Hello Andreas,
Thank you for your inquiry on Microsoft Q&A.
To attain a zone-redundant deployment of Azure App Service and NAT Gateway, consider the following steps:
- Begin by establishing an Azure Virtual Network (VNet) comprising three subnets, each associated with a specific availability zone. Ensure that zone redundancy is enabled for the VNet.
- Create an App Service plan within your VNet, selecting the multi-tenant elastic premium pricing tier. This plan will serve as the hosting environment for your App Service application.
- Deploy your App Service application to the newly created App Service plan. This ensures that your application is hosted in a zone-redundant manner.
- Deploy a NAT gateway instance in each of the availability zones (typically three instances for full redundancy). Configure these NAT gateways to share the same public IP address prefix.
- Adjust the subnet configurations to direct all outbound traffic through the NAT gateways. This step guarantees that all outbound traffic from your App Service app is routed through the zone-redundant NAT gateways.
Additional Information:
- Consider utilizing a Traffic Manager profile to uniformly distribute incoming traffic across the NAT gateways in each availability zone. This load balancing ensures high availability and optimal performance.
- Implement an Azure Load Balancer to distribute incoming traffic to your App Service application. This enhances scalability and provides fault tolerance.
- To fortify security against malicious traffic, you can deploy Azure Firewall, adding an additional layer of protection.
Regarding additional components such as Internal Load Balancers (ILBs), Network Virtual Appliances (NVAs), and route tables, these are typically not mandatory for achieving zone redundancy in this scenario. However, it's advisable to assess their necessity based on your specific networking and security requirements.
As for App Service Environment, it does offer zone redundancy but comes at a higher cost compared to the approach outlined above. Ensure you consider your budget and specific deployment needs when deciding between the two options.
Additionally, it's crucial to keep in mind:
- While zone redundancy significantly reduces downtime risks, it doesn't guarantee 100% availability.
- Pay careful attention to configuring route tables and Network Security Groups (NSGs) to ensure proper traffic flow for your application.
- If you employ ILBs or NVAs, make sure they are configured in a zone-redundant manner to maintain high availability of your networking and routing infrastructure.
For more detailed information and guidance, refer to the following resources:
Note: If you found this response helpful, please acknowledge it to help others facing similar challenges.
Best of luck with your deployment!