Simple Azure Application Deployment Patterns

Simple Azure Application Deployment Patterns

When it comes to migrating apps to Azure, one of the common asks I see is - hey I got a static web app with some .NET based WCF/REST services as a backend using SQL databases. How can I deploy the App in Azure and design it to be multi-region & highly- available?

In this article, I will document a few simple patterns - this is a working document, I aim to add scripts in future so you can deploy these with one click.

Pattern 1:

All PaaS pattern, the design aims to keep the cost low and considers Active-Active type setup.

Pattern 1: All PaaS

Service Summary

  1. Azure Front Door (AFD): [Resource Type: Global]
    - Acts as single-entry point for API and Static Site
    - Additional Capabilities CDN + WAF + SSL offloading + Edge Acceleration
    - You can implement IP based whitelisting if required
  2. API Management: [Resource Type: Regional]
    - You can apply Policy-based restriction to allow incoming Traffic from AFD (see here)
    - When making calls to backend APIs on Web App it can inject certificate, that Web Apps enforce and can verify (see here) ‌
    - Allows throttling, caching etc.
  3. Web App and App Service Plan: [Resource Type: Regional]
    - Hosts APIs (WCF and REST) ‌
    - Some changes might be required e.g., adding logic for Certificate-based access
    - Web Apps are integrated into VNET using VNET integrations, to help you connect to private endpoints in VNET and on-prem resources
    - You can use alternatively use Hybrid connection to connect to on prem resources (see here)
  4. Static Site: [Resource Type: Regional]
    - You can use Azure Static Site (In-Preview) or Blob based Static site (with RA-GRS)
  5. SQL DB: [Resource Type: Regional]
    - Azure SQL DB with Geo-Replication is straight forward option to allow DBs to work
    - Depending on number of SQL DBs required and usage patterns you can consider Elastic pool option to save costs
  6. Key Vault: [Resource Type: Regional]
    - To store secrets, it has built-in DR, in the case of regional outage secondary region acts as a read-only endpoint, hence only one instance
  7. App Configuration: [Resource Type: Regional]
    - Not shown in Architecture but can be considered if required to externalise configurations

Pattern 2:

If you wish to containerise and run the application into Kubernetes then here is a simple pattern for the same, the design aims to keep the cost low and considers Active-Active type setup.

Pattern 2: AKS

Service Summary

  1. Azure Front Door (AFD): [Resource Type: Global]
    - Acts as single-entry point for API and Static Site
    - Additional Capabilities CDN +  SSL offloading + Edge Acceleration
    - You can implement IP based whitelisting if required
  2. API Management: [Resource Type: Regional]
    - You can apply Policy-based restriction to allow incoming Traffic from AFD (see here)
    - When making calls to backend APIs on Web App it can inject certificate, that Web Apps enforce and can verify (see here) ‌
    - Allows throttling, caching etc.
  3. App Gateway: [Resource Type: Regional]
    - As an ingress controller, also used for SSL offloading and WAF for API and static site
  4. AKS Cluster: [Resource Type: Regional]
    - Hosts WCF/REST into Windows Container and Static Site into Linux
    - Deployed as Zone Redundant running Linux and Windows Node Pool
    - APIs running on the .NET framework will run into Windows Node Pool
    - Injected inside your VNET so you can get private IP for services (if required)
  5. SQL DB: [Resource Type: Regional]
    - Azure SQL DB with Geo-Replication is straight forward option to allow DBs to work
    - Depending on number of SQL DBs required and usage patterns you can consider Elastic pool option to save costs
  6. Key Vault: [Resource Type: Regional]
    - To store secrets, it has built-in DR, in the case of regional outage secondary region acts as a read-only endpoint, hence only one instance
  7. App Configuration: [Resource Type: Regional]
    - Not shown in Architecture but can be considered if required to externalise configurations
  8. Azure Container Registry (ACR): [Resource Type: Regional]
    - Highly-available Container registry Geo-Replicated. ‌

Please note this is work in progress, leave a comment on what you would like to see in this article.


Share Tweet Send
0 Comments
Loading...

Related Articles

You've successfully subscribed to Kunal Babre
Great! Next, complete checkout for full access to Kunal Babre
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.