Azure Cloud Platform Sample Environment based on Shared Cloud Architecture

8 min readAug 9, 2020

Azure cloud platform sample environment based on shared cloud architecture was set up for the requirement of course SENG 41283 : Distributed and Cloud Computing. Link : https://science.kln.ac.lk/tunits/setu/index.php/component/sppagebuilder/90-seng-41283

Distributed system is a system whose components are placed on different networked computers, which communicate and coordinate their actions by passing messages to one another. Components interact with one another to achieve a common goal. Cloud computing is on demand availability of computer system resources like data storage and computing power, without direct active management by user. Azure is cloud computing platform provided by Microsoft.

Architecture diagram of the sample environment.

Azure resources used in this azure sample environment are App Services, Function App, Azure Database For MySQL Server, Azure Cache For Redis, Storage Account, Application Insights, Web Application Firewall, Front Door, CDN, Azure Active Directory and Key Vault.

ARM templates for all created azure resources : https://github.com/Sangeevan/SENG-41283-arm-templates

App Services

Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. Can develop in any language like .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments. App Service not only adds the power of Microsoft Azure to application, such as security, load balancing, auto scaling, and automated management. Can also take advantage of its DevOps capabilities, such as continuous deployment from Azure DevOps, GitHub, Docker Hub, and other sources, package management, staging environments, custom domain, and TLS/SSL certificates.

ARM Template : https://github.com/Sangeevan/SENG-41283-arm-templates/tree/master/AzureSampleEnvironmentService01

ARM Template : https://github.com/Sangeevan/SENG-41283-arm-templates/tree/master/AzureSampleEnvironmentService02

Function App

Azure Functions allows to run small pieces of code called as functions without worrying about application infrastructure. With Azure Functions, the cloud infrastructure provides all the up-to-date servers you need to keep your application running at scale. A function is triggered by a specific type of event. Supported triggers include responding to changes in data, responding to messages, running on a schedule, or as the result of an HTTP request. Can always code directly against a myriad of services, integrating with other services is streamlined by using bindings. Bindings give declarative access to a wide variety of Azure and third-party services.

ARM Template : https://github.com/Sangeevan/SENG-41283-arm-templates/tree/master/AzureSampleEnvironmentFunction

Azure Database For MySQL Server

Azure Database for MySQL is a relational database service in the Microsoft cloud based on the MySQL Community Edition available under the GPLv2 license database engine, versions 5.6, 5.7, and 8.0. Azure Database for MySQL delivers Built-in high availability with no additional cost, Predictable performance and using inclusive pay-as-you-go pricing, Scale as needed within seconds, Secured to protect sensitive data at-rest and in-motion, Automatic backups and point-in-time-restore for up to 35 days, Enterprise-grade security and compliance.
These capabilities require almost no administration and all are provided at no additional cost. It allows to focus on rapid app development and accelerating time to market rather than allocating precious time and resources to managing virtual machines and infrastructure. In addition, can continue to develop application with any of the open-source tools and platform to deliver with the speed and efficiency.

ARM Template : https://github.com/Sangeevan/SENG-41283-arm-templates/tree/master/azuresamplesnvironmentmysqlserver

Azure Cache For Redis

Azure Cache for Redis provides an in-memory data store based on the open-source software Redis. Redis improves the performance and scalability of an application that uses on backend data stores heavily. It is able to process large volumes of application request by keeping frequently accessed data in the server memory that can be written to and read from quickly. Redis brings a critical low-latency and high-throughput data storage solution to modern applications. Azure Cache for Redis offers Redis as a managed service. It provides secure and dedicated Redis server instances and full Redis API compatibility. The service is operated by Microsoft, hosted on Azure, and accessible to any application within or outside of Azure. Azure Cache for Redis can be used as a distributed data or content cache, a session store, a message broker, and more. It can be deployed as a standalone or along side with other Azure database service, such as Azure SQL or Cosmos DB.

ARM Template : https://github.com/Sangeevan/SENG-41283-arm-templates/tree/master/azuresamplesnvironment

Storage Account

Azure storage account contains all of Azure Storage data objects: blobs, files, queues, tables, and disks. The storage account provides a unique namespace for Azure Storage data that is accessible from anywhere in the world over HTTP or HTTPS. Data in Azure storage account is durable and highly available, secure, and massively scalable.

ARM Template : https://github.com/Sangeevan/SENG-41283-arm-templates/tree/master/azuresampleenvstorage

Application Insights

Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help diagnose issues and to understand what users actually do with app. It’s designed to help continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js, Java, and Python hosted on-premises, hybrid, or any public cloud. It integrates with DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.

ARM Template : https://github.com/Sangeevan/SENG-41283-arm-templates/tree/master/AzureSampleEnvironmentService01Insights

ARM Template : https://github.com/Sangeevan/SENG-41283-arm-templates/tree/master/AzureSampleEnvironmentService02Insights

ARM Template : https://github.com/Sangeevan/SENG-41283-arm-templates/tree/master/AzureSampleEnvironmentFunctionInsights

Web Application Firewall

Azure Web Application Firewall (WAF) on Azure Front Door provides centralized protection for web applications. WAF defends web services against common exploits and vulnerabilities. It keeps service highly available for users and helps meet compliance requirements. WAF on Front Door is a global and centralized solution. It’s deployed on Azure network edge locations around the globe. WAF enabled web applications inspect every incoming request delivered by Front Door at the network edge. WAF prevents malicious attacks close to the attack sources, before they enter virtual network. Get global protection at scale without sacrificing performance. A WAF policy easily links to any Front Door profile in the subscription. New rules can be deployed within minutes, so can respond quickly to changing threat patterns.

ARM Template : https://github.com/Sangeevan/SENG-41283-arm-templates/tree/master/azuresampleenvironmentfirewall

Front Door

Azure Front Door enables to define, manage, and monitor the global routing for web traffic by optimizing for best performance and quick global fail-over for high availability. With Front Door, can transform global (multi-region) consumer and enterprise applications into robust, high-performance personalized modern applications, APIs, and content that reaches a global audience with Azure. Front Door works at Layer 7 or HTTP/HTTPS layer and uses any cast protocol with split TCP and Microsoft’s global network for improving global connectivity. So, per the routing method selection in the configuration, can ensure that Front Door is routing client requests to the fastest and most available application backend. An application backend is any Internet-facing service hosted inside or outside of Azure. Front Door provides a range of traffic-routing methods and backend health monitoring options to suit different application needs and automatic fail-over models. Similar to Traffic Manager, Front Door is resilient to failures, including the failure of an entire Azure region.

ARM Template : https://github.com/Sangeevan/SENG-41283-arm-templates/tree/master/azuresampleenvironmentbackend

CDN

A content delivery network (CDN) is a distributed network of servers that can efficiently deliver web content to users. CDNs store cached content on edge servers in point-of-presence (POP) locations that are close to end users, to minimize latency. Azure Content Delivery Network (CDN) offers developers a global solution for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world. Azure CDN can also accelerate dynamic content, which cannot be cached, by leveraging various network optimizations using CDN POPs. For example, route optimization to bypass Border Gateway Protocol (BGP). The benefits of using Azure CDN to deliver web site assets include Better performance and improved user experience for end users; especially when using applications in which multiple round-trips are required to load content, Large scaling to better handle instantaneous high loads; such as the start of a product launch event, Distribution of user requests and serving of content directly from edge servers so that less traffic is sent to the origin server.

Azure Active Directory

Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps users sign in and access resources in external resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications; Internal resources, such as apps on corporate network and intranet, along with any cloud apps.

Key Vault

Azure Key Vault helps solve lots of security problems. Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets. It can also be used as a Key Management solution. Azure Key Vault makes it easy to create and control the encryption keys used to encrypt data. It is also a service that lets easily provision, manage, and deploy public and private Transport Layer Security/Secure Sockets Layer (TLS/SSL) certificates for use with Azure and internal connected resources. Store secrets backed by Hardware Security Modules. The secrets and keys can be protected either by software or FIPS 140–2 Level 2 validated HSMs.