Overview

An Azure Application Gateway allows you to distribute web traffic among multiple backend resources. This can help to increase the scalability and the availability of a resource. An Application Gateway serves similar goals to an Azure Load Balancer, however there are some significant differences.

  • An Azure Application Gateway is specifically designed for HTTP and HTTPS traffic. An Azure Load Balancer can route traffic with other protocols
  • An App Gateway provides more features - most of which are specific to HTTP and HTTPS
  • An App Gateway operates at a higher network level than a Load Balancer

An App Gateway exposes a public URL or IP Address endpoint and connects to one or more backend resources, such as an App Service or a Virtual Machine.

In this article, I will show you how to create an Azure Application Gateway that connects to a backed consisting of two nearly-identical web applications deployed as Azure App Services.

Creating the Backend App Services

For this demo, I created two nearly identical Application Services - dgtestAgWebApp1 and dgtestAgWebApp2. They share the same App Service Plan, the same operating system (Windows) and the same technology stack (ASP.NET). I deployed a single default HTML page to each App Service. This page differs only slightly, so we can identify which App Services is rendering the site for a given request to the App Gateway.

Fig. 1 and Fig. 2 show the two default pages for dgtestAgWebApp1 and dgtestAgWebApp2, respectively.

Web App 1 output
Fig. 1

Web App 2 output
Fig. 2

To learn how to create a Web App as an App Service, see this article.

To simplify this demo, I will not create or upload any digital certificates to the app services or the Application Gateway. Because of this, we need to make a small change to each App Service: On the "TLS/SSL settings" blade, set "HTTPS only" to "Off". This allows a client to call the app service via either HTTP or HTTPS.

Creating an Azure Application Gateway

To create a new Azure Application Gateway, log into the Azure Portal{:target='_blank'}, select the [Create a resource] button (Fig. 3), and search for Application Gateway, as shown in Fig. 4.

Create Resource button
Fig. 3

Search for Application Gateway
Fig. 4

Click the [Create] button to open the "Basics" tab of the "Create application gateway" dialog, as shown in Fig. 5.

Create Application Gateway dialog
Fig. 5

At the "Resource Group" field, select or create a Resource Group into which to save this Gateway. I prefer to keep the Gateway, the backend resources, and all other related resources in the same Resource Group.

At the "Application gateway name" field, enter a unique name for this Gateway.

At the "Region" field, enter the region in which to deploy this Gateway. To reduce latency, you may consider the location of your backend services and/or the location of your users when selecting a region.

At the "Enable autoscaling" field, select "Yes" and enter the minimum and maximum allowable instances of the gateway.

Expand the "Availability zone" field (Fig. 6) and select the zones into which you wish to deploy the Gateway. Deploying to multiple zones provides redundancy, which can increase the Gateway's availability.

Availability Zones dialog
Fig. 6

If you wish to allow clients to connect to the Gateway via HTTP/2, select the "Enabled" radio button at the "HTTP2" field. This affects only the front-end connection. Regardless whether you enable HTTP2, the Gateway connects to the backed resources via HTTP/1.1.

At the "Virtual network" field, click the "Create new" link to open the "Create virtual network" dialog, as shown in Fig. 7.

Create Virtual Network dialog - Basic Tab
Fig. 7

Enter a unique name for the Virtual Network and provide an address and subnet range. Click the [OK] button to save your changes and close the "Create virtual network" dialog.

Click the [Next: Frontends] button to advance to the "Frontends" tab, as shown in Fig. 8.

Create Virtual Network dialog - Frontends Tab
Fig. 8

At the "Frontend IP address type" field, select "Public".

At the "Public IP address field, click the "Add new" link to open the "Add a public IP" dialog, as shown in Fig. 9.

Add Public IP dialog
Fig. 9

At the "Name" field, enter a name for the Public IP.

Click the [Next: Backends] button to advance to the "Backends" tab, as shown in Fig. 10.

Create Virtual Network dialog - Backends Tab
Fig. 10

Click the "Add a backend pool" link to open the "Add a backend pool" dialog, as shown in Fig. 11.

Add Backend Pool dialog
Fig. 11

The Backend Pool configures the pool of backend resource that the Application Gateway will serve when a client connects to the front end.

At the "Name" field, enter a name for the Backend Pool.

At the "Add backend pool without targets" field, select "No".

In the "Items" section, select "App Services" in the "Target type" column and select the first web app service ("dgtestAgWebApp1") in the "Target" column. In the second row, select "App Services" in the "Target type" column and select the second web app service ("dgtestAgWebApp2") in the "Target" column.

Click the [Add] button to add this backend pool to the Application Gateway.

Click the [Next: Configuration] button to advance to the "Configuration" tab, as shown in Fig. 12.

Create Virtual Network dialog - Configuration Tab
Fig. 12

This tab should show the Frontend IP and the Backend Pool you created and assigned to this Gateway. You will need to add a Routing Rule. Click the [Add a routing rule] button to open the "Listener" tab of the "Add a routing rule" dialog, as shown in Fig. 13.

Add Routing Rule dialog
Fig. 13

At the "Rule name" field, enter a name for the rule.

At the "Priority" field, enter "100". Because this is the first and only rule, this number is not yet relevant. However, when you add multiple rules, rules with a Priority of a lower number will take precedence.

At the "Listener name" field, enter a name for the Listener.

At the "Frontend IP field, select "Public" to allow clients to connect to the Gateway frontend over the Internet.

At the "Protocol" field, select "HTTP".

At the "Port" field, enter "80".

At the "Listener type" field, select "Basic".

At the Error page url" field, select "No"

Select the "Backend targets" tab of the "Add a routing rule" dialog, as shown in Fig. 14.

Create Virtual Network dialog - Backend Targets Tab
Fig. 14

AT the "Target type" field, select the "Backend pool" radio button.

At the "Backend target" field, select the Backend Pool you created in an earlier step above.

At the "Backend settings" field, click the "Add new" link to open the "Add Backend setting", as shown in Fig. 15.

Add Backend Settings dialog
Fig. 15

At the "Backend settings name" field, enter a name for this backend setting.

At the "Backend protocol" field, select "HTTP".

At the "Backend port" field, enter "80".

At the "Override with new host name" field, select "Yes".

At the "Host name override" field, select "Pick host name from backend target".

Leave the defaults for all the other fields.

Click the [Add] button to add this backend setting to the Routing Rule and close the dialog.

Click the [Add] button to add this routing rule to the Application Gateway and close the dialog.

Click the [Next: Tags] button to advance to the "Tags" tab, as shown in Fig. 16.

Create Virtual Network dialog - Tags Tab
Fig. 16

Enter any name/value pairs you wish to associate with this Gateway. These do not affect performance, but they can be useful in reporting.

Click the [Review + create] button to advance to the "Review + create" tab, as shown in Fig. 17.

Create Virtual Network dialog - Review and Create Tab
Fig. 17

If you made any errors (skipping a required field or selecting incompatible options, for example), they will display here, and you may correct them. When no errors are reported, click the [Create] button to create a new Azure Application Gateway. This may take a few minutes.

Try It

The public IP address of the Azure Application Gateway can be found on the "Overview" tab, as shown in Fig. 18.

Public IP Address in App Gateway Overview Tab
Fig. 18

Open a browser and paste this IP address in the address bar. You should see one of the two App Services. Refresh a few times and the browser should sometimes display App 1 and sometimes display App 2.

Conclusion

In this article, you learned how to create and configure an Azure Application Gateway to manage HTTP traffic to an Azure App Service.

Note

I am grateful to Pete Rodriguez, who helped me troubleshoot this demo and provided guidance on this technology.