Overview

• It is a web traffic load balancer that enables you to manage traffic to web applications.
• Traditional load balancers operate at the transport layer (OSI layer 4 - TCP/UDP) and route traffic based on source IP/port, to a destination IP/port.
• With the Application Gateway you can be even more specific.
  • E.g. you can route traffic based on the incoming URL.
  • If /images is in the incoming URL, you can route traffic to a specific set of servers (pool) for images.
• This type of routing is known as application layer (OSI layer 7) load balancing.

Redirection

• Web applications need to support automatic HTTP to HTTPS redirection.
  • In the past, you may have used techniques such as creating a dedicated pool whose sole purpose is to redirect requests it receives on HTTP to HTTPS.
• Application gateway supports the ability to redirect traffic on the Application Gateway.
• Application Gateway redirection is a generic redirection mechanism, so you can redirect from and to any port you define using rules.
  • It also supports redirection to an external site as well.

Multiple-Site Hosting

• Multiple-site hosting enables you to configure more than one web site on the same application gateway instance.
• This feature allows you to configure a more efficient topology for your deployments by adding up to 20 web sites to one application gateway.
• Each web site can be directed to its own pool.
• For example, application gateway can serve traffic for contoso.com and fabrikam.com from two server pools called ContosoServerPool and FabrikamServerPool.
  • Requests for http://contoso.com are routed to ContosoServerPool, and http://fabrikam.com are routed to FabrikamServerPool.*
  • Similarly, two subdomains of the same parent domain can be hosted on the same application gateway deployment.
  • Examples of using subdomains could include http://blog.contoso.com and http://app.contoso.com hosted on a single application gateway deployment.

Session Affinity

• The cookie-based session affinity feature is useful when you want to keep a user session on the same server.
• By using gateway-managed cookies, the Application Gateway can direct subsequent traffic from a user session to the same server for processing.
• This is important in cases where session state is saved locally on the server for a user session.

Secure Sockets Layer (SSL) Termination

• Application gateway supports SSL termination at the gateway, after which traffic typically flows unencrypted to the backend servers.
  • This feature allows web servers to be unburdened from costly encryption and decryption overhead.
• Sometimes unencrypted communication to the servers is not an acceptable option.
  • This could be due to security requirements, compliance requirements, or the application may only accept a secure connection.
  • For such applications, application gateway supports end to end SSL encryption.

Web Application Firewall

• Web application firewall (WAF) is a feature of Application Gateway that provides centralized protection of your web applications from common exploits and vulnerabilities.
• A centralized web application firewall helps make security management much simpler and gives better assurance to application administrators against threats or intrusions.