VERSION 10 DOCUMENTATION IS IN PROGRESS. PLEASE VIEW V9 ARTICLES WHILE V10 ARTICLES ARE BEING PUBLISHED.

Azure Application Gateway with Decisions Clustering

  • Published on Apr 28, 2026
  • 2 minute(s) read
Prev Next

Overview

The Azure Application Gateway (AAG) combines WAF and Layer 7 Load-Balancing technology within the Microsoft Azure technology stack. The AAG contains many features for implementing a secure load-balancing technology, including WAF implementation. There are several configurations that need to be made. The configurations are not specific to AAG but to cookie-based session affinity. This document will discuss the necessary Virtual Machine configuration that will be hosting Decisions and how Clustering relates to the setup within an AAG environment.

Note

Clustering needs and configurations will not be covered in the scope of this document, only in how they relate to being set up within an AAG environment.

Warning!
It is not recommended using the Azure Load Balancer when Flows with Forms are being called. This is not recommended because of the limited options for how to enable sticky sessions. For architectures not involving Form UI, Users can use Azure Load Balancer. 

Primary Functions

The primary functions utilized within the AAG when implementing alongside Decisions are as follows:

  • Autoscaling
  • Zone Redundancy
  • Static VIP
  • Redirection
  • Session Affinity

Description

When being used alongside Decisions, the AAG’s primary function is to handle incoming requests and route them to the appropriate cluster node, while maintaining cookie-based session affinity. The AAG is also capable of terminating SSL, which is then offloaded to the Backend Pool VMs. This offload can be in the form of HTTP or HTTPS - generally, to increase performance, HTTP traffic is maintained between the AAG and Backend Pool. As clients will never view any traffic outside of the AAG - securing HTTP traffic internally between the AAG comes in the form of Network Security Groups that maintain network traffic access controls.

It is important to notate that the AAG offers better session affinity that is not available via the Azure Load Balancer configurations; specifically, Cookie Based Session Affinity. The Azure Load Balancer can only support IP Hash configurations, which are easy to utilize and a common load balancing session affinity, but may not provide the desired results for certain application use cases. 

Requirements

Note

The configurations are not specific to AAG, but specific to cookie-based session affinity instead.

The following are the requirements for Backend pool of VMs with IIS/Decisions application:

  • Configured as Decisions cluster
  • No SSL termination on the IIS side (termination is completed on the AAG)
    • SSL Offloading
    • Increased performance from backend pool to AAG

The following are the requirements for  Azure Application Gateway:

  • SSL Termination
  • Health check configuration
  • HTTP/S redirect / rules configuration
  • Requires separate Virtual Networks within the same address space of the backend pool.
  • Cookie Session Affinity configuration

The following are the requirement for Decisions Configuration supporting AAG:

  • Requires configuration for Cookie Affinity



Resources
Organization
Connect