Zero downtime migration for Azure Front Door—now in preview

07

Nov

Zero downtime migration for Azure Front Door—now in preview

https://azure.microsoft.com/blog/zero-downtime-migration-for-azure-front-door-now-in-preview/

In March of this year, we announced the general availability of two new Azure Front Door tiers. Azure Front Door Standard and Premium is our native, modern cloud content-delivery network (CDN), catering to both dynamic and static content delivery acceleration with built-in turnkey security and a simple and predictable pricing model. It has already been widely adopted by many of our customers. We also promised to provide a zero downtime migration tool to migrate from Azure Front Door (classic) and Azure CDN from Microsoft (classic) to the new Azure Front Door tier.

Today, we are taking the next step in that journey, and we are excited to announce the preview of the Azure Front Door tier migration capability as well as some new additional features. The migration capability for Azure CDN from Microsoft (classic) will be coming soon.

New features/capabilities on the new Front Door since general availability

Along with the migration feature, we added more capabilities, and integrations to the new Front Door tiers to provide you a better cloud CDN solution and a more integrated Azure cloud experience.

  • Preview—Upgrade from Standard to Premium tier without downtime: To learn more about upgrading to Premium tier, see Azure Front Door Tier Upgrade. This capability is also supported during the migration from Azure Front Door (classic) to the new Front Door tier.
  • Preview—Managed identities integration: Azure Front Door now supports Managed Identities generated by Azure Active Directory to allow Front Door to easily and securely access other Azure AD–protected resources such as Azure Key Vault. This feature is in addition to the AAD Application access to Key Vault that is currently supported. To learn more about how to enable managed identities on Azure Front Door Standard and Premium, please read Set up managed identity with Front Door.
  • Integration with App Service: Front Door can now be deployed directly from the App Service resource with a few clicks. The previous deployment workflow only supported Azure Front Door (classic) and Azure CDN.
  • Pre-validated domain integration with Static Web Apps: Static Web App (SWA) customers who have already validated custom domains at the SWA level can now skip domain validation on their Azure Front Door. For more details, see Configure a custom domain on Azure Front Door using the Azure portal.
  • Terraform support for Azure Front Door Standard and Premium, enabling the automation of Azure Front Door Standard and Premium provisioning using Terraform. For more information, see Create a Front Door Standard/Premium profile using Terraform.
  • Azure Advisor integration provides suggestions for best practices and configurations, including expired certificates, certificates about to expire, autorotation failure for managed certificates, domains pending validation after 24 hours, use the latest "secret" version.

Migration overview

Azure Front Door enables you to perform a zero-downtime migration from Azure Front Door (classic) to Azure Front Door Standard or Premium in just three simple steps. The migration will take a few minutes to complete depending on the complexity of your Azure Front Door (classic) instance, such as the number of domains, backend pools, routes, and other configurations.

Screenshot of the form used to initiate migration from classic Front Door to a Front Door Standard or Premium profile.

If your Azure Front Door (classic) instance has custom domains with your own certificates, there will be two extra steps to enable managed identities and grant managed identity to a key vault for the new Azure Front Door profile.

Screen shot of the two added steps needed to enable merged identities and grant managed identity to a key vault for the new Azure Front Door profile.

The classic instance will be migrated to the Standard or Premium tier by default based on the Azure Front Door (classic) WAF configurations. Upgrading from the Standard tier to Premium during the migration is also supported. If your Azure Front Door (classic) qualifies to migrate to Azure Front Door Standard, but the number of resources exceeds the standard quota limit, the Azure Front Door (classic) instances will be migrated to a Premium profile instead.

If you have Web Application Firewall (WAF) policies associated with the Front Door profile, the migration process will create copies of your WAF policies and configurations for the new Front Door profile tier. You can also use an existing WAF policy that matches the tier you're migrating to.

Azure Front Door tier migration is supported using the Azure portal. Azure PowerShell, Azure CLI, SDK, and Rest API support will come soon.

You’ll be charged for the Azure Front Door Standard and Premium base fee from the moment the migration completes. Data transfer out from edge location to client, Outbound Data Transfer from Edge to the Origin, Requests will be charged based on the traffic flow after migration. For more details about Azure Front Door Standard and Premium pricing, see our pricing for Azure Front Door.

Notable changes after migration

  • DevOps: Azure Front Door Standard and Premium uses a different resource provider namespace Microsoft.Cdn, while Azure Front Door (classic) uses Microsoft.Network. After migration from classic to the Standard or Premium tier, you’ll need to change your Dev-Ops scripts and infrastructure code to use the new namespace and updated ARM template, Bicep, PowerShell Module, Terraform, CLI commands, and API.
  • Endpoint: The new Front Door endpoint gets generated with a hash value to prevent domain takeover, in the format of endpointname-hashvalue.z01.azurefd.net. The Azure Front Door (classic) endpoint name will continue to work after migration. However, we recommend replacing it with the newly created endpoint in Azure Front Door Standard and Premium. For more information, refer to Endpoint in Azure Front Door.
  • Diagnostic logs and metrics won’t be migrated. We recommend you enable diagnostic logs and monitoring metrics in your Azure Front Door Standard or Premium profile after migration. Azure Front Door Standard and Premium tier also offers built-in reports and health probe logs.

Get started

Get started with your Azure Front Door migration today!

To learn more about the service and various features, refer to the Azure Front Door documentation.

Learn more about Azure Front Door's tier migration capabilities

We’re looking forward to your feedback to drive a better experience for the general availability of the migration feature.

Share