Application Service, Gateway & Certifications

App Service is a platform for building, deploying, and scaling web applications (including APIs). It supports .NET, contains monitoring and scaling tools and tools to help performance and security.

MobileTrack doesn't use App Service Containers with a Windows OS, but with a Linux OS. This is because the Linux OS is more cost-effective and provides better performance for our use case. Modern .NET applications (.NET Core and .NET 5 and up) can run on Linux. It is also for security considerations, as Linux is less prone to malware and other security threats compared to Windows, and provides any potential hacker less tools to exploit the system.

An Azure Application Gateway is a service that helps manage and control how web traffic (like requests from browsers or apps) reaches your servers or web apps. Calls to the website (which is hosted in the App Service) or Device receiver (in a Container Instance), are routed through the Application Gateway. The Gateway contains a firewall (only on production!) and forms a "gateway" into the virtual network where all resources reside.

The Gateway can also redirect calls to specific app services based on the route of the request. (e.g. the portal or the API)

For our purposes, the gateway also functions to handle TLS/SSL, meaning the app service, device receiver and gateway use the same certification from the KeyVault.

The TLS certificate for *.mobiletrack.nl is handled by Sectigo (for a very long time already). When we migrated to Azure, we stayed with the same certification provider. Sectigo provides us with tools out-of-the-box to bind our certification(s) to the Azure Key Vault, where they will be updated automatically when they expire^[1]. Sectigo has been provided access to our Azure environment in order to accomplish this.^[2].

The App Service, Application Gateway and Device Receiver Container Instance call the same KeyVault to receive the certification.

Other Resources