Reverse Proxie’s in Azure
Let’s see in detail an overview of a couple of reverse proxy services offered in azure for your workload. There are a few known and some secret options that we will be discussing in this post so bear with me.
If we just talk about what is a reverse proxy, It is the mediator between your web tier and the internet, It helps you to make your application more secure, resilient and improves user experience.
So, Let’s talk about what are the options we have in Azure and their general use-case in one line.
- Application Gateway: This is the most common service used in azure for single region deployment and can surprise you with its K8s Ingress capabilities and WAF features.
2) Front Door: This is again done the same as application gateway however it can be deployed in multiple Azure regions. It can be deployed outside of your Vnet.
3) APIM: It helps to secure, manage your API solution, with APIM you would not get WAF so it is usually recommended to include Application Gateway in Architecture.
4) Traffic Manager: This changes the game altogether when you have a global user base. Traffic Manager and Application Gateway/frond door is usually a deadly combination.
Above services most common being used across azure deployment, key and secret service Azure has that is not more often seen in google search is “AAD App Proxy”
AAD App Proxy: This can help to improve your security posture if tagged along with other services. AAD App Proxy has two components, whereas above single PaaS component.
AAD App Proxy can be deployed in case of hybrid and multi-cloud use cases too like it as two-component “portal” and “connector”. with AAD App Proxy you do not need to open ports in the firewall. This makes more sense if we combine Application Gateway for hybrid use-cases.
The intention of this blog post to just share high-level overview of what are the services you have and some details around it. Please refer to official docs when you go deep-dive.