Add support for pointing an Application Gateway backend pools to Traffic Manager profiles
We'd like to start using URL-based routing for load balancing our web application, but we don't want to lose the auto-failover capabilities of our current TM profiles.
Ideally, I'd like to point an Application Gateway backend pool to a Traffic Manager Profile (which in turn would point to Azure Web Apps configured in prioritized failover).
Currently, there's no easy way to do this; if all pool members become unhealthy, you have to failover at the application gateway level to another application gateway. This requires a lot of unnecessarily redundant (and expensive) infrastructure for simply configuring failover for a backend pool of web servers.
If you added support for configuring traffic manager profiles as backend pools in AG, then I'd be able to route traffic by URL at the AG-level, then point the routed traffic to the appropriate web app endpoints via TM profiles.
In this setup, if any web app endpoints become unhealthy, Traffic Manager would handle marking the endpoints as degraded, and re-route the traffic appropriately.
Alternatively, I suppose you could add support for configuring prioritized load balancing within a backend pool in application gateway. This could be implemented using traditional priority-based (like in a traffic manager profile), or via traditional active/passive failover pairs. However, it seems like the easier and more flexible scenario would be to allow a traffic manager profile to be a backend pool member. This would allow a tighter integration of existing services, and keep all the failover logic happening in TM, and all the SLL termination and routing happening in AG.
Le Roi commented
Interesting .... Let's assume your traffic manager profile has been setup with a custom domain eg. X.Mysite.com , CNAME Entry points to X.trafficmanager.net ... then in theory , your back-end pool can be setup to point to this custom domain URL (X.MySite.com) instead (use FQDN) and if the certificate matches the one you configured in the http settings , then in theory the traffic should be routed to the custom domain , which in turn will route it via traffic profile manager to the appropriate app service ... the caveat being that the traffic manager and app services it's fronts need to be configured with the custom domain and SSL certificate. I am about to test this out on our dev gateway - the theory is sound , but need to see if it actually works .... You would need to configure your health probe appropriately of course.