Azure Application Gateway is a pretty neat and cheap service offered by Azure. It’s a level 7 load balancer which means it understand HTTP and can route traffic according to a specific URL pattern. In my opinion it’s a must have in a micro service world these days. Here’s why:
If you are like us, you probably have an infrastructure with one hostname per micro service
This seems fine at first, but it comes with some issues
- Each time you want to move a micro service you need to ask your IT people to update the DNS records, which could lead to endless discussions as they don’t like touching their sacred cow
- What happen if you want to split a micro service in 2?
- What happen if you want to merge 2 micro services together?
- Every time you add a micro service you need to ask the IT people to link the certificate for SSL
Consolidating all your services behind one single gateway that will do the routing for you is a big win. You’ll be able to change the backend server structure as you want without any interventions from your IT guys. This will also give you much cleaner URLs for your services.
e.g. Typical Scenario
Your sales micro service was poorly designed or simply grew organically and you want to split its concerns in 2 micro services. One for payment and one for the quote system. Good news! With the gateway the URL used by the client could stay the same!
Simply split your sales web app in 2 (payment and quote) and then change the route conditions in the application gateway like this.
You can imagine it’s pretty much the same thing if you want to merge 2 services together
Application gateway also offers more advanced features like “Web Application Firewall” (WAF). This could help you protect your infrastructure against malicious requests. By default the WAF has a large set of built-in rules to protect against the OWASP top 10 attacks and is highly configurable to change or add any rules.
Http to Https
If you are like us you probably configured a redirection from HTTP to HTTPS in every service you have. This is pretty tedious and error prone to configure. I would prefer that my team doesn’t think about these things and focus on the API behavior to deliver value to the customer. With Application Gateway it’s possible to configure an automatic redirection from HTTP to HTTPS keeping the same path and even the query string intact!
Same goes for SSL. Configuring SSL for each micro service is always a pain. First you need to link a certificate and then bind some hostname with it and guess what, most of the time these precious keys are held by the IT guys. Again, you can liberate yourself from that pain and become more autonomous. With the Application Gateway you’ll simply need to ask once to link the certificate with the Application Gateway and tada, any servers behind the Application Gateway we’ll have SSL automatically enabled, no need to manage it at the web app level.
Azure Application Gateway could enable your team to become autonomous from the IT guys and give a simple way to manage your server infrastructure in a flexible way. Moreover it could help you manage redundant tasks like SSL, Threat protection and automatic redirections.