You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-resource-manager/management/relocation/relocation-app-gateway.md
+6-13Lines changed: 6 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,12 +19,11 @@ ms.custom: subject-relocation
19
19
## Prerequisites
20
20
21
21
- Verify that your Azure subscription allows you to create Application Gateway SKUs in the target region.
22
-
23
22
- Plan your relocation strategy with an understanding of all services that are required for your Application Gateway. For the services that are in scope of the relocation, you must select the appropriate relocation strategy.
24
23
25
24
- Ensure that the Application Gateway subnet at the target location has enough address space to accommodate the number of instances required to serve your maximum expected traffic.
26
25
27
-
- For Application Gateway's deployment, you must consider and plan the setup of the following sub-resources:
26
+
- For Application Gateway's deployment, you must consider and plan the setup of the following subresources:
@@ -44,27 +43,22 @@ If you only want to relocate in order to gain availability zones support, see [M
44
43
**To create a separate Application Gateway, WAF (optional) and IP address:**
45
44
46
45
1. Go to the [Azure portal](https://portal.azure.com).
47
-
48
46
1. If you use TLS termination for Key Vault, follow the [relocation procedure for Key Vault](./relocation-key-vault.md). Ensure that the Key Vault is in the same subscription as the relocated Application Gateway. You can create a new certificate or use the existing certificate for relocated Application Gateway.
49
-
50
47
1. Confirm that the virtual network is relocated *before* you relocate. To learn how to relocate your virtual network, see [Relocate Azure Virtual Network](./relocation-virtual-network.md).
51
-
52
48
1. Confirm that the backend pool server or service, such as VM, Virtual Machine Scale Sets, PaaS, is relocated *before* you relocate.
53
-
54
49
1. Create an Application Gateway and configure a new Frontend Public IP Address for the virtual network:
50
+
55
51
- Without WAF: [Create an application gateway](../../../application-gateway/quick-create-portal.md#create-an-application-gateway).
56
52
- With WAF: [Create an application gateway with a Web Application Firewall](../../../web-application-firewall/ag/application-gateway-web-application-firewall-portal.md).
57
53
58
54
1. If you have a WAF config or custom rules-only WAF Policy, [transition it to to a full WAF policy](../../../web-application-firewall/ag/migrate-policy.md).
59
-
60
55
1. If you use a zero-trust network (source region) for web applications with Azure Firewall and Application Gateway, follow the guidelines and strategies in [Zero-trust network for web applications with Azure Firewall and Application Gateway](/azure/architecture/example-scenario/gateway/application-gateway-before-azure-firewall).
61
-
62
56
1. Verify that the Application Gateway and WAF are working as intended.
63
-
64
57
1. Migrate your configuration to the new public IP address.
58
+
65
59
1. Switch Public and Private endpoints in order to point to the new application gateway.
66
60
1. Migrate your DNS configuration to the new Public- and/or Private IP address.
67
-
1. Update endpoints in consumer applications/services. Consumer application/services updates are usually done by means of a properties change and redeployment. However, perform this method whenever a new hostname is used in respect to deployment in the old region.
61
+
1. Update endpoints in consumer applications/services. Consumer application/services updates are done with a properties change and redeployment. However, perform this method whenever a new hostname is used in respect to deployment in the old region.
68
62
69
63
1. Delete the source Application Gateway and WAF resources.
70
64
@@ -73,10 +67,9 @@ If you only want to relocate in order to gain availability zones support, see [M
73
67
The certificates for TLS termination can be supplied in two ways:
74
68
75
69
-*Upload.* Provide an TLS/SSL certificate by directly uploading it to your Application Gateway.
76
-
77
-
-*Key Vault reference.* Provide a reference to an existing Key Vault certificate when you create a HTTPS/TLS-enabled listener. For more information on downloading a certificate, see [Relocate Key Vault to another region](./relocation-key-vault.md).
70
+
-*Key Vault reference.* Provide a reference to an existing Key Vault certificate when you create an HTTPS/TLS-enabled listener. For more information on downloading a certificate, see [Relocate Key Vault to another region](./relocation-key-vault.md).
78
71
79
72
>[!WARNING]
80
-
>References to Key Vaults in other Azure subscriptions are supported, but must be configured via ARM template, Azure PowerShell, CLI, Bicep, etc. Cross-subscription key vault configuration is not supported by Application Gateway via Azure portal.
73
+
>References to Key Vaults in other Azure subscriptions are supported, but must be configured via ARM template, Azure PowerShell, CLI, Bicep, etc. Cross-subscription key vault configuration isn't supported by Application Gateway via Azure portal.
81
74
82
75
Follow the documented procedure to enable [TLS termination with Key Vault certificates](/azure/application-gateway/key-vault-certs#configure-your-key-vault) for your relocated Application Gateway.
0 commit comments