You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/operational-excellence/relocation-app-gateway.md
+5-10Lines changed: 5 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,8 +16,6 @@ ms.custom:
16
16
17
17
This article covers the recommended approach, guidelines, and practices to relocate Application Gateway and WAF between Azure regions.
18
18
19
-
20
-
21
19
>[!IMPORTANT]
22
20
>The redeployment steps in this document apply only to the application gateway itself and not the backend services to which the application gateway rules are routing traffic.
23
21
@@ -38,12 +36,10 @@ ms.custom:
38
36
39
37
- Ensure that the Application Gateway subnet at the target location has enough address space to accommodate the number of instances required to serve your maximum expected traffic.
40
38
41
-
42
39
## Redeploy
43
40
44
41
To relocate Application Gateway and optional WAF, you must create a separate Application Gateway deployment with a new public IP address at the target location. Workloads are then migrated from the source Application Gateway setup to the new one. Since you're changing the public IP address, changes to DNS configuration, virtual networks, and subnets are also required.
45
42
46
-
47
43
If you only want to relocate in order to gain availability zones support, see [Migrate Application Gateway and WAF to availability zone support](../reliability/migrate-app-gateway-v2.md).
48
44
49
45
**To create a separate Application Gateway, WAF (optional) and IP address:**
@@ -56,10 +52,9 @@ If you only want to relocate in order to gain availability zones support, see [M
56
52
57
53
1. Confirm that the backend pool server or service, such as VM, Virtual Machine Scale Sets, PaaS, is relocated *before* you relocate.
58
54
59
-
2. Create an Application Gateway and configure a new Frontend Public IP Address for the virtual network:
55
+
1. Create an Application Gateway and configure a new Frontend Public IP Address for the virtual network:
60
56
- Without WAF: [Create an application gateway](../application-gateway/quick-create-portal.md#create-an-application-gateway).
61
57
- With WAF: [Create an application gateway with a Web Application Firewall](../web-application-firewall/ag/application-gateway-web-application-firewall-portal.md)
62
-
63
58
64
59
1. If you have a WAF config or custom rules-only WAF Policy, [transition it to to a full WAF policy](../web-application-firewall/ag/migrate-policy.md).
65
60
@@ -68,9 +63,9 @@ If you only want to relocate in order to gain availability zones support, see [M
68
63
1. Verify that the Application Gateway and WAF are working as intended.
69
64
70
65
1. Migrate your configuration to the new public IP address.
71
-
1. Switch Public and Private endpoints in order to point to the new application gateway.
72
-
1. Migrate your DNS configuration to the new Public- and/or Private IP address.
73
-
1. Update endpoints in consumer applications/services. Consumer application/services updates are usually done by means of a properties change and redeployment. However, perform this method whenever a new hostname is used in respect to deployment in the old region.
66
+
1. Switch Public and Private endpoints in order to point to the new application gateway.
67
+
1. Migrate your DNS configuration to the new Public- and/or Private IP address.
68
+
1. Update endpoints in consumer applications/services. Consumer application/services updates are usually done by means of a properties change and redeployment. However, perform this method whenever a new hostname is used in respect to deployment in the old region.
74
69
75
70
1. Delete the source Application Gateway and WAF resources.
76
71
@@ -84,7 +79,7 @@ The certificates for TLS termination can be supplied in two ways:
84
79
-*Key Vault reference.* Provide a reference to an existing Key Vault certificate when you create a HTTPS/TLS-enabled listener. For more information on downloading a certificate, see [Relocate Key Vault to another region](./relocation-key-vault.md).
85
80
86
81
>[!WARNING]
87
-
>References to Key Vaults in other Azure subscriptions are supported, but must be configured via ARM template, Azure PowerShell, CLI, Bicep, etc. Cross-subscription key vault configuration is not supported by Application Gateway via Azure portal.
82
+
>References to Key Vaults in other Azure subscriptions are supported, but must be configured via ARM template, Azure PowerShell, CLI, Bicep, etc. Cross-subscription key vault configuration is not supported by Application Gateway via Azure portal.
88
83
89
84
90
85
Follow the documented procedure to enable [TLS termination with Key Vault certificates](/azure/application-gateway/key-vault-certs#configure-your-key-vault) for your relocated Application Gateway.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments