Azure Front Door is a newly available service that can efficiently control routing and web traffic for applications because it uses Microsoft WAN to optimize the traffic.

You just put all of your applications from the same or different regions into a single backend pool on Azure Front Door, and Front Door basically takes care of the rest. In other words, Azure Front Door provides an entry point that gives us an efficient global failover service for high availability and performance.

You may want to ask what the difference between Traffic Manager and Azure Front Door is. Well, before answering this question, I think it would better to take a quick look at the load-balancing solutions available on Azure.

Traffic Manager: This DNS-based traffic load balancer provides high availability allowing you to control traffic across Azure regions.

Application Gateway: This is an application layer load-balancing service for HTTP/S requests.

Load Balancer: This typical load-balancing service enables you to use a single public or private IP address to represent multiple hosts behind it.

Front Door: This edge service on Azure allows us to benefit from Microsoft WAN to reach the closest available instance of a service.

Because Azure Front Door uses Microsoft WAN in the background, once you are connected to Azure Front Door, it basically means you're also connected to Microsoft WAN. This takes you to the closest available instance of your application sitting in Azure with a very low latency. It feels like Azure Front Door is a combination of Azure Traffic Manager and Azure Application Gateway in the sense of application layer operations and global load-balancing capabilities.

Azure Front Door offers the following services:

  • Publishing web applications in backend pools on Azure Front Door
  • Implementing geofiltering policies to block or allow requests coming from a certain country or region
  • Configuring SSL termination
  • Performing URL redirection
  • Creating and applying web application firewall (WAF) rules

Now we can go back to our main objective and start creating an Azure Front Door instance and testing its functionality following the steps below.

Creating required objects ^

First, we need to install the module required to manage Azure Front Door using the command below.

Install-Module -Name Az.FrontDoor -Force
Installing the Front Door PowerShell module

Installing the Front Door PowerShell module

Before creating an Azure Front Door instance, we need to create the following objects.

Backend objects ^

Backend objects basically represent what we need to access from the internet. So we need to create these, each of which is a separate web application in my scenario, and put them in a "backend pool" object. I will be using my existing web applications. which are identical in my example as shown below. The apptest0001 is in North Europe and the apptest0002 is in Central US.

You need to use your own web apps before adding them into a backend object.

Web apps from different regions

Web apps from different regions

So now we can add our web apps in separate backend objects since each backend object represents a single host. To create backend objects, we will use the following commands.

### 1. Creating a new Azure Front Door backend object ####

$backEndObject1 = New-AzFrontDoorBackendObject -Address "apptest0001.azurewebsites.net"
$backEndObject2 = New-AzFrontDoorBackendObject -Address "apptest0001.azurewebsites.net"
$backEndObject1
$backEndObject2
Creating a new Azure Front Door backend object

Creating a new Azure Front Door backend object

Health probe setting objects ^

Health probes are built-in agents that constantly check the backend services.

To create a health probe setting object, we will use the following:

### 2. Creating a new Azure Front Door health probe setting object ####

$HealthProbeSettingObject1 = New-AzFrontDoorHealthProbeSettingObject -Name "HealthProbeSetting1"
$HealthProbeSettingObject1
Creating a new Azure Front Door health probe setting object

Creating a new Azure Front Door health probe setting object

Load-balancing setting objects ^

We can create the settings for the load-balancing feature of Azure Front Door with this command:

### 3. Creating a New Azure Front Door load-balancing setting object ####

$LoadBalancingSettingObject1 = New-AzFrontDoorLoadBalancingSettingObject -Name "Loadbalancingsetting1"
$LoadBalancingSettingObject1
Creating a new Azure Front Door load balancing setting object

Creating a new Azure Front Door load balancing setting object

Front-end endpoint object ^

This one contains the information about the front-end service of Azure Front Door. We'll also specify the external hostname accessed from the internet here.

The command below creates a new front-end endpoint object:

### 4. Creating a new Azure Front Door front-end endpoint object ####

$FrontendEndpointObject1 = New-AzFrontDoorFrontendEndpointObject -Name "frontendEndpointObject1" -HostName $hostName
$FrontendEndpointObject1
Creating a new Azure Front Door front end endpoint object

Creating a new Azure Front Door front end endpoint object

Backend pool object ^

As the name implies, a backend pool object contains the backend objects, the load-balancing settings, and the health probe settings created in previous steps.

Here we're using previously created backend objects to create a new pool. So in a single pool we will have multiple backend hosts. If one of the hosts (nodes) in this pool fails, Azure Front Door fails over to any other available host in the same pool.

To create a backend pool, we can use the following command:

### 5. Creating a new Azure Front Door backend pool object ####

$BackendPoolObject1 = New-AzFrontDoorBackendPoolObject -Name $backendpoolname `
-FrontDoorName $frontDoorName `
-ResourceGroupName $ResourceGroupName `
-Backend $backEndObject1,$backEndObject2 `
-HealthProbeSettingsName "HealthProbeSetting1" `
-LoadBalancingSettingsName "Loadbalancingsetting1"
$BackendPoolObject1
Creating a new Azure Front Door backend pool object

Creating a new Azure Front Door backend pool object

Routing rule object ^

We can configure all routing-related settings such as protocols, forwarding patterns, and caching in this object.

The command below can create a new routing rule:

### 6. Creating a new Azure Front Door routing object ####

$RoutingRuleObject1 = New-AzFrontDoorRoutingRuleObject -Name $routingRuleName `
-FrontDoorName $frontDoorName `
-ResourceGroupName $ResourceGroupName `
-FrontendEndpointName "frontendEndpointObject1" `
-BackendPoolName "b
Creating a new Azure Front Door routing object

Creating a new Azure Front Door routing object

Creating an Azure Front Door instance ^

We can finally create an Azure Front Door instance using the objects we have already created.

By putting them all into the command below, we can create an Azure Front Door.

### 7. Creating a new Azure Front Door ####

$AzureFrontDoor = New-AzFrontDoor -Name $frontDoorName `
-ResourceGroupName $ResourceGroupName `
-RoutingRule $RoutingRuleObject1 `
-BackendPool $BackendPoolObject1 `
-FrontendEndpoint $FrontendEndpointObject1 `
-LoadBalancingSetting $LoadBalancingSettingObject1 `
-HealthProbeSetting $HealthProbeSettingObject1
$AzureFrontDoor
Creating a new Azure Front Door

Creating a new Azure Front Door

Testing Azure Front Door ^

Now it's time to test the configuration. We've now created a new Azure Front Door service and associated two web apps from different regions with it. We can now try to access the web app without knowing its location.

When I browse the front-end URL of the Azure Front Door, it takes me to the web app in North Europe based on my location since Front Door uses the anycast protocol with split TCP to ensure it routes the requests to the closest and most available backend application.

Front Door routes to the closest web app

Front Door routes to the closest web app

When I stop the web app "Apptest0001" and try again, I see that Front Door fails over the service to the next closest and available service.

Front Door fails over to the next fastest and available web app

Front Door fails over to the next fastest and available web app

Conclusion ^

Azure Front Door is an easy-to-implement service that enables enterprises to spread their loads regardless of the region. As something Microsoft has used for their own services for so long, Front Door is a highly scalable and reliable option when it comes to managing workloads and performance.

Below is the full code that allows you to create an Azure Front Door with PowerShell:

Subscribe to 4sysops newsletter!

Install-Module -Name Az.FrontDoor -Force

$ResourceGroupName = "FrontDoorRG"
$routingRuleName = "RoutingRule1"
$frontDoorName = "FrontDoor0001"
$FrontendEndpointName = "FrontendEndpoint1"
$backendpoolname = "backendPool1"
$hostName="FrontDoor0001.azurefd.net"

$ResourceGroupName="FrontDoorRG"
New-AzResourceGroup -Name $ResourceGroupName -Location 'North Europe'

### 1. Creating a new Azure Front Door backend object ####

$backEndObject1 = New-AzFrontDoorBackendObject -Address "apptest0001.azurewebsites.net"
$backEndObject2 = New-AzFrontDoorBackendObject -Address "apptest0001.azurewebsites.net"
$backEndObject1
$backEndObject2

### 2. Creating a new Azure Front Door health probe setting object ####

$HealthProbeSettingObject1 = New-AzFrontDoorHealthProbeSettingObject -Name "HealthProbeSetting1"
$HealthProbeSettingObject1

### 3. Creating a New Azure Front Door load-balancing setting object ####

$LoadBalancingSettingObject1 = New-AzFrontDoorLoadBalancingSettingObject -Name "Loadbalancingsetting1"
$LoadBalancingSettingObject1

### 4. Creating a new Azure Front Door front-end endpoint object ####

$FrontendEndpointObject1 = New-AzFrontDoorFrontendEndpointObject -Name "frontendEndpointObject1" -HostName $hostName
$FrontendEndpointObject1

### 5. Creating a new Azure Front Door backend pool object #####

$BackendPoolObject1 = New-AzFrontDoorBackendPoolObject -Name $backendpoolname `
-FrontDoorName $frontDoorName `
-ResourceGroupName $ResourceGroupName `
-Backend $backEndObject1,$backEndObject2 `
-HealthProbeSettingsName "HealthProbeSetting1" `
-LoadBalancingSettingsName "Loadbalancingsetting1"
$BackendPoolObject1

### 6. Creating a new Azure Front Door routing object ####

$RoutingRuleObject1 = New-AzFrontDoorRoutingRuleObject -Name $routingRuleName `
-FrontDoorName $frontDoorName `
-ResourceGroupName $ResourceGroupName `
-FrontendEndpointName "frontendEndpointObject1" `
-BackendPoolName "backendPool1"
$RoutingRuleObject1

### 7. Creating a new Azure Front Door ####

$AzureFrontDoor = New-AzFrontDoor -Name $frontDoorName `
-ResourceGroupName $ResourceGroupName `
-RoutingRule $RoutingRuleObject1 `
-BackendPool $BackendPoolObject1 `
-FrontendEndpoint $FrontendEndpointObject1 `
-LoadBalancingSetting $LoadBalancingSettingObject1 `
-HealthProbeSetting $HealthProbeSettingObject1
$AzureFrontDoor

 

2 Comments
  1. Eduardo 1 year ago

    Hi,

    This looks great. Have you tried it with multiple frontendendpoint objects?

  2. Rob 1 year ago

    Heh,

    Yeah, I just tried it and it nuked all of the existing backend objects and routes :'(

    Simple enough to change though, create the objects as above and then get your existing FD, Add to the collections and then use the FD objects collections in the Set-AzFrontDoor call:

    $frontDoor = Get-AzFrontDoor `
                -ResourceGroupName $rg -Name $frontDoorName;
    
    $frontDoor.HealthProbeSettings.Add($healthProbe);
    $frontDoor.LoadBalancingSettings.Add($healthLoadBalancer);
    $frontDoor.BackendPools.Add($backendPool);
    $frontDoor.RoutingRules.Add($routingRule);
    
    $frontDoor = Set-AzFrontDoor `
        -InputObject $frontDoor `
        -RoutingRule $frontDoor.RoutingRules `
        -BackendPool $frontDoor.BackendPools `
        -LoadBalancingSetting $frontDoor.LoadBalancingSettings `
        -HealthProbeSetting $frontDoor.HealthProbeSettings;
    

Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account