Deploying a web application to azure.
web application consists of the following : azure blob storage for storage of images and azure app service to host the web application.
requirements:
All communications to the web application must be made via SSL.
The web application must support high traffic loads even if encryption is enabled.
the web application must be protected from web attacks.
the design should also cater to routing user requests to the endpoint with the lowest latency
Azure Application Gateway
SSL termination
Application gateway supports SSL termination at the gateway, after which traffic typically flows unencrypted to the backend servers.
There are number of advantages of doing SSL termination at the application gateway.
1. Improved performance - The biggest performance hit when doing SSL decryption is the initial handshake. To improve performance, the server doing the decryption caches SSL session IDs and manage TLS session tickets.
If this is done at application gateway, all requests from the same client can use the cached values. If its done on the backend servers, then each time the client's requests go to a different server the client has to re-authenticate . The use of TLS ticket can help mitigate this issue, but they are not supported by all clients and can be difficult to configure and manage.
2.Better utilization of the backend servers: SSL/TLS is very CPU intensive and is becoming more intensive as key sizes increase. Removing this work from the backend servers allows them to focus on what they are most efficient at, delivering content.
3. Intelligent routing
By decrypting the traffic, the application gateway has access to the request content, such as headers, URL and so on, and can use this data to route requests.
4. Certificate Management
Certificates only need to be purchased and installed on the application gateway and not all backend servers . This saves both time and money.
No comments:
Post a Comment