規劃應用程式傳遞Plan for application delivery

本節將探索主要的建議,以安全、可高度擴充且高可用性的方式,提供面向內部和外部應用程式。This section explores key recommendations to deliver internal-facing and external-facing applications in a secure, highly scalable, and highly available way.

設計考慮:Design considerations:

  • Azure 負載平衡器 (內部和公用) 為區域層級的應用程式傳遞提供高可用性。Azure Load Balancer (internal and public) provides high availability for application delivery at a regional level.

  • Azure 應用程式閘道可讓您在區域層級進行 HTTP/S 應用程式的安全傳遞。Azure Application Gateway allows the secure delivery of HTTP/S applications at a regional level.

  • Azure Front 可在 Azure 區域之間提供高可用性 HTTP/S 應用程式的安全傳遞。Azure Front Door allows the secure delivery of highly available HTTP/S applications across Azure regions.

  • Azure 流量管理員可讓您提供全球應用程式。Azure Traffic Manager allows the delivery of global applications.

設計建議:Design recommendations:

  • 在登陸區域內執行應用程式傳遞,以進行面向內部和外部應用程式。Perform application delivery within landing zones for both internal-facing and external-facing applications.

  • 針對 HTTP/S 應用程式的安全傳遞,請使用應用程式閘道 v2,並確定已啟用 WAF 保護和原則。For secure delivery of HTTP/S applications, use Application Gateway v2 and ensure that WAF protection and policies are enabled.

  • 如果您無法使用應用程式閘道 v2 來取得 HTTP/S 應用程式的安全性,請使用合作夥伴 NVA。Use a partner NVA if you can't use Application Gateway v2 for the security of HTTP/S applications.

  • 部署 Azure 應用程式閘道 v2 或合作夥伴 Nva,用於登陸區域虛擬網路內的輸入 HTTP/S 連線,以及其所保護的應用程式。Deploy Azure Application Gateway v2 or partner NVAs used for inbound HTTP/S connections within the landing-zone virtual network and with the applications that they're securing.

  • 針對登陸區域中的所有公用 IP 位址,使用 DDoS 標準保護計劃。Use a DDoS standard protection plan for all public IP addresses in a landing zone.

  • 使用 Azure Front WAF 原則來提供和協助保護橫跨 Azure 區域的全球 HTTP/S 應用程式。Use Azure Front Door with WAF policies to deliver and help protect global HTTP/S applications that span Azure regions.

  • 當您使用前門和應用程式閘道來協助保護 HTTP/S 應用程式時,請使用 Front WAF 原則。When you're using Front Door and Application Gateway to help protect HTTP/S applications, use WAF policies in Front Door. 鎖定應用程式閘道,只接收來自前門的流量。Lock down Application Gateway to receive traffic only from Front Door.

  • 使用流量管理員來提供跨越 HTTP/S 以外之通訊協定的全球應用程式。Use Traffic Manager to deliver global applications that span protocols other than HTTP/S.