Massive consolidation: reducing 150+ Azure Front Door instances to 10

When technical debt accumulates in the cloud, it often manifests in unexpected ways. For one global enterprise, it appeared as a sprawling collection of over 150 Azure Front Door instances – each requiring individual management, updates, and monthly fees. What followed was an ambitious consolidation project that not only simplified their architecture but delivered substantial cost savings and operational improvements. 

The starting point

150+ instances of management overhead 

Azure Front Door serves as an entry point for web applications, providing load balancing, routing, and security features. It's designed to be powerful and flexible, but that doesn't mean you need a separate instance for every application. 

This fragmented approach created several significant challenges: 

• Certificate management nightmares
  "If you want to update the certificate, you need to update this on every single Azure Front Door instance which is using it. This makes it a very tedious and time-consuming process." notes our DevOps Team Lead.
  
• Excessive costs

  Each Front Door instance is approximately $300 per month in base fees for Premium SKU, while Classic SKU (about $150/month) and Standard SKU (around $50/month) are less expensive. With approximately 80% of their instances using Classic SKU multiplied by 150+ instances, these costs still added significantly. Regardless of traffic volume, these cumulative base fees created death by a thousand cuts for the IT budget.

• End-of-life technology
  

  Microsoft was deprecating the older classic SKU of Azure Front Door, meaning migration would eventually be necessary anyway.

• Inconsistent configurations
  

  With so many instances deployed by different teams at different times, security settings, routing rules, and other configurations varied widely, creating potential vulnerabilities and management complexity.

Building the business case  

Before jumping into such a significant architectural change, the team needed buy-in from stakeholders across the organisation. They constructed a clear business case highlighting: 

• The total current cost of maintaining separate instances 

• The projected savings from consolidation 

• The security benefits of standardised configuration 

• The reduction in management overhead 

• The necessity of migrating from the deprecated classic SKU 

With approval secured, the team developed a phased approach to minimise disruption to the business. 

The consolidation strategy

Start small, learn fast

Rather than attempting to migrate all 150+ instances at once – a recipe for disaster – the team adopted a methodical approach: 

• Create a minimal viable infrastructure
  They established just two Front Door instances for each major environment:
  
  • One for non-production (covering dev and test)
    
  • One for production 
• Begin with known territory
  "We scoped custom domains and Azure Front Doors which were under our business unit responsibility," explains the Team Lead. "We have all the access, all the permissions, and that was quick and easy."
• Non-production first
  The team wisely started with non-production environments to identify and resolve issues before touching production systems.
• Document everything
  Each migration was carefully documented, including any challenges encountered, creating a knowledge base for subsequent migrations.

Automation

The key to reliable migration

Manual migration of 150+ instances would be both tedious and error-prone. Instead, the team built a robust automation framework: 

• Export-modify-import automation
  The team developed a suite of PowerShell scripts integrated with Azure DevOps pipelines to automate the export of existing configurations, apply standardised settings, and import them into the new consolidated Front Door instances. This automation reduced manual effort and minimised the risk of human error during migration.
• Standardisation opportunities
  During migration, the team applied:
  • Consistent naming conventions
  • Standardised security settings
  • Optimised routing configurations 
• Pipeline-driven approach
  The entire process ran through CI/CD pipelines, requiring minimal manual intervention – "only when you need to provide some new values for the custom domains," notes the Team Lead.

Managing the risks of large-scale change 

With hundreds of domains and services relying on Front Door, even a minor misconfiguration could cause significant disruption. The team implemented several risk mitigation strategies: 

• Comprehensive communications plan
  "We sent communications to the product, custom domain owners, and service owners in advance – one month, two weeks, one week," explains the Team Lead. Each communication included:
  • Detailed migration schedule 
  • Potential impact assessment 
  • Contact information for the migration team
  • Rollback procedures 
• Change management rigour
  "For production migrations, we usually raised change requests which were approved on a Change Advisory Board", says the DevOps specialist, ensuring proper governance throughout the process.
• Rapid response capability
  The team remained on standby during each migration window, ready to troubleshoot any issues that arose.
• Pattern recognition
  "If we discovered a single issue, we took note, documented it, and we were checking next time if it's going to happen or not," the Team Lead explains. This approach helped prevent recurring problems.
  

When dealing with critical infrastructure changes, especially those that impact dozens of teams and hundreds of services,  having a solid risk mitigation plan is non-negotiable. Below, we break down the most critical risks, the strategies used to manage them, and the impact those precautions had.

Results: from 150+ to just 10  

Within a remarkably short timeframe, the team successfully consolidated over 150 Azure Front Door instances down to just 10, with impressive outcomes: 

• Tangible cost savings
  With each instance costing approximately $300 per month in base fees, the consolidation delivered immediate and significant savings. Conservative estimates put the annual cost reduction at over $420,000, accounting for both the eliminated base fees and the reduced operational overhead.
• Streamlined management
  Certificate updates, security patches, and configuration changes that once required touching hundreds of instances now affect just a handful. This operational efficiency translates to faster deployment times and reduced risk of human error during routine maintenance.
• Enhanced security
  By consolidating, the team enforced uniform Web Application Firewall (WAF) policies across all applications, ensuring consistent protection against common threats like SQL injection and cross-site scripting. Additionally, they implemented Azure's managed TLS certificates, eliminating the need for manual certificate renewals and reducing the risk of expired certificates causing service disruptions."
• Future-proofed infrastructure
  The migration to the newer Front Door SKU ensured long-term supportability from Microsoft and access to the latest features and security enhancements. This proactive approach eliminated the future scramble that would have been required when Microsoft eventually discontinued support for the classic SKU.
• Simplified monitoring and troubleshooting
  With a consolidated infrastructure, the team could implement comprehensive monitoring across all services, making it easier to identify and resolve issues. Troubleshooting became more straightforward with fewer moving parts to investigate.

Non-production environments (dev & test) were migrated in just two weeks, with approximately 100 custom domains spanning 20-30 products moved to the new consolidated architecture. Their business unit's production environment was then migrated in the following three weeks, with remarkably little disruption.  

The complete migration of all non-production environments (dev, test, and pre-prod) across all business units took approximately three months, demonstrating the importance of a phased, methodical approach to large-scale architectural changes. 

Key consolidation lessons 

Whether you're dealing with Azure Front Door specifically or any other proliferation of cloud services, the principles from this successful consolidation can guide your approach:

1. Start with a thorough inventory
   Understanding exactly what you have is essential before planning any consolidation.
2. Automate wherever possible
   Scripting and automation not only save time but also significantly reduce human error. The team created export and import scripts that streamlined the migration process and ensured consistency.
3. Test in non-production first
   The team wisely started with non-production environments to identify and resolve issues before touching production systems.
4. Communicate relentlessly
   "We sent communications to the product, custom domain owners, and service owners in advance – one month, two weeks, one week," explains the Team Lead. This proactive approach ensured all stakeholders were prepared for the changes.
5. Document edge cases
   Unique configurations and special requirements will emerge – document them thoroughly to prevent future issues.
6. Create a feedback loop
   "Every edge case or issue was analysed and action items created to avoid having such in the future," the DevOps Team Lead notes – a practice that led to continuous improvement throughout the project.

Cloud architecture simplification projects like this one demonstrate that technical debt can be systematically addressed with the right approach. By reducing complexity, standardising configurations, and improving manageability, organisations can achieve both cost savings and operational benefits. 

If your cloud infrastructure has grown organically over time, it may be worth examining opportunities for similar consolidation. The initial investment in planning and implementation can pay significant dividends in reduced costs and simplified operations going forward. 

Before launching a large-scale project like Front Door consolidation, it's critical to ensure your organisation is set up for success. The checklist below highlights the foundational elements you should have in place, from stakeholder buy-in to automation tooling. 

Whether you're managing a handful of Azure resources or overseeing enterprise-scale cloud architecture, the consolidation principles demonstrated in this project can help you identify sprawl and implement effective streamlining. And if your organisation needs expert assistance tackling your complex cloud infrastructure, Pwrteams-built DevOps teams can achieve similar results. 

Looking for more insights on cloud optimisation? Check this article detailing how the same team saved $1M in Azure costs through targeted resource optimisation. Stay tuned! 

Is your Azure architecture giving you headaches?

Don't let technical debt continue to compound.

While you wait for our next article, our DevOps specialists are ready to bring order to your fragmented infrastructure. Do you really need 150+ Azure services when 10 would suffice? Is your cloud environment so complex that it makes the Azure portal look like a maze?

We specialise in building engineering teams who look at your architectural spaghetti and think, "Finally, a worthy challenge!" Where others see an insurmountable mess of technical debt, our teams see a satisfying before-and-after story waiting to happen. Let's tame your Azure chaos together!