Overview and architecture

What Is NGINX as a Service for Azure?

NGINX as a Service for Azure is a service offering that is tightly integrated into Microsoft Azure public cloud and its ecosystem, making applications fast, efficient, and reliable with full lifecycle management of advanced NGINX traffic services. NGINXaaS for Azure is available in the Azure Marketplace.

NGINXaaS for Azure is powered by NGINX Plus, which extends NGINX Open Source with advanced functionality and provides customers with a complete application delivery solution. Initial use cases covered by NGINXaaS include L7 HTTP load balancing and reverse proxy which can be managed through various Azure management tools. NGINXaaS allows you to provision distinct deployments as per your business or technical requirements.


The key capabilities of NGINXaaS for Azure are:

  • Simplifies onboarding by leveraging NGINX as a service.
  • Lowers operational overhead in running and optimizing NGINX.
  • Simplifies NGINX deployments with fewer moving parts (edge routing is built into the service).
  • Supports migration of existing NGINX configurations to the cloud with minimal effort.
  • Integrates with the Azure ecosystem (Microsoft Entra, Azure Key Vault, and Azure Monitor).
  • Addresses a wide range of deployment scenarios (HTTP reverse proxy, JWT authentication, etc).
  • Adopts a consumption-based pricing to align infrastructure costs to actual usage by billing transactions via Azure.

Supported regions

NGINXaaS for Azure is supported in the following regions:

North America Europe Asia Pacific
West Central US
West US
East US 2
West US 2
West US 3
East US
Central US
North Central US
Canada Central
West Europe
North Europe
Australia East
Japan East
Japan West
Korea South
Korea Central

NGINXaaS architecture

high level architecture
  • Azure management tools (API, CLI, portal, terraform) work with NGINXaaS to create, update, and delete deployments
  • Each NGINXaaS deployment has dedicated network and compute resources. There is no possibility of noisy neighbor problems or data leakage between deployments


NGINXaaS uses the following redundancy features to keep your service available.

  • We run at least two NGINX Plus instances for each deployment in an active-active pattern
  • NGINX Plus is constantly monitored for health. Any unhealthy instances are replaced with new ones
  • We use Azure Availability Zones to protect your deployment from local failures within an Azure region. We balance NGINX instances across the possible availability zones in supported regions
If you are creating a public IP for your deployment, be sure to make them zone redundant to get the best uptime.

Data plane traffic

data plane traffic flow

NGINXaaS uses new Azure networking capabilities to keep end-user traffic private. Each NGINX Plus instance passes traffic to downstream services via an elastic network card (NIC) that exists inside your subscription. These NICs are injected into a delegated virtual network. A network security group controls traffic to your NGINX Plus instances.

NGINX Plus instances are automatically upgraded to receive security patches and the latest stable NGINX Plus version.

What’s next

To get started, check the NGINX as a Service for Azure prerequisites