In this post, I will discuss another surprise service announcement from Microsoft Ignite, Azure Front Door, answering what this thing is, and dealing with the fear of “version 1.0”.
We have no shortage of network performance, load balancing and redirection options in Microsoft Azure:
Microsoft decided that this wasn’t enough, so they have made Front Door available to us – note that wording! But before we discuss Front Door, let’s talk about the Microsoft WAN.
Microsoft believes that they operate the second largest private global dark fiber network in the world:
Once you get a packet onto this WAN, you have an extremely low latency connection between any two points. For example, if a client connects to Azure in California, they have a low latency connection all the way to Microsoft services in The Netherlands – the speed cannot be matched on the public Internet where there would be many hops and much higher latency.
Let’s say that you use a service such as CloudFlare or Azure’s Traffic Manager to present a web service to the world. Once a client hits your public frontend, it will be redirected across the public Internet to the public IP address (endpoint) of your website. If the client is in Sydney, Australia, and the service is hosted in India, then that introduces a lot of latency. Static content delivery will be enhanced, but other interactive services will suffer from latency.
What if we could enable the client to enter the Microsoft WAN closer to their location, and connect to the Azure-hosted service across that WAN?
Microsoft developed Front Door 5 years ago to enhance the performance of interactive services such as Office 365 and Bing. Since then, this globally deployed service has been battle tested by millions, if not billions, of users. Front Door is not new – it’s newly available – making it an unusual “new” cloud service because it is already mature.
What does it do? Front Door is an entry point into the Microsoft WAN that is deployed in edge sites around the world. When you connect to a service that Front Door is enhancing, you enter the Microsoft WAN through the closest (AnyCast) edge site and, from there, you connect to the closest available (probe tested) instance or replica of the service via the Microsoft WAN.
You can think of Front Door as global load balancing, but it is doing more by enhancing performance. High availability is added too; you can deploy multiple instances of your service around the world, which also enhances performance, but a health probe will remove an instance from service while it is deemed unresponsive.
You can configure many sites through Front Door. This is a service that Microsoft has been using for their own cloud services, so it is hugely scalable.
Additional services are also offered:
Front Door is a consumption-based service, meaning that you pay for what you use. The service is in Preview, so it is offering lower than normal prices, which we should expect to increase – double based on recent preview-to-general availability price changes. The preview pricing for outbound data transfer through Front Door works out roughly the same as the cost of regular outbound data transfer, which is OK.
It looks like that routing rules within Front Door will eventually have a charge – it is free today, but that free charge is on the price list. And notably, inbound data transfer does have an unwelcome charge – that’s the first occurrence of this that I have observed in Microsoft Azure and I hope that it is not a precedent.
I have not had a chance to test or deploy Front Door with a real-world scenario yet. But I like the concept. This is not a service for everyone, but I do have a few customers with large international services where the performance will be important, and Front Door will play a role, possibly in conjunction with other network enhancements such as the WAG. I’ll post more about Front Door when I have had a chance to test it out.