Configuring Backend Pools in Azure Application Gateway

A backend pool is a logical grouping of backend servers. The Application Gateway routes client requests to the servers in the backend pool. You can configure backend pools to include virtual machines, virtual machine scale sets, web apps, or any other internet-facing or internal IP addresses and fully qualified domain names (FQDNs).

What is a Backend Pool?

When you configure an Application Gateway, you define one or more backend pools. Each backend pool can contain one or more backend targets. These targets are the servers or services that will handle the incoming application traffic.

Key Components of a Backend Pool:

• Backend Targets: These are the actual IP addresses or FQDNs of your application servers.
• Port: The port on which the backend targets listen for traffic.
• Protocol: The protocol used for communication with backend targets (HTTP or HTTPS).

Types of Backend Targets

Application Gateway supports various types of backend targets:

• Virtual Machine Scale Sets (VMSS): Dynamically scalable sets of virtual machines.
• Virtual Machines (VMs): Individual virtual machines.
• App Service: Azure App Service instances.
• IP Addresses/FQDNs: Any IP address (private or public) or FQDN that is resolvable.

Creating a Backend Pool

You can create and manage backend pools through the Azure portal, Azure CLI, Azure PowerShell, or ARM templates.

Using the Azure Portal:

1. Navigate to your Application Gateway resource in the Azure portal.
2. In the left-hand menu, under Settings, select Backend pools.
3. Click Add to create a new backend pool.
4. Provide a name for your backend pool.
5. Under Target type, select the type of backend targets you want to add.
6. Add your backend targets by selecting them from the list or entering their IP addresses/FQDNs.
7. Specify the port and protocol for the backend targets.
8. Click Add to save the backend pool.

Backend Pool Settings

When configuring a backend pool, you have several important settings to consider:

HTTP Settings

Backend pool settings are often linked to HTTP settings, which define how Application Gateway communicates with the backend targets. This includes:

• Backend protocol: HTTP or HTTPS.
• Backend port: The port to which traffic is sent.
• Use well known CA certificate: For HTTPS, whether to use a trusted CA certificate for backend validation.
• Override with new host name: Whether to override the host name in the HTTP request.
• Custom probe: Associate a custom health probe to monitor backend health.

Managing Backend Targets

Once a backend pool is created, you can add, remove, or modify backend targets. For dynamic targets like VMSS or App Service, Application Gateway can automatically detect changes in the backend infrastructure.

Adding Additional Backend Targets:

1. Select an existing backend pool.
2. Click Add backend target.
3. Choose the type and specify the target.
4. Save the changes.

Backend Health

Application Gateway continuously monitors the health of backend servers using health probes. When a backend server is deemed unhealthy, Application Gateway stops sending traffic to it until it recovers. You can view the health status of your backend pool members in the portal.

Use Cases for Backend Pools

• Load Balancing: Distribute incoming traffic across multiple backend servers for high availability and scalability.
• Application Migration: Gradually migrate applications by adding new backend instances to existing pools.
• A/B Testing: Route a portion of traffic to a new version of your application running on different backend targets.

Understanding and effectively configuring backend pools is crucial for leveraging the full capabilities of Azure Application Gateway for reliable and scalable application delivery.