Head starting my DevOps Journey .

Application Gateway vs azure traffic manager

Janvi Dalal's photo
Janvi Dalal
·

2 min read

Table of contents

No heading

No headings in the article.

if external users need to access an application hosted in a private subnet while keeping the public IP hidden, you would typically set up a combination of Azure Application Gateway (or another reverse proxy) and Azure Traffic Manager. Here's how you can achieve this:

  1. Azure Application Gateway:

    • Deploy Azure Application Gateway in front of your application servers within the private subnet.

    • Configure Application Gateway to route incoming traffic to the backend servers using private IP addresses.

    • Application Gateway provides features such as SSL termination, URL-based routing, and web application firewall (WAF) to enhance security and manage incoming traffic.

  2. Azure Traffic Manager:

    • Set up Azure Traffic Manager to manage DNS-based traffic routing.

    • Configure Traffic Manager with endpoints that point to the public IP address of the Azure Application Gateway.

    • Traffic Manager routes external user traffic to the closest or best-performing Azure Application Gateway endpoint.

With this setup, external users access the application by sending DNS queries to Traffic Manager. Traffic Manager then routes the traffic to the appropriate Azure Application Gateway, which in turn forwards the requests to the backend servers within the private subnet using their private IP addresses. This setup keeps the public IP address of the backend servers hidden from external users while providing access to the application.

Here's a summary of the flow:

  1. External users send DNS queries to Traffic Manager to resolve the application's domain name.

  2. Traffic Manager routes the DNS queries to the appropriate Azure Application Gateway endpoint.

  3. Azure Application Gateway receives incoming requests from external users and forwards them to the backend servers within the private subnet using their private IP addresses.

  4. The backend servers process the requests and send responses back through Azure Application Gateway to the external users.

This setup ensures that external users can access the application securely while maintaining the privacy and security of the backend servers within the private subnet.

Did you find this article valuable?

Support Head starting my DevOps Journey . by becoming a sponsor. Any amount is appreciated!