πŸ”’ Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided AZ-305 Domain 4
Domain 4 β€” Module 12 of 12 100%
30 of 30 overall

AZ-305 Study Guide

Domain 1: Design Identity, Governance, and Monitoring Solutions

  • Monitoring & Logging Design
  • Choosing Authentication Methods
  • Designing Identity Management
  • Authorizing Access to Resources
  • Secrets, Keys & Certificates
  • Governance at Scale
  • Compliance & Identity Governance

Domain 2: Design Data Storage Solutions

  • Relational Data: Choosing Your SQL Platform
  • Database Performance & Scalability
  • Database Security & Compliance
  • Cosmos DB & Semi-Structured Data
  • Blob, Data Lake & Azure Files
  • Data Integration & Analytics

Domain 3: Design Business Continuity Solutions

  • Recovery Objectives: RPO, RTO & SLA Free
  • Backup & Recovery for Compute Free
  • Backup for Databases & Unstructured Data Free
  • High Availability for Compute Free
  • High Availability for Data Free

Domain 4: Design Infrastructure Solutions

  • Compute Design: VMs & When to Use Them
  • Container Solutions: AKS, ACI & Container Apps
  • Serverless & Batch Processing
  • Messaging Architecture
  • Event-Driven Architecture
  • API Integration & Caching
  • App Configuration & Automated Deployment
  • Migration Strategy & Assessment
  • Executing Migrations
  • Network Connectivity: Internet & Hybrid
  • Network Security & Performance
  • Load Balancing & Routing

AZ-305 Study Guide

Domain 1: Design Identity, Governance, and Monitoring Solutions

  • Monitoring & Logging Design
  • Choosing Authentication Methods
  • Designing Identity Management
  • Authorizing Access to Resources
  • Secrets, Keys & Certificates
  • Governance at Scale
  • Compliance & Identity Governance

Domain 2: Design Data Storage Solutions

  • Relational Data: Choosing Your SQL Platform
  • Database Performance & Scalability
  • Database Security & Compliance
  • Cosmos DB & Semi-Structured Data
  • Blob, Data Lake & Azure Files
  • Data Integration & Analytics

Domain 3: Design Business Continuity Solutions

  • Recovery Objectives: RPO, RTO & SLA Free
  • Backup & Recovery for Compute Free
  • Backup for Databases & Unstructured Data Free
  • High Availability for Compute Free
  • High Availability for Data Free

Domain 4: Design Infrastructure Solutions

  • Compute Design: VMs & When to Use Them
  • Container Solutions: AKS, ACI & Container Apps
  • Serverless & Batch Processing
  • Messaging Architecture
  • Event-Driven Architecture
  • API Integration & Caching
  • App Configuration & Automated Deployment
  • Migration Strategy & Assessment
  • Executing Migrations
  • Network Connectivity: Internet & Hybrid
  • Network Security & Performance
  • Load Balancing & Routing
Domain 4: Design Infrastructure Solutions Premium ⏱ ~18 min read

Load Balancing & Routing

Azure Load Balancer, Application Gateway, Front Door, Traffic Manager β€” choose the right load balancing service based on scope, protocol, and routing requirements.

Load balancing design

β˜• Simple explanation

Azure has four load balancers β€” the right one depends on two questions:

Question 1: Global or regional? Is traffic coming from one region or worldwide?

Question 2: HTTP or TCP/UDP? Is it web traffic (HTTP/HTTPS) or general network traffic (TCP/UDP)?

Answer those two questions and you’ve narrowed to one service. This is one of the most frequently tested patterns in AZ-305.

The load balancing decision matrix is a core AZ-305 pattern:

  • Global + HTTP: Azure Front Door β€” global edge with WAF, caching, path-based routing
  • Global + non-HTTP: Traffic Manager β€” DNS-based global routing for any protocol
  • Regional + HTTP: Application Gateway β€” L7 load balancing with WAF, URL routing, SSL offload
  • Regional + non-HTTP: Azure Load Balancer β€” L4 load balancing for TCP/UDP

The load balancing decision matrix

Azure Load Balancing Services
FactorAzure Front DoorTraffic ManagerApplication GatewayAzure Load Balancer
ScopeGlobalGlobalRegionalRegional
ProtocolHTTP/HTTPSAny (DNS-based)HTTP/HTTPSTCP/UDP
OSI LayerL7DNSL7L4
WAFYes (built-in)NoYes (optional SKU)No
SSL offloadYesNoYesNo
URL-based routingYes (path, header, query)NoYes (path, host)No
Session affinityYesNoYes (cookie-based)Yes (IP/protocol tuple)
CachingYes (edge caching)NoNoNo
Health probesYes (edge-based)Yes (endpoint monitoring)Yes (customisable)Yes (TCP/HTTP probes)
FailoverInstant (edge-based)DNS TTL-based (30-300 seconds)Backend pool failoverBackend pool failover
Best forGlobal web apps, multi-region failover, edge WAFGlobal non-HTTP, multi-region DNS routingRegional web apps, API routing, WAFRegional VMs, internal services, non-HTTP

The exam shortcut: Global + HTTP = Front Door. Global + non-HTTP = Traffic Manager. Regional + HTTP = Application Gateway. Regional + non-HTTP = Load Balancer. Memorise this 2x2 matrix.

Common architecture patterns

PatternServices Used
Global web appFront Door β†’ Application Gateway β†’ App Service/VMs
Global with non-HTTPTraffic Manager β†’ Load Balancer β†’ VMs
Regional web appApplication Gateway β†’ App Service/VMs
Internal servicesInternal Load Balancer β†’ VMs/VMSS
Multi-region HAFront Door (primary routing) + Traffic Manager (failover)

πŸ—οΈ Priya’s load balancing architecture:

Users β†’ Front Door (global edge, WAF, caching)
         β”œβ”€β”€ East US: Application Gateway β†’ App Service (primary)
         └── West Europe: Application Gateway β†’ App Service (secondary)
  • Front Door handles global routing, SSL termination, and WAF
  • Application Gateway in each region provides URL-based routing to backend services
  • Internal Load Balancer distributes internal API traffic between VMs

🏦 Elena’s design:

Trading clients β†’ Traffic Manager (DNS routing, any protocol)
                  β”œβ”€β”€ UK South: Load Balancer β†’ Trading VMs (TCP/custom protocol)
                  └── West Europe: Load Balancer β†’ Trading VMs (DR)
  • Trading uses a custom TCP protocol (not HTTP) β†’ Traffic Manager + Load Balancer
  • Financial data can’t use edge caching β†’ no Front Door
πŸ’‘ Exam tip: Internal vs external Load Balancer

Azure Load Balancer has two SKUs:

  • Public (External): Internet-facing β€” distributes traffic from the internet to VMs
  • Internal: Private IP only β€” distributes traffic between VMs within a VNet

Common pattern: External Load Balancer for the web tier, Internal Load Balancer for the application/database tier. Internal LB keeps backend services off the internet.

Traffic Manager routing methods

MethodHow It RoutesBest For
PriorityAlways sends to highest-priority endpoint, failover to nextActive-passive DR
WeightedDistributes by weight percentageCanary deployments, traffic splitting
PerformanceRoutes to closest (lowest latency) endpointGlobal apps, latency-sensitive
GeographicRoutes based on user’s geographic locationData sovereignty, regional compliance
MultiValueReturns multiple healthy endpointsClient-side load balancing
SubnetRoutes based on source IP subnetDifferent experiences for different networks

Knowledge check

Question

What's the 2x2 load balancing decision matrix?

Click or press Enter to reveal answer

Answer

Global + HTTP = Front Door. Global + non-HTTP = Traffic Manager. Regional + HTTP = Application Gateway. Regional + non-HTTP = Azure Load Balancer. This covers 90% of AZ-305 load balancing questions.

Click to flip back
Question

What's the difference between Front Door and Traffic Manager?

Click or press Enter to reveal answer

Answer

Front Door operates at L7 (HTTP) with edge-based routing, WAF, SSL offload, and caching β€” instant failover. Traffic Manager operates at DNS level β€” works with any protocol but failover depends on DNS TTL (30-300 seconds). Use Front Door for web apps, Traffic Manager for non-HTTP.

Click to flip back
Question

When should you use an Internal Load Balancer?

Click or press Enter to reveal answer

Answer

For distributing traffic between VMs within a VNet β€” no internet exposure. Common pattern: External LB or Application Gateway for the web tier (internet-facing), Internal LB for the application/database tier (private). Keeps backend services off the public internet.

Click to flip back
Knowledge Check

πŸ—οΈ GlobalTech's customer portal is deployed in two Azure regions. Users worldwide need fast page loads, the application needs WAF protection, and failover between regions should be instant (not DNS-dependent). Which load balancing service should Priya recommend?
Knowledge Check

🏦 Elena's trading platform uses a custom TCP protocol (not HTTP). It needs global routing to the closest data centre with automatic failover if a region becomes unhealthy. Which load balancing service should she recommend?

🎬 Video coming soon

Congratulations! πŸŽ‰ You’ve completed all 30 modules of the AZ-305: Designing Microsoft Azure Infrastructure Solutions study guide.

You’ve learned to design: monitoring, identity, governance, data storage, business continuity, compute, application architecture, migration, and networking β€” all through the lens of architecture decisions and tradeoffs.

What’s next?

  • Review your flashcards and quiz scores
  • Practice with scenario-based questions
  • Remember: AZ-305 tests β€œwhy choose X over Y” β€” always explain the tradeoff

← Previous

Network Security & Performance

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.