This blog post was co-authored by Jessie Jia, Senior Program Manager
The Internet is the new corporate network and the structure that connects users, devices and data with applications of all kinds. It is fundamental how companies conduct their business, engage their customers, conduct trade, operate their supply chain, and enable their employees to work from anywhere. While the Internet is highly scalable and constantly expanding, it is not always well optimized for the wide variety of applications and user experiences, and has little cybersecurity protection to protect applications from increasing security threats and vulnerabilities.
Given how central these workloads are to businesses, they are looking for a new class of content delivery network (CDN) that goes beyond caching and can meet availability, latency, scalability, and most importantly, security goals. Additionally, they have requested a unified platform that enables both dynamic and static acceleration with built-in turnkey security integration and a simple and predictable pricing model.
In order to meet these customer requirements, we are introducing the preview of two new SKUs in the Azure doorstep familyIt combines the capabilities of Azure Front Door, Azure Content Delivery Network (CDN) standard, and Azure Web Application Firewall (WAF) in a single secure cloud CDN platform with intelligent threat protection and an easy-to-understand pricing model.
The Azure Front Door Standard SKU is optimized for content delivery and offers both static and dynamic content acceleration, global load balancing, SSL offload, domain and certificate management, advanced traffic analytics, and basic security features.
The Premium SKU for Azure Front Door builds on the functions of the standard SKU and offers comprehensive security functions for WAF, BOT protection, Azure Private Link support, integration with Microsoft Threat Intelligence and security analyzes.
Figure 1: New Azure Front Door SKUs
Azure Front Door Standard and Premium overview
The new Azure front door makes it easy to secure and accelerate apps, APIs and websites. Some of the key benefits you get with Azure Front Door include:
- Improved application security through built-in WAF protection against the top 10 vulnerabilities of the Open Web Application Security Project (OWASP), custom rules for application-specific protection and bot manager protection against automatic malicious attacks, all integrated into Microsoft Threat Intelligence, with layer 3 built in up to 4 DDoS protection (Distributed Denial of Service).
- Improved static and dynamic location acceleration at the network edge near the user, instant scale-out without warming up, global HTTP load balancing with instant failover, and fully customizable rules engine for advanced routing capabilities.
- Azure Front Door is built on Microsoft’s massive global global network and is a proven platform capable of powering some of Microsoft’s largest and latency sensitive global services such as Microsoft Office 365, Bing, LinkedIn and Xbox.
- Simplified deployment and automation with a cloud-native and developer-friendly service based entirely on the Representational State Transfer (REST) API.
In addition to supporting all available functions on Azure CDN standard, Azure front door, and Azure web application firewallThe new Standard and Premium SKUs also have the following new features in this preview:
Simplified and integrated user experience
The new SKUs offer the combined functions of Azure Front Door, Azure CDN Standard and Azure Web Application Firewall in an updated new portal.
- Simplified creation of the front door: We added Quick Create, which drastically reduces the deployment steps and configuration. We also offer a new guided experience to help you choose the right SKU based on your usage scenario. The existing Azure Front Door and CDN offerings can also be accessed through this unified experience.
- Simplified management experience: We’ve also improved the domain validation experience by removing the reliance on CNAME subdomain based verification to rely solely on the Domain Name System (DNS) TXT record-based validation. Domain validation is seamlessly integrated with Azure DNS, further reducing validation delays and avoiding problems with dangling subdomains.
- TLS certificate management: Both Standard and Premium SKUs offer Azure Managed Transport Layer Security (TLS) certificates by default for all of your custom domains at no additional cost. You never have to worry about the TLS certificate expiring. You can choose to bring your own TLS certificates using the built-in integration with Azure Key Vault.
Security and private origin
- Support of private origin: Integration with Azure Private Link is an industry first CDN feature that allows customers to keep their origins private and use a trustless access model. This integration eliminates the need to have origins with publicly available IP addresses, which greatly reduces the surface area. Any PaaS service integrated with Azure Private Link, such as Azure Storage and Azure App Services, can be used as a private origin. Your IaaS services that run behind an Azure Load Balancer can also be enabled to access Azure Private Link.
- WAF improvements: The Azure Front Door Premium SKU also enhances WAF capabilities by integrating Microsoft Threat Intelligence-created rules, CRS 3.2 signatures, and bot managers that effectively protect applications from the OWASP Top 10 and automated bot vulnerabilities.
Analytics and Telemetry
- Extended analysis functions for better troubleshooting and troubleshooting. The new SKUs not only improve the access logs and provide additional metrics, but also predefined reports on the provision and security of the traffic.
- Azure Front Door Health Probe Protocol: In addition to providing more metrics and improvements in diagnostic logs, we’re introducing the Health Probe Diagnostic Log, which you can use to debug when an origin is found to be bad.
Traffic report by location
We’ve reduced billing complexity by having fewer meters for customers to plan for. Each SKU includes a fixed monthly fee, tiered exit charges (data transfer out), requests per second (RPS), and entry charges (data transfer in). The Premium SKU for Azure Front Door includes WAF, DDoS, bot protection, and private link capabilities. Please refer to Azure front door pricing page for more details.
Getting started with the Azure front door preview today to explore more new features. If you are interested in exploring features that go beyond the standard offering, just send a feature request to ours UserVoice Side or feel free to Contact us by email. We’d love to hear your feedback!
Please stay tuned for additional features that will result from general availability.
For more information on everything we’ve covered in this blog post, please visit: