%kb_name - %short_descr - Knowledge Portal

Overview

This article outlines the service provided by Sitecore for the setup of an AFD (Application Front Door) or a CDN (Content Delivery Network). It details what Managed Cloud customers need to know about the technical implementation of AFD and CDN, our service scope, the prerequisites, considerations, and Service Level Agreement (SLA) associated with the service.

AFD/CDN in your environment

Azure Front Door is a scalable and secure entry point for fast delivery of your global applications. It offers Layer 7 load balancing, SSL offloading, caching, and web application firewall (WAF) capabilities, ensuring high availability and performance for your web applications. For more details on AFD, see details.

Azure Content Delivery Network offers a global solution for rapidly delivering content. Save bandwidth and improve responsiveness when encoding or distributing gaming software, firmware updates, and IoT endpoints. Reduce load times for websites, mobile apps, and streaming media to increase user satisfaction globally. For more details on Azure CDN, see details.

Based on your requirements, you can choose to create either a Set Up Azure Front Door or a Set Up CDN service request.

Prerequisites and supported types

Azure Front Door offers two types to cater to different needs: Standard and Premium. Decide which type you need when you create a service request. For details, check MS doc Pricing model comparison.
We only support Azure CDN type Standard Microsoft. Azure CDN from Edgio (formerly Verizon) was retired on January 15, 2025.
You do not need to provide any custom domain certificates in the service request, but if you are going to set up custom domains in your AFD or CDN, prepare the certificates on your side.

Considerations for AFD setup

The following notes outline timing and the overall process followed by the Sitecore Managed Cloud team in completing this Service Request:

AFD deployment takes about an hour.
During this time, IP restrictions will be configured on the Sitecore Content Delivery web app in Azure. Access becomes available only via hostname of Azure Front Door.
*We may turn off the IP restrictions after the deployment so the CD web app can be available as before. Customers that require this, must request it in the Service Request.
When AFD is configured, we also enable WAF policy, caching and apply HTTP to HTTPS redirection rule.
After AFD service has been deployed, the customer must configure their DNS server to create the needed records. DNS records on NS-servers may take up to 72 hours to fully update, so the final configuration might require up to 3 days.
The Managed Cloud support will coordinate a time window with the customer for the AFD deployment. Best practice is to set up the AFD well before an environment goes live to reduce the risk of downtime or the impact of any unforeseen complications. The Managed Cloud support requests 48 hours notice to schedule the maintenance window.

For sites that are already "live", Managed Cloud support does NOT apply the usual IP restrictions on the Sitecore CD web app so the site remains available 100% through this process. Later, after AFD testing and customer DNS updates have been completed to the customer's satisfaction, the IP restrictions can be enabled to block direct access to the Sitecore CD web app.

Service Level Agreement (SLA)

The setup of Azure Front Door will be completed within 3 business days from the creation of the Service Request (SR). However, the setup for CDN will be completed within 2 business days.

Scope Of Support

The Sitecore Managed Cloud support provides Limited Support for Managed Cloud Standard customers using Azure Front Door / Azure CDN.

For Sitecore scope of support refer to KB0332787.

Initial Setup

Activity	Sitecore	Customer
Initial AFD + WAF setup and integration with Sitecore CD roles in standard Sitecore topologies	R, A	C, I
Add back-end pools	R, A	C, I
Configure Routing Rules per implementation requirements (http -> https, or redirect rules) on initial setup	R, A	C, I
Configure caching (this is through Azure CDN in AFD) on initial setup	R, A	C, I
Configure WAF policy in AFD on initial setup	R, A	C, I
Configure Prevention mode for the WAF policy on initial setup	R, A	C, I
Configure AFD + WAF diagnostic settings to OMS	R, A	C, I
Update Sitecore CD availability test to AFD	R, A	C, I
Troubleshooting Sitecore application challenges related to AFD	R, A	C, I
Initial CDN setup and integration with Sitecore CD roles in standard Sitecore topologies	R, A	C, I
Creating new CDN endpoint for CD	R, A	C, I

Post Setup

Activity	Sitecore	Customer
Customize appropriate AFD settings such as custom domains, backend pools configuration, redirection rule, caching	C, I	R, A
DNS changes necessary to redirect from your Azure Sitecore CD to AFD	C, I	R, A
Decide if WAF should be in Detection or Prevention mode based on evaluation of WAF logging and validation of all Sitecore CD functionality	C, I	R, A
Add or update the self-managed SSL certificate	C, I	R, A
Decide on appropriate detailed settings such as Rule Engine configuration and URL Rewrite to suit the implementation	C, I	R, A
Configure WAF policy for AFD	C, I	R, A
Create additional WAF policy for AFD	C, I	R, A
Decide on appropriate WAF settings such as rulesets, custom rules for implementation	C, I	R, A
Assistance with production incidents related to WAF^[1]	C, I	R, A
Adding Additional CDN Endpoints	C, I	R, A
Configuring origins and origin group settings	C, I	R, A
Set up the Standard rules engine for CDN	C, I	R, A
Troubleshooting Sitecore application challenges related to AFD and CDN ^[2]	C, I	R, A

Legend:

R – Responsible
A – Accountable
C – Consultant
I - Informed

Notes:

[1] The monitoring and evaluation of potential WAF security incidents are the responsibility of the customer. Sitecore recommends that the customer engages with security professionals with the understanding of their business and security protocols to interpret such events. The Sitecore MCS team is available to assist and may, by leveraging our relationship with Microsoft, be able to contribute to resolutions. The primary responsibility, however, lies with the customer.

[2] In Sitecore Managed Cloud, the customer is responsible for how the Sitecore application functions, and adopting AFD with WAF can impact implementation in subtle ways. It is the customer's responsibility to ensure proper functionality of the implementation when integrated with AFD; this includes session state configuration and other services, host headers, and any other implementation dependencies. The Sitecore MCS team is available to assist and may be able to help identify problem areas, but ultimately this lies with customers who have full access to their implementation source code and full context on how their Sitecore CD role operates.

Sitecore CDN support limitations

Currently the only Sitecore feature that supports a CDN is the Sitecore Media Library. However, developers can customize the media library to use a CDN for static resources or other assets. For example, instead of using relative URLs to link to .css or .js files on master pages, you can use absolute URLs to connect to a CDN endpoint.

There are a number of settings that you must be aware of regarding Sitecore Media Library CDN-related configuration and there are further developer considerations for the Sitecore Library CDN support that developers must take into account.

CDN Limitations

Resource	Default limit
Azure Content Delivery Network profiles	25
Content Delivery Network endpoints per profile	25
Custom domains per endpoint	25

More information can be found here: Azure subscription limits and quotas - Azure Resource Manager

Sitecore Managed Cloud Standard – How to setup AFD / CDN