“Security, a Tom and Jerry game”–Azure Application gateway with WAF
“Higher the Availability, double the glory in production”–Azure Virtual Machine Scale set
- Application Gateway with Scale set remains to be a boon for hosting scalable, Performance Booster, secure and robust application on Azure. The Layer 7 capable Load balancer helps in providing application-level routing and load balancing services. Furthermore, it helps in achieving scalable and highly-available web front end with Multi URL routing in Azure.
- On the other front, virtual machine scale sets(VMSS) which helps in achieving Improved cost management, Higher availability and higher fault tolerance. VMSS supports Azure load balancer (Layer-4) and Azure Application Gateway (Layer-7) traffic distribution. VMSS supports up to 300 virtual machine instances if it uses own custom Image otherwise it will support up too 1000 VM.
Why to use this template only?
- This Template can be leveraged for both Windows and Linux flavors and incase of unmanaged disks the Image Uri passed will be a Source vhd and incase of managed disk the Uri passed will be an image id.
- This article aims at achieving the deployment of virtual Machine scale set at the backend of an Application Gateway with custom Image Uri using ARM Template for both windows and Linux flavors.
Architecture
The architecture comprises of following Azure Components:
§ Virtual Machine scale set
§ Application gateway with WAF
§ Application Server (Golden image)
§ Jump Box
Problem Statement
A client of who runs an e-commerce site had trouble in their hosted application at Azure. On reviewing their environment, we found they use Application Gateway with Virtual Machine at their backend, which resulted in a lack of scalability and higher cost.
Solution
To mitigate the issue, virtual machine scale set is brought into the picture which helped in achieving higher availability, Performance Booster, scalability and Improved Cost Management.
ARM Template
- To achieve this scenario, we opted for the use of ARM Template where we have incorporated provisioning of scale set at the backend of Application Gateway with Custom Image Uri.
- As network performance remains one key factor accelerated networking is taken into consideration while developing this Json Template. This template aims at solving the problem for both windows and Linux servers as well as for both Managed and Unmanaged disks.
- In the network profile section, Accelerated networking has been incorporated which helps in Improving networking performance.
4. The scale set is the key part in this article where it calls the source Uri path of the Golden Image Disks for the Instances to be created at the backend of the Application gateway.
5. Web Application firewall is incorporated to mitigate the security risks and DDoS attacks Detection and prevention.
6. While the provision of Application Gateway SSL certificate inclusion is also taken care with the template. The passing of cert data and Password will help in getting SSL attached to the application gateway.
7. Http and Https Listeners are added in the Listener section.
8. Http to Https routing rules have been taken care within the routing policies.
9. In this section the diagnostic setting for the windows server has been used. The diagnostic settings changes from windows to Linux.
If you need the any help on the above JSON scripts, Please do reach out to us……..
End 🙂
Madan Mohan K has in-depth experience in cloud Industry for about 3 years. His expertise includes Microsoft Azure, Infra Administration, PowerShell, JSON, Firewall, Networking and VM management skills”
Reference: Mohan K, M. (2018). Azure App Gateway with Custom Image Scale Set- using ARM template. Available at: https://blog.powerupcloud.com/azure-app-gateway-with-custom-image-scale-set-using-arm-template-f14ef5b45c32 [Accessed at: 18 July 2018]