Azure Front Door and Zero-downtime migration now in Public preview!

Finally it’s here! This was introduced to the Roadmap in March 29th 2022. It was a long wait but it was worth the wait!

Read here the full announcement!

Why this is a big deal?

First there was Front Door Classic and many customers started using it and then came two new SKU’s called Standard and Premium.

But now there was no way for migrate the provisioned engine parts to the new SKU’s.

You had to create them one by one, rule by rule and route by route.

What is the difference between the SKU’s?

Here an list from Microsoft on the different features and how they compare to each other.

Features and optimizationStandardPremiumClassic
Static file deliveryYesYesYes
Dynamic site deliverYesYesYes
Custom domainsYes – DNS TXT record based domain validationYes – DNS TXT record based domain validationYes – CNAME based validation
Cache manage (purge, rules, and compression)YesYesYes
Origin load balancingYesYesYes
Path based routingYesYesYes
Rules engineYesYesYes
Server variableYesYesNo
Regular expression in rules engineYesYesNo
Expanded metricsYesYesNo
Advanced analytics/built-in reportsYesYes – includes WAF reportNo
Raw logs – access logs and WAF logsYesYesYes
Health probe logYesYesNo
Custom Web Application Firewall (WAF) rulesYesYesYes
Microsoft managed rule setNoYesYes – Only default rule set 1.1 or below
Bot protectionNoYesNo
Private link supportNoYesNo
Simplified price (base + usage)YesYesNo
Azure Policy integrationYesYesNo
Azure Advisory integrationYesYesNo

So as we can see, security is missing from the Classic one, don’t get me wrong, there is things you can protect but newest protection capabilities aren’t there.

Azure Front Door Classic

  • Is an Application Delivery Network (ADN) as a service
  • Offers various layer 7 load-balancing capabilities for your applications.
  • It provides dynamic site acceleration (DSA)
  • Provides global load balancing with near real-time failover.
  • It is a highly available and scalable service, which is fully managed by Azure.

Azure Front Door Standard

  • Content delivery optimized
  • Offering both static and dynamic content acceleration
  • Global load balancing
  • SSL offload
  • Domain and certificate management
  • Enhanced traffic analytics
  • Basic security capabilities

Azure Front Door Premium

  • builds on capabilities of Standard SKU, and adds:
  • Extensive security capabilities across WAF
  • BOT protection
  • Private Link support
  • Integration with Microsoft Threat Intelligence and security analytics.

Read more from my previous posts in my AZ-500 study guide when those new SKU’s were still in preview.

Migration interface

And once you hit Validate, it will couple of seconds to complete.

And once it’s done, you choose the name for the new migrated pool and the SKU.

Once you hit Prepare, it will warn with the following.

It will take some time once it creates the new pool for AFD.

Once done hit Migrate!

And see the magic happen!

When you go back to AFD Classic instance, you will see this warning.

And the editing is completely enforced, which makes total sense.

Closure

Excellent work from Azure Network Security team! This really helping on progressing those migration to newest versions of Front Door!

Author: Harri Jaakkonen

Leave a Reply

Your email address will not be published. Required fields are marked *