Knock knock: using Azure FrontDoor to accelerate, deliver and protect your web services

Accelerate

Your users are busy. They want things done as quickly as possible, we’re sure of that. It’s also why 70% of internet traffic uses a CDN to accelerate the delivery of media, apps, APIs, and websites. So how does FrontDoor fit into this? For a start, you don’t need to deploy a FrontDoor instance in each region to serve your users. It’s an inherently globally distributed service that uses AnyCast IP to establish a presence in each of Microsoft's 118 edge locations around the globe. It really is as easy as that. One instance provides global reach, out of the box, at scale.

Each edge location of FrontDoors’ global application and content delivery network will cache your static and dynamic content in a physical location nearest your users. Even in this complex world of ours, some simple laws stay true no matter what - shorter distances mean less travel time, and thus, improved speed equalling happy users. FrontDoor can even be configured to compress content before sending it to users, further accelerating the delivery time of cached content.

Globally distributed caching is an impressive feat on its own, but FrontDoor has a few more features to speed up its delivery.

Each request on the web starts with establishing a TCP connection between a user and a server. This involves several back-and-forth messages that can add up to prolonged periods of latency. Azure FrontDoor uses a technique called Split TCP, where your users establish a TCP connection with their local edge location, while FrontDoor has a pre-established session with your origin servers. This speeds up the TCP handshake process, reduces latency and, overall, improves performance. Combine this with SSL-Offload and you can further reduce the number of TCP roundtrips needed to establish a connection between a client and your content.

Deliver

So, acceleration determines where content is delivered, now let’s take a moment to focus on how content is delivered to your users. The powerful routing and rules engine of FrontDoor allows us to interpret certain aspects of a request and implement a desired action. For example, we may want to direct users in a certain geographical region to a specific set of servers, or even block them outright. Or maybe, we want to redirect users to a different site if they’re using a mobile device and enforce certain headers to prevent browser vulnerabilities for desktop users.

Not only is the rules engine a powerful tool, but it allows FrontDoor to move your business logic to the edge, further freeing up your resources to focus on processing and content generation.

Protect

Let’s start with the inherent advantages. We’ve touched on FrontDoor’s global distribution, and we will add here that global scale can insulate workloads against spikes in traffic, be that organic or malicious. But the service also includes fully managed SSL certificates, even for your custom domains, with automatic renewal and rotation. In addition, FrontDoor includes default Azure DDoS protection to intercept and absorb large-scale attacks. A few less things for you to worry about, right from the starting blocks.

But it wouldn’t be much of a door without a lock. FrontDoor can be configured with a Web Application Firewall to protect your web services from known attacks and exploits identified by OWASP and Microsoft’s own Threat Intelligence Collection. And if that isn't enough, you can also use your own policies to further secure your apps. For example, you may introduce rate limiting to mitigate some denial-of-service attacks, or block PUT requests to certain parts of your site. You could even enable bot protection to stop bad or unknown agents accessing your sites while still allowing trusted sources through; an increasingly important approach in protecting your apps against ravenous AI scrapers.

As you can see, FrontDoor's power lies in its location. All its features sit at the edge, away from your resources, making it a service well worth considering, even if your business operates out of a single region. The speed, agility and protection on offer are just too valuable to be ignored.

That’s the technical bit covered, but what do you do with that information, and how can you now implement this? Speak a cloud expert to discuss suitable cloud services and design a pattern that meets your business needs (without over complicating it).