We are an IT Infra and solutions service provider. We build customers' infrastructure, business solutions. I have built Azure Front Door services for the banking sector, manufacturing, and numerous customers to help utilize this Azure offering.
Use cases for Azure Front Door involve applications where customers' applications are public facing, and the customer's user base is basically spread across the globe, allowing different users to access the application from anywhere. They also want optimizations like CDN capabilities for their applications, enabling application pages to get cached at local POPs so that the website loads faster locally from the local cache. Azure Front Door facilitates this.
The most valuable features of Azure Front Door are the WAF module.
The WAF module, which stands for Web Application Firewall in the Azure Front Door Premium SKU, is very useful because it helps customers add an extra layer of security and http security features. It has rate limiting and somewhat DDoS capabilities, allowing customers to reduce the attack surface from attackers on their application. It helps enabling geo-blocking for specific regions, allowing only a few regions to access their applications, and I find it very useful.
Azure Front Door has intelligent routing features that exhibit good routing sense because when we configure the health probe and the weightage on the backend origin groups, Front Door balances the traffic toward different backend pools based on the weightage of the number of connections. It distributes the load evenly and based on weightage to the back ends, considering both latency and utilization.
The integration of TLS/SSL offloading in Azure Front Door significantly enhances both security and performance as it adheres to industry standards. Front Door can create a certificate itself for customers who need it, but if a customer prefers to use their own certificate, they can directly upload it or integrate it with Azure Key Vault. This allows customers to securely add their certificates to their applications, thereby incorporating transport layer security.
Azure Front Door's advanced routing rules for traffic management are highly effective. You can configure HTTP tags, change different header or header response values, configure origin domains, and add Layer 7 security using these routing rules. Additionally, you can exclude cache for certain sub-URLs within your applications. These routing rules provide a wide array of options for Layer 7, HTTP configurations.
Azure Front Door comes with Log Analytics workspace integration, allowing it to capture all logs. It features a nice dashboard for security and traffic analytics, offering insights on what kind of browser platforms users are utilizing, the cache hit percentage on Front Door, and the latency of the application, showing how users are hitting it, along with latency from Front Door to the backend servers. It enables users to determine load type and the performance of their servers, which benefit from Azure Front Door serving 70 to 80% of the traffic from its own cache, thereby reducing load on backend servers. The analytics also show stats and graphs related to the WAF module, detailing how many vulnerabilities have been blocked, the number of requests by country, and regions with the highest malicious traffic. Advanced users can build their own KQL queries in the Log Analytics workspace for deeper investigation of performance issues, if any.
