Azure Application Gateways. What they are, why you need them, and of course; how you can deploy them. But equally importantly, let’s resolve all of those lingering
questions and mysteries about why they are so cool to use. All that and more,
if you join me coming up now. Hello, everybody. My name is Adam Gordon, an edutainer here at ITProTV. Back with another exciting conversation, as we continue looking at 'What is Azure?' In this episode, we are going to talk about what the Azure Application Gateway is. We always answer three questions for you. What is the Azure Application Gateway? Why would you want to use or deploy it? Of course, equally importantly, how can you put this technology to work for you by getting it up and running? Let's begin by talking about what the Azure Application Gateway is. When we look at the Azure Application Gateway, you can see it on thelightboard here, I have drawn out two distinct functional elements. Things the Application Gateway provides. We have the Web Application Firewall, we have what is known as a Load Balancer. I want to talk about those two concepts for just a minute because they help us understand what it is the Azure Application Gateway provides. Let's assume that this area right out here, right in front of me on the lightboard, this is the internet, the World Wide Web, the Cloud we always hear so much about. It is everything that goes on outside our organization, and away from, in this case, all of the data and services that are inside, that potentially people on the outside want to have access to. What I'm gonna do is draw a little cloud for us here. Let's say this cloud kind of represents our ability to be able to be on the outside, but ultimately be able to access resources, right? The idea is that we want to come from this cloud, we want to make a request, we want to be able to have that request ultimately get access to one or more of the resources on the inside of our network, inside of the Azure Data Center, wherever that may be. Problem is, we can't just show up, knock on the door, and expect to get access to all that content. There is security we have to worry about. Who are you? What are your intentions? What is it you want to do with our data? If so, if we even allow you to do so, are you going to do that in ways that we can support? Those are all important things that we would have to think about. And so the Web Application Firewall is going to help us manage all that because what it's going to do, is that it's going to act as a Gatekeeper. It's going to say, 'Hold on a second there, Adam. We know you're on the outside, and you may actually belong coming in, and certainly may have the ability to see resources, but we have to check you out, and kind of make sure you're okay. We've got to know where you're coming from. We have to know what your intentions are, what kind of access do you want? We have to remember where you came from, so that way when we give you what you want, we know how to send it back to you.' We call that, Session Affinity. All these things are important, and all of that is provided by the Web Application Firewall and a lot more along the way. In addition, we want to make sure it's not just me that is sitting out here asking to see content, but maybe there is a hundred or more me's, all of you, all of your friends, and all of their friends because everybody wants to see something on the internet today, right? As a result, there are hundreds, thousands, perhaps millions of people that are out there wanting to see content. Think of it; YouTube right now, as you are watching this episode of 'What is Azure?' Listening to me explain the Azure Application Gateway to you. Imagine how many other people are looking at content on YouTube simultaneously? They all want to stream and get access to that content from somewhere, and they are all asking for it at the same time. By the way, they are all probably really impatient, they want it now. As a result of that, our second ability becomes very important; our Load Balancer, like Traffic Management. It allows us to ensure that my request, your request, and all your friend's requests are sent to the right place, wherever we want that content to come from. By the way, we can have up to a hundred of these boxes on the Backend of each one of these Application Gateways. Each box could represent a website with its own content that is being served up from our organization. Up to a hundred of those websites simultaneously, can be served up, managed, and protected as well as balanced by an Application Gateway. Phenomenal scalability, really important. We are going to have that Traffic Management Load Balancing Capability tell us where we are sending our traffic requests to, and how to make sure they get back to where we need to go. Right-back here to me on my machine, as I am watching this video, or you are as you are interacting with me. So when we think about what the Application Gateway is, it's a Traffic Management and Security Mechanism that allows us to provide content securely to people from anywhere across the world at scale. Very, very important when you think about the kinds of things we do today, the ways we collaborate, the ways we meet, the way you share information, and interact with your peers and colleagues. When we answer the question 'Why', why would this be important? We want to think about exactly what I just described. The answers to the 'what?' and build on that. I'm out here on the Cloud, just like all of you are. I am coming through this Gateway. I am sending my traffic requests. But, there are multiple websites or places I can get content from. We need to think about what kind of content we want to see, and how we're going to request it. That's where what we call the 'Back-End Pool' comes in. You are going to see these, and I'll explain how we create them. We take a look at how to do this. But, the reality is, these are simply collections of resources. Servers and data, that somebody is going to want to see, that we are going to group together, we are going to give the appropriate information to set up and manage that resource instead of resources to the Application Gateway, part of how we set it up. We are going to let users make requests that are routed and sent to pull that information. Remember, up to a hundred of them can exist back here simultaneously. It's pretty impressive. So let's say we are going to call our first area, our first pool, the Image Pool. I am going to represent that in blue, and we are going to color code that. Let's say our second one is going to be the Video Pool. I'm going to represent that in orange, and we are going to color code that. We are not going to use color to represent our requests, because that's a little hard. Instead, what I'm going to do, I am going to say that the Video request is going to have the letter 'V' associated with it. And the Image request, I for image, if you think about that, will have the letter 'I'. I want to say the letter, what I mean is, URL, the request that I make from here on the outside, in order to consume a resource, stream a video, access a file, look at a web page, whatever it is, through the Application Gateway, with the security of the Web Application Firewall, load-balanced and optimized for speedy transmission and the retrieval of data, and loading into my system, as well as updates, as necessary, when I do that, we need that magic URL, the address that we always use to access resources. I am going to say that if the address has the I in it, it should go to the Image area. It has the V, it should go to the Video area. Remember, we can have up to a hundred of these. on the Backend, set up separately, providing information to users, just based on what we call a Vanity URL. Customized address that they just have to type in, and that we serve up through the Application Gateway. As a result of that, if this request has V in it, it's going to come through here, and wind up being sent to the Video area. That request is going to come back the other way, ultimately going to wind up over here, and we are going to see the letter V, which represents our video, shows up on our web page, in our YouTube app player, whatever it is. You want to be able to watch video from our Backend Video Pool. In order to be able to see how all this comes together and how it's done, you are going to take a trip with me as we always do, I am going to show you now, as we go ahead and implement this in the Azure Fabric. Once we bring it all together, you are going to see just how easy it is to deploy and use the Azure Application Gateway. Alright, everybody, we have done the 'why', it is time for the ever-popular 'how'. We are in the Azure Portal. Go on ahead and create a Resource Group and call that Application Gateway, so we know exactly what we're doing. We are going to use the Add button, I have highlighted it right there. Let's go ahead and go to the Marketplace. We'll search for the Application Gateway. We will choose that so we can begin our deployment process and see how we configure it. Let me just zoom in so you can see where we are. We're going to click Add, we will go to the Marketplace, and we can either browse by category down here, or we can just start typing. As we start typing, we get close to Application Gateway, you see we get some options there. Choosing the first one on the list will give us the Microsoft Application Gateway. We want to create that, so we will click our link to Create. Takes just a second, we get our tab to interface what we are used to seeing on a lot of these deployments that we look at. And we are going to start answering questions. Now the good thing is... because we are already in a resource group that is named, that information is populated for us along with our subscription, and we can then go down and see the other elements we need to provide here. Now, if we did need to create a brand new resource group, we do have that capability, but really, the first thing we want to do is give this Application Gateway a unique name. So I'm going to go ahead and call this the 'Mike1' Application Gateway. As long as the name is unique and meets the naming requirements, we want that green check at the end of the line, we're good. We see the region we're going to deploy into, and that is the West US, again we can modify that if necessary. We see the tier here, which is the service tier and the pricing associated with the service tier that we can choose. You will see we have Standard V2. And you will notice here that we have both standard, standard version two, V2 means a newer set of features. And the Web Application Firewall, the WAF, and a WAF V2. We can deploy this and set this up in any of these configurations depending on what the needs are as we talked about as we discussed what the Application Gateway is, why it's important, and really the functionality associated with it. I am just going to choose the Standard V2 for the purposes of our demonstration. We do have autoscaling capability here. Just let me scroll down so you can see this. The autoscaling capability allows the Application Gateway to expand what is called the resource pools on the Backend, to provide those services that we are going to serve up. The application data and those things. It allows the system to manage on our behalf for us how that's going to work. Minimum scale units, maximum scaled units are provided, so we understand how that scaling can be managed. We can use an availability zone if we have one declared, that will help us understand how to physically ensure that the systems that are backing our Application Gateway, and all the resource provisioning that they provide in the Azure Data Centers, are going to be resilient in case something happens to them, we can actually fill over to other resources, and ensure we can keep running. Microsoft manages all that on our behalf. We can decide if we want to enable advanced HTTP protocol support, and we can also... and this a requirement, Configure our virtual network. Either use an existing one, or create one that we then going to use to manage this traffic, so we can control how it is going to flow through the gateway, and into the Backend area, where our Resource Servers, our Pools are going to be, our Image and Video items from our lightboard conversation. I am going to click Create New, because I don't have an existing network that I can use. And, you can see that I do have the option here to give it a name, we will do that. And I can specify either a brand new resource network that I want to create. Specify the Subnet and the Range, or perhaps take the recommended one that Microsoft is populating. It is up to me or I can do both, depending on what I want to do. Let's just go ahead and populate this, we will call this the 'Mikenet1', as long as that name is unique, we get our green check, all of that is good. I am going to accept the default network and the default Subnets. In the real world, as you're working through this, you would certainly want to create networks that approximate and lineup with your functionality, and where your resources are in the Data Center. We are just doing this for purposes of demonstration. I'm going to click through to the Next tab which is what we call the Frontend area. And in the Frontends area, I am specifying the Public available IP address that will be used to send information through the Application Gateway from the outside, from the external area on the internet. We need that Public-facing IP address to be available, and we need to specify what it is. You will see right now that I can add a new one if I don't already have one. Or, if I only want to keep this private, keep it only internal for my users inside behind the firewall, I could specify Private. Or, I could specify that I want Both, and I can provide both addresses. So I have a separate address for customers, people that are not organizational members, they're not employees and team members, but people that are going to be employees will access the system through a different way and have a different IP address. We have options, we like options. I am going to click 'Add new', got a little pop up here. We're just going to name this IP address, we give it the name... Microsoft signs the Public IP for us automatically. So we're not worried about what it is, we're just worried about what to call it. We will click OK. That will give it a new name. We will then go ahead and go to our Backend area. And the Backend area is going to ask us to either add a Backend pool or if there is already one available we would potentially see it there. If we don't, we need the Backend pool. This is the collection of resources that our Application Gateway targets to send traffic to. This will be the image or the video icons that were on the lightboard as we were sending our traffic into different places. I have to create those areas, and they are called Backend pools. So what we're going to do is click here to use this wizard to use a Backend pool. We have to give this a name, let's call this 'MikeImage'. And, you will notice over here, that I can add the Backend pool without targets. Yes or No. Meaning I can specify different kinds of targets, either an IP address, an FQDN, a virtual machine, things like that. Or, I can come back and fill that in later after I have set up the initial Application Gateway architecture. Let me just show you what those options are. You will see IP address, Virtual machine, a virtual machine skill set that is what VMSS is, and/or App Services, a web application I want to provide, publish and make available. I would choose appropriately here, adding in as you can see, multiple iterations if I need to. If I decide I don't want to add one of those, I just click the Delete icon, essentially the garbage can, to get rid of it, or, I can decide I want to add the Backend pool without putting Targets in. Right now, we don't have enough time to show you how to build the entire infrastructure out and build those Targets. But we can certainly add them after the fact. So we will just click Add, we'll go ahead and build the pool without the Targets, and we can circle back to it later. We will click Configuration, our next item, you can see we are moving over. And in the Configuration area, we have three distinct things we have to add in. Our Frontend IP, you will see we already have that there, it's populated as part of the Wizard. You will see, if we want to add additional ones we can add them here. Routing Rules. This is where we set up the magic that happens with the Load Balancer, be able to say send the I traffic to Image, and the V traffic to Video in our lightboard discussion. And then our Backend pools, as you can see, we have our Backend pool populated. We can go in and edit it, and/or we can add in additional ones from here. Once we are done with all this, we would set up our Routing Rules. We will just quickly show you what that looks like, even though we are not going to populate them because they are a little complicated. But, you will see that we can set up our Rule name. We would set up Listeners, as well as Backend targets. There are a few tabs we have to contend with here. A lot of information asked for; Protocols, Names, IP addresses, Additional settings, and the Configuration Information around specifying how we handle Errors if something is requested that we can't provide. All of this looks incredibly complex and can even seem overwhelming. You can always come over to ITProTV. Join me as I walk through this and all the other Azure stuff you want to see. I can show you how to do this in-depth, slowly, and specifically step-by-step, so you can understand exactly what to do. All you need to do is come over, become a member, and take a look. So we could set all this up, but right now we are just going to note that it's there. We are going to click Cancel, we are going to realize that we can click Next if we want to go ahead and add our Tags. You see, I can't get past through without a Routing rule, but we could move to the Tag area. And ultimately, Review and Complete once we're done, hitting Summary, seeing that tab coming up, telling us everything that's about to happen. Wait several minutes, probably 15-20 minutes to get the whole thing configured depending on the choices you make. And then our Azure Application Gateway is up and running, and we start testing and serving up our application services and allowing traffic to be managed on our behalf. If you want to find out more about how to do this end-to-end as I suggested, you can always follow us over at ITProTV, where we can provide for all your training needs, and certainly all your Azure training needs, in particular. Until I come back with another 'What is Azure?' episode, we will continue our conversation around Services and Features that are important to you, as you look to optimize your use of the Azure platform. I am going to wish you Happy Azuring, and I will see you soon.
