Databases Azure Cosmos DB learning-path-anchor

Cosmos DB dedicated gateway

Cosmos DB dedicated gateway means provisioned gateway compute attached to a Cosmos DB account so applications can use a dedicated endpoint and integrated cache for read-heavy traffic. In Cosmos DB, it appears when teams want predictable gateway capacity, cached point reads or queries, and fewer request units for repeat reads in supported workloads. It controls dedicated gateway endpoint routing, integrated item and query cache use, node count, node size, connection mode, and cache staleness expectations. Teams should know owner, affected data, limits, and verification path before production changes. That shared language keeps developers, operators, security reviewers, and finance teams aligned.

Back to glossary browser Open Microsoft Learn source
Aliases
No aliases mapped yet
Difficulty
fundamentals
CLI mappings
3
Last verified
2026-05-12

Microsoft Learn

Azure Cosmos DB dedicated gateway is provisioned server-side compute that fronts an account and enables the integrated cache for supported NoSQL workloads.

Microsoft Learn: Azure Cosmos DB dedicated gateway - Overview2026-05-12

Technical context

Technically, Cosmos DB dedicated gateway uses gateway-mode requests that connect to dedicated gateway nodes before reaching backend partitions, with an integrated cache automatically configured on each node. Configure it through account dedicated gateway settings, connection strings or SDK endpoint choices, cache staleness options, and account scale operations. Verify with account properties, dedicated gateway endpoint, node configuration, cache hit behavior, RU trends, latency metrics, and SDK connection settings. Key choices include gateway SKU, node count, cache staleness, endpoint selection, region, client connection mode, failover expectations, and workload eligibility. Capture scope, region, identity, capacity, backup state, owner, and rollback trigger.

Why it matters

Cosmos DB dedicated gateway matters because cached reads can reduce RU consumption and latency, but only when applications connect through the dedicated gateway endpoint and query patterns actually repeat. It turns an abstract database concept into something teams can operate, secure, recover, and explain. If misunderstood, teams can face unexpected gateway charges, cache misses, stale-read confusion, client misconfiguration, regional failover surprises, and performance tuning that ignores backend RU pressure. For glossary readers, it shows where the term sits in the Cosmos DB model, which settings are safe to inspect, which changes require review, and which metrics, logs, or ownership records responders should check first. It keeps design reviews evidence-based.

Where you see it

Signals, screens, and Azure surfaces where this term usually becomes operational.

Signal 01

In the Azure portal, Cosmos DB dedicated gateway appears near dedicated gateway settings, integrated cache guidance, account endpoints; operators confirm scope, environment, readiness, and whether it belongs to production today.

Signal 02

In CLI, SDK, or IaC output, Cosmos DB dedicated gateway appears through account show output, dedicated gateway properties, endpoint values; those fields create repeatable review evidence for audits, incidents, handoffs, and pull requests.

Signal 03

In monitoring and support work, Cosmos DB dedicated gateway appears beside cache hit patterns, RU consumption, latency percentiles; those signals connect symptoms to security, reliability, cost, and performance.

When this becomes relevant

Specific situations where this term helps solve real Azure design, operations, migration, security, reliability, cost, or governance problems.

  • teams want predictable gateway capacity, cached point reads or queries, and fewer request units for repeat reads in supported workloads.
  • cached reads can reduce RU consumption and latency, but only when applications connect through the dedicated gateway endpoint and query patterns actually repeat.
  • Use production evidence for Cosmos DB dedicated gateway during architecture reviews, incidents, and support handoffs.
  • Connect Cosmos DB dedicated gateway decisions to security, reliability, cost, operations, and performance outcomes.

Real-world case studies

Different enterprise-style examples that show the term being used to hit measurable objectives.

Case study 01

Product catalog cache

Scenario, objectives, solution, measured impact, and takeaway.

Scenario

BluePeak Electronics had read-heavy product detail pages that repeatedly queried the same Cosmos DB items during launch events.

Business/Technical Objectives
  • Reduce backend RU consumption by at least 40 percent
  • Keep product page latency under 60 milliseconds
  • Avoid stale pricing beyond approved tolerance
  • Measure cache impact before scaling throughput
Solution Using Cosmos DB dedicated gateway

Architects provisioned a Cosmos DB dedicated gateway and connected the product service through the dedicated gateway endpoint in gateway mode. They enabled integrated cache behavior for point reads and common product queries, then set cache staleness to match pricing rules. Before rollout, operations captured baseline RU, latency, and query frequency. After deployment, dashboards compared cache hit behavior with backend RU and page latency. The team kept write paths on normal SDK operations and documented how to bypass cached reads during emergency pricing updates. Node count changes required review by both application and finance owners. The team also added owner approval, validation evidence, and post-release monitoring for the product catalog cache workflow.

Results & Business Impact
  • Backend RU consumption dropped 48 percent during launch traffic
  • Product page P95 latency improved from 92 to 41 milliseconds
  • No stale-price violations exceeded the approved window
  • Throughput scale-up planned for launch week was avoided
Key Takeaway for Glossary Readers

Dedicated gateway helps read-heavy Cosmos DB workloads when endpoint configuration, cache freshness, and cost evidence are managed together.

Case study 02

Travel itinerary reads

Scenario, objectives, solution, measured impact, and takeaway.

Scenario

Contoso Travel Services needed faster itinerary lookup for mobile users who refreshed the same booking details many times before departure.

Business/Technical Objectives
  • Cut itinerary read latency below 50 milliseconds
  • Reduce RU spikes during morning travel windows
  • Keep cancellation status fresh enough for agents
  • Validate regional behavior before global rollout
Solution Using Cosmos DB dedicated gateway

The solution used a dedicated gateway in the primary customer regions and routed itinerary read APIs to the dedicated gateway endpoint. Frequently repeated point reads and query results were cached, while cancellation and payment updates continued through normal write paths. The team tested cache staleness against customer-service rules and added a forced refresh path for agents handling cancellations. Azure Monitor tracked RU, gateway endpoint errors, latency, and retry behavior. Release notes told mobile teams which SDK endpoint to use and how to detect fallback conditions. A regional pilot ran for two weeks before expanding to the global booking service. The team also added owner approval, validation evidence, and post-release monitoring for the travel itinerary reads workflow.

Results & Business Impact
  • Itinerary read P95 latency reached 37 milliseconds
  • Morning RU peaks dropped 42 percent
  • Agent cancellation refresh remained within the approved window
  • The global rollout reused the pilot dashboard and runbook
Key Takeaway for Glossary Readers

Dedicated gateway is practical when repeated reads dominate and teams explicitly design for cache freshness and regional endpoint behavior.

Case study 03

Member benefits portal

Scenario, objectives, solution, measured impact, and takeaway.

Scenario

NorthBridge Mutual, an insurance company, saw RU pressure from members repeatedly checking benefits and deductible summaries.

Business/Technical Objectives
  • Lower read cost without changing policy-write workflows
  • Maintain accurate deductible information for call-center users
  • Keep portal response time under 80 milliseconds
  • Provide finance with measurable savings evidence
Solution Using Cosmos DB dedicated gateway

Engineers placed the member benefits portal behind a Cosmos DB dedicated gateway and adjusted SDK configuration for read APIs that served policy summaries and benefit metadata. Deductible calculations stayed on a noncached path when recent claim updates were involved. The team documented which queries were cache eligible, what staleness was allowed, and which dashboards finance should review. Gateway nodes were sized from a two-week baseline rather than guesswork. Support runbooks included commands to show account settings and metrics to prove whether requests were reaching the intended endpoint. The team also added owner approval, validation evidence, and post-release monitoring for the member benefits portal workflow. Support notes captured rollback triggers, dashboard links, and escalation contacts so responders could act without tribal knowledge.

Results & Business Impact
  • Read-path RU dropped 39 percent in the first month
  • Portal P95 response time improved from 118 to 66 milliseconds
  • Call-center freshness complaints stayed below the service target
  • Finance approved continued gateway spend based on measured savings
Key Takeaway for Glossary Readers

Dedicated gateway can lower Cosmos DB read cost when cacheable paths are separated from data that must always be freshly computed.

Why use Azure CLI for this?

Use CLI to confirm account endpoint and gateway settings before changing clients or paying for dedicated gateway capacity.

CLI use cases

  • Capture current account settings before enabling or scaling gateway nodes.
  • Compare RU and latency metrics before and after cache adoption.
  • Verify clients are meant to use the dedicated gateway endpoint.

Before you run CLI

  • Confirm the workload is a supported NoSQL read pattern.
  • Baseline RU, latency, and query repetition before enabling gateway capacity.
  • Coordinate endpoint changes with application owners and deployment teams.

What output tells you

  • Account output shows endpoint, region, and gateway configuration context.
  • Update output confirms the requested node type and count.
  • Metrics output shows whether cache adoption is reducing RU or latency.

Mapped Azure CLI commands

Cosmos DB dedicated gateway CLI checks

direct
az cosmosdb show --name <account> --resource-group <resource-group>
az cosmosdbdiscoverDatabases
read-only Microsoft docs
az cosmosdb update --name <account> --resource-group <resource-group> --dedicated-gateway-type <type> --dedicated-gateway-instance-count <count>
az cosmosdbconfigureDatabases
cost-impacting Microsoft docs
az monitor metrics list --resource <account-resource-id> --metric TotalRequestUnits,ServerSideLatency
az monitor metricsdiscoverDatabases
read-only Microsoft docs

Architecture context

Cosmos DB dedicated gateway is an application-facing performance and cost component for NoSQL workloads that need the integrated cache or more predictable gateway capacity. I place it between SDK clients and backend partitions, with a separate endpoint that the application must intentionally use. The architecture review should cover gateway node size, regional placement, cache staleness tolerance, read patterns, query repeatability, private networking, and fallback behavior if cached reads do not help. It is not a magic RU discount; it pays off when point reads or queries repeat enough to avoid backend work. Operators should compare RU consumption, p95 latency, cache-hit behavior, and gateway cost before and after rollout. Treat it like cache infrastructure with database semantics attached.

Security

Security for Cosmos DB dedicated gateway starts with knowing which clients can reach the dedicated gateway endpoint and whether cached data paths match the account networking and authorization model. Review RBAC, data-plane permissions, keys, managed identities, firewall rules, private endpoints, encryption, diagnostics, and backup access. Avoid broad admin access just because a team needs to troubleshoot one resource or feature. Sensitive data can appear in query output, logs, support tickets, exports, or downstream processors. Operators should prefer read-only discovery, store secrets in approved locations, and document every emergency change. The safest design proves who can read data, who can change configuration, and how denied access is logged and reviewed.

Cost

Cost for Cosmos DB dedicated gateway comes from dedicated gateway node hours, node size, number of regions, remaining backend RU usage, monitoring, and engineering effort to tune cache-friendly queries. Some spending is direct, while other costs appear as retries, duplicate processing, larger logs, extra environments, migration effort, or staff time during investigations. Review budgets, tags, expected usage, retention, alert thresholds, and change windows before scaling or enabling new behavior. Compare the cost of prevention, monitoring, and testing with the cost of an outage or data repair. The safest cost review ties spending to owner, workload value, measured demand, and rollback plan. Include both steady-state and incident-driven costs in the review.

Reliability

Reliability for Cosmos DB dedicated gateway depends on gateway node capacity, endpoint configuration, regional placement, SDK connection behavior, cache expectations, and fallback behavior when cache or gateway access is unavailable. Define the expected failure mode before production use, including what happens during regional incidents, throttling, expired credentials, schema drift, blocked network paths, or restore activity. Monitor health, latency, request units, errors, retry rate, backlog, and stale-data indicators rather than trusting a single success message. Test rollback, restore, failover, replay, or reprocessing steps where they apply. A reliable runbook names the owner, required evidence, escalation path, and point where rollback is safer than live repair. Retest after meaningful platform, schema, identity, or region changes.

Performance

Performance for Cosmos DB dedicated gateway is measured through cache hit ratio, point-read and query latency, backend RU reduction, gateway CPU pressure, SDK retries, and user-facing response times. Tune only after confirming the real bottleneck, because identity, networking, client retries, partition choice, query shape, consistency, or quota can mimic platform slowness. Use baseline metrics before and after every significant change. Test peak load, failure recovery, and representative data rather than happy-path samples. A good performance plan states the target, measurement window, acceptable tradeoff, and rollback trigger so speed improvements do not damage reliability, security, or cost control. Keep the accepted baseline with the change record.

Operations

Operationally, Cosmos DB dedicated gateway needs documented endpoint usage, cache assumptions, node sizing, dashboards for RU and latency, and owner approval for gateway scale changes. Keep portal location, CLI discovery commands, dashboards, alerts, IaC source, change history, and support ownership close to the runbook. Capture before-and-after evidence with tenant, subscription, resource group, region, owner, timestamp, and environment. Separate read-only inspection from mutating or destructive actions so responders do not improvise under pressure. Good operations make the term searchable, auditable, and explainable across engineering, support, security, and finance handoffs. Store evidence where incident responders can find it without developer access or tribal knowledge during high-pressure incidents.

Common mistakes

  • Paying for gateway nodes when clients still use the standard endpoint.
  • Expecting cache benefits for mostly unique writes or uncached queries.
  • Ignoring data freshness expectations when setting cache staleness behavior.