I am planning to create 3 environments for my application that is hosted on Azure VM(Dev, UAT and Prod). All 3 VMs will be in same VNET. I am planning to access the UAT and Prod application through front door. For disaster recovery I have ASR replication in different region in different VNET. I am bit confused for how many static IP address do I need for this? I am assuming it will be 3 IP address, 1 for Prod and UAT each and 1 for ASR VM? Or 2 IP address will be enough? Do I need public IP address or Private IP address will work?
Thanks in advance, Rajesh
• I would suggest you create an application gateway and host your three environments, i.e, Dev, UAT and Prod on three different VMs. Once hosted, then ensure that these are added as backend endpoint targets in the application gateway. Then, ensure that the application gateway is assigned a public IP address such that it is accessible by anyone from outside and configure the rules in the application gateway for routing the requests accordingly to the UAT and Production application through front door.
• And then, ensure that a public IP address is selected as the ‘Origin type’ and ‘Origin Hostname’ for the public IP address created in the same region is selected in the Azure front door configuration. This will ensure that the traffic that is reaching to the published public IP address is routed through the application gateway in which ‘WAF’ policy is configured. In the WAF policy, you can configure the web request filtering according to the type of request received through the front door for UAT or Production applications on the VMs.
• Finally, `create an ‘A’ host DNS record for the public IP address published as an origin type in the Azure Front door such that anyone accessing the ‘A’ host record will be redirected to the applications hosted on the VMs, i.e., Dev, UAT or Prod and furthermore, since they are accessing these through the Azure front door, the ‘WAF’ policy will take effect and filter the requests and redirect accordingly to the concerned VMs/apps. And since, for a WAF policy, an application gateway needs to be provisioned which fulfils the purpose of load balancing the requests for backend pools/VMs added in it.
In this way, you can design your infrastructure for accessing the apps hosted on VMs irrespective of static IP address but do ensure that your VMs do have a private IP address and are hosted in a private virtual network.