6

I have a SaaS web app developed with Angular 8 and Asp.net Core Web API. I have deployed web api to a azure web app and deployed angular front-end web app to another azure web app as well.

The users are from China and Australia and other countries. I want to have region load balance like Chinese users uses web app on china azure region and australian users use Australian azure region web app so that it has best performance. Azure SQL DB will be in one place (in australia).

In addition, i want to prevent attacking to web front app and web api like d-dos, web scraping and SQL injection. For web scraping, i want to add access rate limitation from one ip.

Can you please advise what service i should use? I saw the blog talking about azure application gateway, azure load balancer, azure front door and azure traffic manager. It is a bit confusing to me. I need a best practise based on my this real world scenario. Should I use one of the service or should I use multiple services?

Thomas
  • 24,234
  • 6
  • 81
  • 125
Edison
  • 287
  • 1
  • 6
  • 18

1 Answers1

9

Based on your requirement:

  1. Since the Backend Resource is Web App, you can ignore Load balancer (Layer 4) where you can only add VMs or VMSS
  2. Your another requirement is WAF, and it is only available in AFD and AppGW. But you can use Traffic Manager as first Tier Load balancing and have AppGW in the different regions to provide high resilience.
  3. As you want users from specific country to reach nearest backend resource, it seems like, the best solution for you is AFD.

AFD is a global Load balancer. It has WAF capability. It can Cache the data and provide quicker responses(CDN functionality). AFD uses an intelligent probing mechanism, through which it chooses the endpoint which is closer to the client who is making the request.

Hope this helps.

msrini-MSIT
  • 1,444
  • 1
  • 7
  • 11
  • Exactly answered my question. Thank you very much! appreciate that. – Edison Jun 07 '19 at 06:28
  • A further question, since I have two web apps (one is front-end Angular web app and another is Rest Web API for back-end). Can you please advise should I have one Azure Front Door for my web apps? or one Azure Front Door for each web app (two AFDs in total)? – Edison Jun 13 '19 at 23:10
  • 2
    You can have one AFD with multiple backend pools and front end configs – msrini-MSIT Jun 14 '19 at 03:03
  • Thank you. In addition, I need to use custom domain name. e.g. my front door is called contoso.azurefd.net. My custom domain name is www.contoso.com. I will add contoso.azurefd.net as CNAME on GoDaddy website. Since www.contoso.com points to front end web app only (not web api) and web api is at apicontoso.azurewebsites.net, how can I add apicontoso.azurewebsites.net into front door. I assume front door only has one url which is contoso.azurefd.net, – Edison Jun 26 '19 at 04:01
  • 2
    add apicontoso.azurewebsites.net as a new backend pool and create a new routing rule for your API – msrini-MSIT Jun 26 '19 at 04:18
  • Thank you for prompt answer. In addition, comparing to create another Front Door service for apicontoso.azurewebsites.net, which way is the best practice and cost effective? – Edison Jun 27 '19 at 02:12
  • A further question regarding geo load balance, my users are from both Australia and China. My current Azure SQL DB and Web Apps are on Australia. Can I use Front door to do geo load balance? e.g. Australian users are redirect to the web app deployed on Australian. Chinese users are redirect to the azure web app deployed on China Azuer Data centre. Both web app api use the database on Australian data center. One issue is that I cannot choose China's data centre using my subscription. Could you please advise what is the best practise to archive my requirement? – Edison Jun 27 '19 at 06:11