Site Migration to Azure: Azure Front Door is the Key to Speedy and Secure Websites

The software that runs this website is fairly old, but the old adage in software of "if it still runs, run it into the ground" is most certainly holding true around here, however, I recently started the arduous task of migrating this site into Azure as an App Service, with a dedicated VM running Sql Server 2019 to host the backend, with the ultimate goal of getting the database running in Azure Database as a managed PaaS instance. Along the way, I had to make some design decisions on how to handle frontend routing, firewall, and caching requirements to get the most performance and secure solution possible. Azure offers 3 frontend solutions, each with their own perks and caveats:

  1. Azure Load Balancer, which is a fairly basic layer 4 load balancer
  2. Azure Application Gateway, which is a layer 7 load balancer that adds routing capabilities based on host/port URI combinations
  3. Azure Front Door, which is also a layer 7 load balancer, but also adds URL rewriting, caching, and a sophisticated rules engine for processing routing requests

In my case, I settled on Azure Front Door (AFD) due to its extensive routing capabilities as well as its ability to perform caching which has led to enormous performance gains. I was also able to tidy up some broken links since AFD supports URL rewriting as part of its routing processing pipeline. The hardest part of the migration has been the database itself, but Azure's built in migration tools made the task much easier as it called out exceptions along the way, and Microsoft is offering up the live migration instances free for 180 days now, so you can do a rolling migration instead of a one-and-done with fingers crossed that it worked. The live migration option uses built-in Sql Server replication to keep the destination Azure DB instance up to date in real time, allowing you to specify the cutover when you've ensured everything is running as-expected.

AFD has been a breath of fresh air compared to the other frontend reverse proxy offerings in Azure, and one Front Door instance can scale out to handle literally hundreds of websites if you needed it to, and is also a very cost effective option. Basically, AFD can be a single global entry point to your various App Services if you so desired. If you haven't taken a look at AFD, I would highly recommend adding it to your Azure services.

