching with Azure Front Door Service • Query string behavior o Ignore query strings. This is the default mode o Cache every unique URL • Cache purge o Front Door will cache assets until the asset's time-to-live (TTL) expires o The best practice to make sure your users always obtain the latest copy of your assets is to version your assets for each update and publish them as new URLs o Sometimes you may wish to purge cached content from all edge nodes and force them all to retrieve new updated assets. You can purge all, purge single url or purge wildcard url • Cache expiration o In order to determine how long an item will be stored in our cache Front Door is using o Cache-Control: s-maxage=<seconds> o Cache-Control: maxage=<seconds> o Expires: <http-date>
Enterprise grade architecture in the Front Door Firewall Application LoadBalancer Proxy / Caching DNS Load Management Redundant paths Redundant paths Active steeringActive monitoring and steering Fast fail over Fast fail over Map of the Internet
Azure Front Door application protection Azure web application firewall (WAF)
Azure Front Door application protection • Web applications are increasingly the targets of malicious attacks such as denial of service floods, SQL injection attacks, and cross-site scripting attacks • These malicious attacks may cause service outage and data loss, pose a significant threat to web application owners • Preventing such attacks in application code can be challenging and may require rigorous maintenance, patching and monitoring at multiple layers of the application topology • A centralized web application firewall helps make security management much simpler and gives better assurance to application administrators
Azure web application firewall for Azure Front Door • WAF for Front Door is a global and centralized solution • Provides centralized protection for your web applications that are globally delivered using Azure Front Door • Every incoming request for a WAF enabled web application delivered by Front Door is inspected at the network edge • Prevents malicious attacks close to the attack sources, before they enter virtual network and offers global protection at scale without sacrificing performance
Azure Front Door application protection Network DDoS protection IP blacklists and whitelists Geo filtering Flexible actions Custom http(s) access rules Rate limiting Azure managed ruleset
Demo See Azure Front Door service in action
Azure Front Door Service Summary • SSL offload and application acceleration at the edge close to end users • Global HTTP load balancing with instant failover • Actionable insights about your users and back ends • Web Application Firewall (WAF) and DDoS Protection • Central control plane for traffic orchestration
Questions & Answers
Thanks to our Sponsors: Global Sponsor: Platinum Sponsors: Gold Sponsors: Silver Sponsors:
Ad

Recommended

Microsoft Cloud's Front Door: Building a Global API
Microsoft Cloud's Front Door: Building a Global APIMicrosoft Cloud's Front Door: Building a Global API
Microsoft Cloud's Front Door: Building a Global API
C4Media
 
Azure WAF
Azure WAFAzure WAF
Azure WAF
Cheah Eng Soon
 
Azure Data Explorer deep dive - review 04.2020
Azure Data Explorer deep dive - review 04.2020Azure Data Explorer deep dive - review 04.2020
Azure Data Explorer deep dive - review 04.2020
Riccardo Zamana
 
Introduction to Azure DevOps
Introduction to Azure DevOpsIntroduction to Azure DevOps
Introduction to Azure DevOps
Lorenzo Barbieri
 
Azure App Service Deep Dive
Azure App Service Deep DiveAzure App Service Deep Dive
Azure App Service Deep Dive
Azure Riyadh User Group
 
Azure Web Apps - Introduction
Azure Web Apps - IntroductionAzure Web Apps - Introduction
Azure Web Apps - Introduction
Christopher Gomez
 
Azure Boards.pptx
Azure Boards.pptxAzure Boards.pptx
Azure Boards.pptx
Nitin Sethi
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud Services
David J Rosenthal
 
Preparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessPreparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional Access
Jason Condo
 
Let's Talk About: Azure Monitor
Let's Talk About: Azure MonitorLet's Talk About: Azure Monitor
Let's Talk About: Azure Monitor
Pedro Sousa
 
Azure 101
Azure 101Azure 101
Azure 101
Korry Lavoie
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOps
Juan Fabian
 
APIs in a Microservice Architecture
APIs in a Microservice ArchitectureAPIs in a Microservice Architecture
APIs in a Microservice Architecture
WSO2
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
Anoop Nair
 
Microsoft Azure Tutorial | Microsoft Cloud Computing | Microsoft Azure Traini...
Microsoft Azure Tutorial | Microsoft Cloud Computing | Microsoft Azure Traini...Microsoft Azure Tutorial | Microsoft Cloud Computing | Microsoft Azure Traini...
Microsoft Azure Tutorial | Microsoft Cloud Computing | Microsoft Azure Traini...
Edureka!
 
Introduction to Azure monitor
Introduction to Azure monitorIntroduction to Azure monitor
Introduction to Azure monitor
Praveen Nair
 
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
Edureka!
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Introduction to Distributed Tracing
Introduction to Distributed TracingIntroduction to Distributed Tracing
Introduction to Distributed Tracing
petabridge
 
Microsoft Azure Overview
Microsoft Azure OverviewMicrosoft Azure Overview
Microsoft Azure Overview
David J Rosenthal
 
Api Gateway
Api GatewayApi Gateway
Api Gateway
KhaqanAshraf
 
Cloud strategy briefing 101
Cloud strategy briefing 101 Cloud strategy briefing 101
Cloud strategy briefing 101
Predrag Mitrovic
 
Using Azure DevOps to continuously build, test, and deploy containerized appl...
Using Azure DevOps to continuously build, test, and deploy containerized appl...Using Azure DevOps to continuously build, test, and deploy containerized appl...
Using Azure DevOps to continuously build, test, and deploy containerized appl...
Adrian Todorov
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOps
Surasuk Oakkharaamonphong
 
Azure Migration Program Overview
Azure Migration Program OverviewAzure Migration Program Overview
Azure Migration Program Overview
Nicholas Vossburg
 
Azure dev ops
Azure dev opsAzure dev ops
Azure dev ops
Tomy Rhymond
 
Azure migration
Azure migrationAzure migration
Azure migration
Arnon Rotem-Gal-Oz
 
AWS Interview Questions Part - 1 | AWS Interview Questions And Answers Part -...
AWS Interview Questions Part - 1 | AWS Interview Questions And Answers Part -...AWS Interview Questions Part - 1 | AWS Interview Questions And Answers Part -...
AWS Interview Questions Part - 1 | AWS Interview Questions And Answers Part -...
Simplilearn
 
Azure architecture design patterns - proven solutions to common challenges
Azure architecture design patterns - proven solutions to common challengesAzure architecture design patterns - proven solutions to common challenges
Azure architecture design patterns - proven solutions to common challenges
Ivo Andreev
 
Azure Web App services
Azure Web App servicesAzure Web App services
Azure Web App services
Alexey Bokov
 
Ad

More Related Content

What's hot (20)

Preparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessPreparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional Access
Jason Condo
 
Let's Talk About: Azure Monitor
Let's Talk About: Azure MonitorLet's Talk About: Azure Monitor
Let's Talk About: Azure Monitor
Pedro Sousa
 
Azure 101
Azure 101Azure 101
Azure 101
Korry Lavoie
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOps
Juan Fabian
 
APIs in a Microservice Architecture
APIs in a Microservice ArchitectureAPIs in a Microservice Architecture
APIs in a Microservice Architecture
WSO2
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
Anoop Nair
 
Microsoft Azure Tutorial | Microsoft Cloud Computing | Microsoft Azure Traini...
Microsoft Azure Tutorial | Microsoft Cloud Computing | Microsoft Azure Traini...Microsoft Azure Tutorial | Microsoft Cloud Computing | Microsoft Azure Traini...
Microsoft Azure Tutorial | Microsoft Cloud Computing | Microsoft Azure Traini...
Edureka!
 
Introduction to Azure monitor
Introduction to Azure monitorIntroduction to Azure monitor
Introduction to Azure monitor
Praveen Nair
 
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
Edureka!
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Introduction to Distributed Tracing
Introduction to Distributed TracingIntroduction to Distributed Tracing
Introduction to Distributed Tracing
petabridge
 
Microsoft Azure Overview
Microsoft Azure OverviewMicrosoft Azure Overview
Microsoft Azure Overview
David J Rosenthal
 
Api Gateway
Api GatewayApi Gateway
Api Gateway
KhaqanAshraf
 
Cloud strategy briefing 101
Cloud strategy briefing 101 Cloud strategy briefing 101
Cloud strategy briefing 101
Predrag Mitrovic
 
Using Azure DevOps to continuously build, test, and deploy containerized appl...
Using Azure DevOps to continuously build, test, and deploy containerized appl...Using Azure DevOps to continuously build, test, and deploy containerized appl...
Using Azure DevOps to continuously build, test, and deploy containerized appl...
Adrian Todorov
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOps
Surasuk Oakkharaamonphong
 
Azure Migration Program Overview
Azure Migration Program OverviewAzure Migration Program Overview
Azure Migration Program Overview
Nicholas Vossburg
 
Azure dev ops
Azure dev opsAzure dev ops
Azure dev ops
Tomy Rhymond
 
Azure migration
Azure migrationAzure migration
Azure migration
Arnon Rotem-Gal-Oz
 
AWS Interview Questions Part - 1 | AWS Interview Questions And Answers Part -...
AWS Interview Questions Part - 1 | AWS Interview Questions And Answers Part -...AWS Interview Questions Part - 1 | AWS Interview Questions And Answers Part -...
AWS Interview Questions Part - 1 | AWS Interview Questions And Answers Part -...
Simplilearn
 
Preparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional AccessPreparing your enteprise for Hybrid AD Join and Conditional Access
Preparing your enteprise for Hybrid AD Join and Conditional Access
Jason Condo
 
Let's Talk About: Azure Monitor
Let's Talk About: Azure MonitorLet's Talk About: Azure Monitor
Let's Talk About: Azure Monitor
Pedro Sousa
 
Azure 101
Azure 101Azure 101
Azure 101
Korry Lavoie
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOps
Juan Fabian
 
APIs in a Microservice Architecture
APIs in a Microservice ArchitectureAPIs in a Microservice Architecture
APIs in a Microservice Architecture
WSO2
 
Azure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - AjayAzure AD Presentation - @ BITPro - Ajay
Azure AD Presentation - @ BITPro - Ajay
Anoop Nair
 
Microsoft Azure Tutorial | Microsoft Cloud Computing | Microsoft Azure Traini...
Microsoft Azure Tutorial | Microsoft Cloud Computing | Microsoft Azure Traini...Microsoft Azure Tutorial | Microsoft Cloud Computing | Microsoft Azure Traini...
Microsoft Azure Tutorial | Microsoft Cloud Computing | Microsoft Azure Traini...
Edureka!
 
Introduction to Azure monitor
Introduction to Azure monitorIntroduction to Azure monitor
Introduction to Azure monitor
Praveen Nair
 
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
Azure Training | Microsoft Azure Tutorial | Microsoft Azure Certification | E...
Edureka!
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Introduction to Distributed Tracing
Introduction to Distributed TracingIntroduction to Distributed Tracing
Introduction to Distributed Tracing
petabridge
 
Microsoft Azure Overview
Microsoft Azure OverviewMicrosoft Azure Overview
Microsoft Azure Overview
David J Rosenthal
 
Api Gateway
Api GatewayApi Gateway
Api Gateway
KhaqanAshraf
 
Cloud strategy briefing 101
Cloud strategy briefing 101 Cloud strategy briefing 101
Cloud strategy briefing 101
Predrag Mitrovic
 
Using Azure DevOps to continuously build, test, and deploy containerized appl...
Using Azure DevOps to continuously build, test, and deploy containerized appl...Using Azure DevOps to continuously build, test, and deploy containerized appl...
Using Azure DevOps to continuously build, test, and deploy containerized appl...
Adrian Todorov
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOps
Surasuk Oakkharaamonphong
 
Azure Migration Program Overview
Azure Migration Program OverviewAzure Migration Program Overview
Azure Migration Program Overview
Nicholas Vossburg
 
Azure dev ops
Azure dev opsAzure dev ops
Azure dev ops
Tomy Rhymond
 
Azure migration
Azure migrationAzure migration
Azure migration
Arnon Rotem-Gal-Oz
 
AWS Interview Questions Part - 1 | AWS Interview Questions And Answers Part -...
AWS Interview Questions Part - 1 | AWS Interview Questions And Answers Part -...AWS Interview Questions Part - 1 | AWS Interview Questions And Answers Part -...
AWS Interview Questions Part - 1 | AWS Interview Questions And Answers Part -...
Simplilearn
 

Similar to Deploy secure, scalable, and highly available web apps with Azure Front Door Service (20)

Azure architecture design patterns - proven solutions to common challenges
Azure architecture design patterns - proven solutions to common challengesAzure architecture design patterns - proven solutions to common challenges
Azure architecture design patterns - proven solutions to common challenges
Ivo Andreev
 
Azure Web App services
Azure Web App servicesAzure Web App services
Azure Web App services
Alexey Bokov
 
Asynchronous Frameworks.pptx
Asynchronous Frameworks.pptxAsynchronous Frameworks.pptx
Asynchronous Frameworks.pptx
ganeshkarthy
 
56k.cloud training
56k.cloud training56k.cloud training
56k.cloud training
Brian Christner
 
What’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesWhat’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product Launches
Cloudflare
 
Network
NetworkNetwork
Network
Ynon Perek
 
Can a browser become an IoT Gateway?
Can a browser become an IoT Gateway?Can a browser become an IoT Gateway?
Can a browser become an IoT Gateway?
Sooraj Sanker
 
High Volume Payments using Mule
High Volume Payments using MuleHigh Volume Payments using Mule
High Volume Payments using Mule
Adhish Pendharkar
 
Server side story
Server side storyServer side story
Server side story
Simone Deponti
 
15-factor-apps.pdf
15-factor-apps.pdf15-factor-apps.pdf
15-factor-apps.pdf
Nilesh Gule
 
Realtime traffic analyser
Realtime traffic analyserRealtime traffic analyser
Realtime traffic analyser
Alex Moskvin
 
HPC and cloud distributed computing, as a journey
HPC and cloud distributed computing, as a journeyHPC and cloud distributed computing, as a journey
HPC and cloud distributed computing, as a journey
Peter Clapham
 
07 (IDNOG02) SDN Research activity in Institut Teknologi Bandung by Affan Bas...
07 (IDNOG02) SDN Research activity in Institut Teknologi Bandung by Affan Bas...07 (IDNOG02) SDN Research activity in Institut Teknologi Bandung by Affan Bas...
07 (IDNOG02) SDN Research activity in Institut Teknologi Bandung by Affan Bas...
Indonesia Network Operators Group
 
Web Performance Optimization
Web Performance OptimizationWeb Performance Optimization
Web Performance Optimization
Livares Technologies Pvt Ltd
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation
Cisco DevNet
 
KKBOX WWDC17 Security - Antony
KKBOX WWDC17 Security - AntonyKKBOX WWDC17 Security - Antony
KKBOX WWDC17 Security - Antony
Liyao Chen
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
walk2talk srl
 
Unconference Round Table Notes
Unconference Round Table NotesUnconference Round Table Notes
Unconference Round Table Notes
Timothy Spann
 
Better Deployments with Sub Environments Using Spring Cloud and Netflix Ribbon
Better Deployments with Sub Environments Using Spring Cloud and Netflix RibbonBetter Deployments with Sub Environments Using Spring Cloud and Netflix Ribbon
Better Deployments with Sub Environments Using Spring Cloud and Netflix Ribbon
VMware Tanzu
 
Zero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesZero Downtime JEE Architectures
Zero Downtime JEE Architectures
Alexander Penev
 
Azure architecture design patterns - proven solutions to common challenges
Azure architecture design patterns - proven solutions to common challengesAzure architecture design patterns - proven solutions to common challenges
Azure architecture design patterns - proven solutions to common challenges
Ivo Andreev
 
Azure Web App services
Azure Web App servicesAzure Web App services
Azure Web App services
Alexey Bokov
 
Asynchronous Frameworks.pptx
Asynchronous Frameworks.pptxAsynchronous Frameworks.pptx
Asynchronous Frameworks.pptx
ganeshkarthy
 
56k.cloud training
56k.cloud training56k.cloud training
56k.cloud training
Brian Christner
 
What’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product LaunchesWhat’s New at Cloudflare: New Product Launches
What’s New at Cloudflare: New Product Launches
Cloudflare
 
Network
NetworkNetwork
Network
Ynon Perek
 
Can a browser become an IoT Gateway?
Can a browser become an IoT Gateway?Can a browser become an IoT Gateway?
Can a browser become an IoT Gateway?
Sooraj Sanker
 
High Volume Payments using Mule
High Volume Payments using MuleHigh Volume Payments using Mule
High Volume Payments using Mule
Adhish Pendharkar
 
Server side story
Server side storyServer side story
Server side story
Simone Deponti
 
15-factor-apps.pdf
15-factor-apps.pdf15-factor-apps.pdf
15-factor-apps.pdf
Nilesh Gule
 
Realtime traffic analyser
Realtime traffic analyserRealtime traffic analyser
Realtime traffic analyser
Alex Moskvin
 
HPC and cloud distributed computing, as a journey
HPC and cloud distributed computing, as a journeyHPC and cloud distributed computing, as a journey
HPC and cloud distributed computing, as a journey
Peter Clapham
 
07 (IDNOG02) SDN Research activity in Institut Teknologi Bandung by Affan Bas...
07 (IDNOG02) SDN Research activity in Institut Teknologi Bandung by Affan Bas...07 (IDNOG02) SDN Research activity in Institut Teknologi Bandung by Affan Bas...
07 (IDNOG02) SDN Research activity in Institut Teknologi Bandung by Affan Bas...
Indonesia Network Operators Group
 
Web Performance Optimization
Web Performance OptimizationWeb Performance Optimization
Web Performance Optimization
Livares Technologies Pvt Ltd
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation
Cisco DevNet
 
KKBOX WWDC17 Security - Antony
KKBOX WWDC17 Security - AntonyKKBOX WWDC17 Security - Antony
KKBOX WWDC17 Security - Antony
Liyao Chen
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
walk2talk srl
 
Unconference Round Table Notes
Unconference Round Table NotesUnconference Round Table Notes
Unconference Round Table Notes
Timothy Spann
 
Better Deployments with Sub Environments Using Spring Cloud and Netflix Ribbon
Better Deployments with Sub Environments Using Spring Cloud and Netflix RibbonBetter Deployments with Sub Environments Using Spring Cloud and Netflix Ribbon
Better Deployments with Sub Environments Using Spring Cloud and Netflix Ribbon
VMware Tanzu
 
Zero Downtime JEE Architectures
Zero Downtime JEE ArchitecturesZero Downtime JEE Architectures
Zero Downtime JEE Architectures
Alexander Penev
 
Ad

Recently uploaded (20)

HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Vaibhav Gupta BAML: AI work flows without Hallucinations
Vaibhav Gupta BAML: AI work flows without HallucinationsVaibhav Gupta BAML: AI work flows without Hallucinations
Vaibhav Gupta BAML: AI work flows without Hallucinations
john409870
 
Build 3D Animated Safety Induction - Tech EHS
Build 3D Animated Safety Induction - Tech EHSBuild 3D Animated Safety Induction - Tech EHS
Build 3D Animated Safety Induction - Tech EHS
TECH EHS Solution
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Mastering Advance Window Functions in SQL.pdf
Mastering Advance Window Functions in SQL.pdfMastering Advance Window Functions in SQL.pdf
Mastering Advance Window Functions in SQL.pdf
Spiral Mantra
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
TrsLabs Consultants - DeFi, WEb3, Token Listing
TrsLabs Consultants - DeFi, WEb3, Token ListingTrsLabs Consultants - DeFi, WEb3, Token Listing
TrsLabs Consultants - DeFi, WEb3, Token Listing
Trs Labs
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Vaibhav Gupta BAML: AI work flows without Hallucinations
Vaibhav Gupta BAML: AI work flows without HallucinationsVaibhav Gupta BAML: AI work flows without Hallucinations
Vaibhav Gupta BAML: AI work flows without Hallucinations
john409870
 
Build 3D Animated Safety Induction - Tech EHS
Build 3D Animated Safety Induction - Tech EHSBuild 3D Animated Safety Induction - Tech EHS
Build 3D Animated Safety Induction - Tech EHS
TECH EHS Solution
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Mastering Advance Window Functions in SQL.pdf
Mastering Advance Window Functions in SQL.pdfMastering Advance Window Functions in SQL.pdf
Mastering Advance Window Functions in SQL.pdf
Spiral Mantra
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
TrsLabs Consultants - DeFi, WEb3, Token Listing
TrsLabs Consultants - DeFi, WEb3, Token ListingTrsLabs Consultants - DeFi, WEb3, Token Listing
TrsLabs Consultants - DeFi, WEb3, Token Listing
Trs Labs
 
Ad

Deploy secure, scalable, and highly available web apps with Azure Front Door Service

  • 1. April 27 GLOBAL AZURE BOOTCAMP IS POWERED BY: Deploy secure, scalable, and highly available web apps with Azure Front Door Service
  • 2. Thanks to our Sponsors: Global Sponsor: Platinum Sponsors: Gold Sponsors: Silver Sponsors:
  • 3. Speaker Bio • Stamo Petkov • Information services Plc. • Head of Microsoft Technologies department • Contact o [email protected] o [email protected] o https://github.com/stamo o http://bg.linkedin.com/in/stamopetkov o https://www.facebook.com/stamo.petkov o @stamo_petkov
  • 4. Agenda • Azure Front Door Service o Anycast o Split TCP o Health probes o Caching o Architecture • Azure Front Door application protection o Azure web application firewall (WAF) • Demo • Summary • Q&A
  • 5. Azure Front Door Service Application Delivery Network
  • 6. Azure Front Door Service Office 365 Azure Skype Bing Azure DevOps MSN OneDrive Xbox Cortana Windows Teams Build on the “battle-tested” platform used to power reliable and fast global services at Microsoft Front Door enables Bing to operate at scale with competitive performance while also scaling agile development across many independent microservices. “Azure DevOps has onboarded all of its microservices to the Azure Front Door Service over the past year. It provides us with significant benefits in terms of both performance and reliability.”
  • 7. Selecting the Front Door environment for traffic routing (Anycast) • Routing to the Azure Front Door environments leverages Anycast for both DNS (Domain Name System) and HTTP (Hypertext Transfer Protocol) traffic, so user traffic will go to the closest environment in terms of network topology (fewest hops) • Front Door organizes its environments into primary and fallback "rings“ • The outer ring has environments that are closer to users • The inner ring has environments that can handle the failover for the outer ring environment in case an issue happens • The outer ring is the preferred target for all traffic, but the inner ring is necessary to handle traffic overflow from the outer ring
  • 8. Global application delivery with Azure Front Door Service
  • 9. Connecting to Front Door environment (Split TCP) • Split TCP is a technique to reduce latencies and TCP problems by breaking a connection that would incur a high round-trip time into smaller pieces • One TCP connection with a large round-trip time (RTT) to application backend is split into two TCP connections • The short connection between the end user and the Front Door environment gets established over three short round trips • The long connection between the Front Door environment and the backend can be pre-established and reused across multiple end-user calls • The effect is multiplied when establishing a SSL/TLS (Transport Layer Security) connection as there are more round trips to secure the connection
  • 10. Connection establishment and response Web Apps Mobile Apps API Apps Logic Apps Functions
  • 11. Make your apps faster, reduce backend load Web Apps Mobile Apps API Apps Logic Apps Functions
  • 12. Identifying available backends in the backend pool • In order to determine the health of each backend, each Front Door environment periodically sends a synthetic HTTP/HTTPS request to each of your configured backends • Front Door uses responses from these probes to determine the "best" backends to which it should route real client requests • A 200 OK status code indicates the backend is healthy. Everything else is considered a failure • Azure Front Door Service uses the same three-step process across all algorithms to determine health o Exclude disabled backends o Exclude backends that have health probes errors o Out of the set of healthy backends in the backend pool, Front Door additionally measures and maintains the latency (round-trip time) for each backend • If health probes fail for every backend in a backend pool, then Front Door considers all backends healthy and routes traffic in a round robin distribution across all of them
  • 13. Caching with Azure Front Door Service • Delivery of large files o Front Door uses a technique called object chunking to deliver large files o Front Door environment requests the file from the backend in chunks of 8 MB o After the chunk arrives at the Front Door environment, it is cached and immediately served to the user. Front Door then pre-fetches the next chunk in parallel o Front Door caches any chunks as they're received and so the entire file doesn't need to be cached on the Front Door cache • File compression o Front Door can dynamically compress content on the edge, resulting in a smaller and faster response to your clients o Supports gzip and Brotli compression. If a request supports gzip and Brotli compression, Brotli compression takes precedence o When a request for an asset specifies compression and the request results in a cache miss, Front Door performs compression of the asset directly on the POP server o The resulting item is returned with a transfer-encoding: chunked
  • 14. Caching with Azure Front Door Service • Query string behavior o Ignore query strings. This is the default mode o Cache every unique URL • Cache purge o Front Door will cache assets until the asset's time-to-live (TTL) expires o The best practice to make sure your users always obtain the latest copy of your assets is to version your assets for each update and publish them as new URLs o Sometimes you may wish to purge cached content from all edge nodes and force them all to retrieve new updated assets. You can purge all, purge single url or purge wildcard url • Cache expiration o In order to determine how long an item will be stored in our cache Front Door is using o Cache-Control: s-maxage=<seconds> o Cache-Control: maxage=<seconds> o Expires: <http-date>
  • 15. Enterprise grade architecture in the Front Door Firewall Application LoadBalancer Proxy / Caching DNS Load Management Redundant paths Redundant paths Active steeringActive monitoring and steering Fast fail over Fast fail over Map of the Internet
  • 16. Azure Front Door application protection Azure web application firewall (WAF)
  • 17. Azure Front Door application protection • Web applications are increasingly the targets of malicious attacks such as denial of service floods, SQL injection attacks, and cross-site scripting attacks • These malicious attacks may cause service outage and data loss, pose a significant threat to web application owners • Preventing such attacks in application code can be challenging and may require rigorous maintenance, patching and monitoring at multiple layers of the application topology • A centralized web application firewall helps make security management much simpler and gives better assurance to application administrators
  • 18. Azure web application firewall for Azure Front Door • WAF for Front Door is a global and centralized solution • Provides centralized protection for your web applications that are globally delivered using Azure Front Door • Every incoming request for a WAF enabled web application delivered by Front Door is inspected at the network edge • Prevents malicious attacks close to the attack sources, before they enter virtual network and offers global protection at scale without sacrificing performance
  • 19. Azure Front Door application protection Network DDoS protection IP blacklists and whitelists Geo filtering Flexible actions Custom http(s) access rules Rate limiting Azure managed ruleset
  • 20. Demo See Azure Front Door service in action
  • 21. Azure Front Door Service Summary • SSL offload and application acceleration at the edge close to end users • Global HTTP load balancing with instant failover • Actionable insights about your users and back ends • Web Application Firewall (WAF) and DDoS Protection • Central control plane for traffic orchestration
  • 23. Thanks to our Sponsors: Global Sponsor: Platinum Sponsors: Gold Sponsors: Silver Sponsors: