Simple Azure Application Deployment Patterns

Simple Azure Application Deployment Patterns

When it comes to migrating apps to Azure, one of the common asks I see is hey I got a static web app with some .NET based WCF/REST services as a backend using SQL databases. How can I deploy the App in Azure and design it to be multi-region & highly- available?

In this article, I will document a few simple patterns - this is a working document, I aim to add scripts in future so you can deploy these with one click.

Pattern 1:

All PaaS pattern, the design aims to keep the cost low and considers Active-Active type setup.

Pattern 1: All PaaS

Service Summary

  1. Azure Front Door (AFD): [Resource Type: Global]
    - Acts as single-entry point for API and Static Site
    - Additional Capabilities CDN + WAF + SSL offloading + Edge Acceleration
    - You can implement IP based whitelisting if required
  2. API Management: [Resource Type: Regional]
    - You can apply Policy-based restriction to allow incoming Traffic from AFD (see here)
    - When making calls to backend APIs on Web App it can inject certificate, that Web Apps enforce and can verify (see here) ‌
    - Allows throttling, caching etc.
  3. Web App and App Service Plan: [Resource Type: Regional]
    - Hosts APIs (WCF and REST) ‌
    - Some changes might be required e.g. adding logic for Certificate-based access
    - Web Apps are integrated into VNET using VNET integrations, to help you connect to private endpoints in VNET and on-prem resources
    - You can use alternatively use Hybrid connection to connect to on prem resources (see here)
  4. Static Site: [Resource Type: Regional]
    - You can use Azure Static Site (In-Preview) or Blob based Static site (with RA-GRS)
  5. SQL DB: [Resource Type: Regional]
    - Azure SQL DB with Geo-Replication is straight forward option to allow DBs to work
    - Depending on number of SQL DBs required and usage patterns you can consider Elastic pool option to save costs
  6. Key Vault: [Resource Type: Regional]
    - To store secrets, it has built-in DR, in the case of regional outage secondary region acts as a read-only endpoint, hence only one instance
  7. App Configuration: [Resource Type: Regional]
    - Not shown in Architecture but can be considered if required to externalise configurations

Pattern 2:

If you wish to containerise and run the application into Kubernetes then here is a simple pattern for the same, the design aims to keep the cost low and considers Active-Active type setup.

Service Summary

  1. Azure Front Door (AFD): [Resource Type: Global]
    - Acts as single-entry point for API and Static Site
    - Additional Capabilities CDN +  SSL offloading + Edge Acceleration
    - You can implement IP based whitelisting if required
  2. API Management: [Resource Type: Regional]
    - You can apply Policy-based restriction to allow incoming Traffic from AFD (see here)
    - When making calls to backend APIs on Web App it can inject certificate, that Web Apps enforce and can verify (see here) ‌
    - Allows throttling, caching etc.
  3. App Gateway: [Resource Type: Regional]
    - As an ingress controller, also used for SSL offloading and WAF for API and static site
  4. AKS Cluster: [Resource Type: Regional]
    - Hosts WCF/REST into Windows Container and Static Site into Linux
    - Deployed as Zone Redundant running Linux and Windows Node Pool
    - APIs running on the .NET framework will run into Windows Node Pool
    - Injected inside your VNET so you can get private IP for services (if required)
  5. SQL DB: [Resource Type: Regional]
    - Azure SQL DB with Geo-Replication is straight forward option to allow DBs to work
    - Depending on number of SQL DBs required and usage patterns you can consider Elastic pool option to save costs
  6. Key Vault: [Resource Type: Regional]
    - To store secrets, it has built-in DR, in the case of regional outage secondary region acts as a read-only endpoint, hence only one instance
  7. App Configuration: [Resource Type: Regional]
    - Not shown in Architecture but can be considered if required to externalise configurations
  8. Azure Container Registry (ACR): [Resource Type: Regional]
    - Highly-available Container registry Geo-Replicated. ‌

Please note this is work in progress, leave a comment on what you would like to see in this article.


Share Tweet Send
0 Comments
Loading...