Forum Discussion

miksingh's avatar
miksingh
Copper Contributor
Nov 25, 2022

Azure Application Gateway v2 - SSL

Hi, 

 

I am planning to use App Gateway v2 and the backend will be a collection of Windows VMs hosting an application. The application will be used internally and the App Gateway will perform the SSL offloading. However when the App Gateway sends the traffic down stream to the VMs it makes sense to to also encrypt this traffic. MS advise that you have another certificate for the servers and the App Gateway will handle the encryption. So in summary traffic from User/App Gateway is encrypted with one key and then decrypted, then traffic between App Gateway/Backend (servers) is encrypted with another key. One of the benefits of SSL offloading is so that the servers (backend) do not have to process the decryption, however we still seek end-to-end encryption. My question is does not not just make sense to pass the traffic from the users straight to the servers and have the traffic decrypted there?

 

The link to the image below may help visualize the scenario. 

https://learn.microsoft.com/en-us/training/modules/end-to-end-encryption-with-app-gateway/media/4-exercise-elements.svg

 

 

  • Vishal251943's avatar
    Vishal251943
    Copper Contributor
    How we decide the size of the AGW V1, is it small/medium/large
    what is the range of traffic in KB/MB?

Resources