Finally it’s here! This was introduced to the Roadmap in March 29th 2022. It was a long wait but it was worth the wait!
Read here the full announcement!
Table of Contents
Why this is a big deal?
First there was Front Door Classic and many customers started using it and then came two new SKU’s called Standard and Premium.
But now there was no way for migrate the provisioned engine parts to the new SKU’s.
You had to create them one by one, rule by rule and route by route.
What is the difference between the SKU’s?
Here an list from Microsoft on the different features and how they compare to each other.
| Features and optimization | Standard | Premium | Classic |
|---|---|---|---|
| Static file delivery | Yes | Yes | Yes |
| Dynamic site deliver | Yes | Yes | Yes |
| Custom domains | Yes – DNS TXT record based domain validation | Yes – DNS TXT record based domain validation | Yes – CNAME based validation |
| Cache manage (purge, rules, and compression) | Yes | Yes | Yes |
| Origin load balancing | Yes | Yes | Yes |
| Path based routing | Yes | Yes | Yes |
| Rules engine | Yes | Yes | Yes |
| Server variable | Yes | Yes | No |
| Regular expression in rules engine | Yes | Yes | No |
| Expanded metrics | Yes | Yes | No |
| Advanced analytics/built-in reports | Yes | Yes – includes WAF report | No |
| Raw logs – access logs and WAF logs | Yes | Yes | Yes |
| Health probe log | Yes | Yes | No |
| Custom Web Application Firewall (WAF) rules | Yes | Yes | Yes |
| Microsoft managed rule set | No | Yes | Yes – Only default rule set 1.1 or below |
| Bot protection | No | Yes | No |
| Private link support | No | Yes | No |
| Simplified price (base + usage) | Yes | Yes | No |
| Azure Policy integration | Yes | Yes | No |
| Azure Advisory integration | Yes | Yes | No |
So as we can see, security is missing from the Classic one, don’t get me wrong, there is things you can protect but newest protection capabilities aren’t there.
Azure Front Door Classic
- Is an Application Delivery Network (ADN) as a service
- Offers various layer 7 load-balancing capabilities for your applications.
- It provides dynamic site acceleration (DSA)
- Provides global load balancing with near real-time failover.
- It is a highly available and scalable service, which is fully managed by Azure.
Azure Front Door Standard
- Content delivery optimized
- Offering both static and dynamic content acceleration
- Global load balancing
- SSL offload
- Domain and certificate management
- Enhanced traffic analytics
- Basic security capabilities
Azure Front Door Premium
- builds on capabilities of Standard SKU, and adds:
- Extensive security capabilities across WAF
- BOT protection
- Private Link support
- Integration with Microsoft Threat Intelligence and security analytics.
Read more from my previous posts in my AZ-500 study guide when those new SKU’s were still in preview.
Migration interface
And once you hit Validate, it will couple of seconds to complete.
And once it’s done, you choose the name for the new migrated pool and the SKU.
Once you hit Prepare, it will warn with the following.
It will take some time once it creates the new pool for AFD.
Once done hit Migrate!
And see the magic happen!
When you go back to AFD Classic instance, you will see this warning.
And the editing is completely enforced, which makes total sense.
Closure
Excellent work from Azure Network Security team! This really helping on progressing those migration to newest versions of Front Door!
RSS - Posts