Other protection solutions
Azure, in addition, provides the following two services that provide critical application-delivery protection and security:
- Azure Application Gateway provides a secure way of load balancing to service endpoints such as VMs and can be used for SSL termination, also called SSL offloading. Azure Application Gateway also provides web application firewall (WAF) capabilities to protect internet-facing web applications from application-layer attacks (L7); distribution of traffic is to endpoints within a region only.
- The Azure Front Door service provides an application delivery network (ADN) service. It also provides layer 7 (application layer) load balancing, WAF, and content acceleration capabilities for applications; however, it operates at the geographic layer and is not regional.
While both Front Door and Application Gateway are layer 7 (HTTP/HTTPS) load balancers, the primary difference is that Front Door is a global app delivery service; in contrast, Application Gateway is a regional app delivery service.
In summary, HTTP/HTTPS (layer 7) secure load balancing and content delivery is performed by both services; the key differentiator is the layer at which they operate—regional or global.
You can understand more about these two services and when it is appropriate to use each in a solution at the following link: https://docs.microsoft.com/azure/architecture/guide/technology-choices/load-balancing-overview.
It is also important to note that these solutions are not part of the exam objectives but were considered critical to be included.
In this section, we looked at other network and application protection solutions that are available in Azure but not part of the exam objectives. The following section looks at hands-on exercises to further build on your skills learned in this chapter.
Hands-on exercise
To support your learning with some practical skills, we will look at the hands-on creation of some of the resources covered in this chapter.
The following exercises will be carried out:
- Exercise 1 – Create an Azure key vault.
- Exercise 2 – Secure network access using an NSG.
Getting started
To get started with these hands-on exercises, you will need an Azure subscription that has access to create and delete resources in the subscription. You can use an existing account that you created as part of the exercises from any chapter in this book; alternatively, you can create a free Azure account from this link: https://azure.microsoft.com/free.
This free Azure account provides the following:
- 12 months of free services.
- USD $200 credit to explore Azure for 30 days.
- 25+ services that are always free.