0

I am creating a standard multi-tenant site that has the following structure:

  • example.com
  • tenant1.example.com
  • tenant2.example.com

The hosting is Azure web apps. Tenants are generated dynamically (there could be many) and the site includes real-time components, so utilises Azure SignalR. The site will have a wildcard SSL/TLS certificate to enable the subdomain structure.

Rather than going direct to the app service in one region, I'd like to put a load balancer in front of this and route traffic to regional clusters, or maybe even isolated instances for larger clients. It would also be good to have the DDOS protection that comes in-built with these things.

Azure Front Door was my first investigation, this can handle wildcard certificates but doesn't support SignalR.

Application Gateway was my next investigation, this can handle SignalR, but doesn't support wilcard certificates.

In terms of DDOS attacks, it seems we can enable a form of protection directly on the web apps. However, to me, this seems like it would throttle an attack rather than provide (low-cost) protection, as I believe a load balancer would.

How can I load balance this situation please?

JsAndDotNet
  • 16,260
  • 18
  • 100
  • 123
  • Hey @HockeyJ. Reach out to me at _AzCommunity[at]microsoft[dot]com_ ATTN Ryan or send me a private message so I can assist you with this. – Ryan Hill Jun 04 '20 at 19:38
  • Hi @RyanHill-MSFT. Thanks for responding. I couldn't wait, so moved the tenancy into the URL instead of the subdomain. It might bite us later, but it's also made authentication a lot easier, so I'm going with it for now. – JsAndDotNet Jun 08 '20 at 06:51

0 Answers0