Azure cloud platform
Building a sample environment — SE/2015/043
The article is as a requirement of the course SENG 41283: Distributed and Cloud Computing. https://science.kln.ac.lk/tunits/setu/index.php/component/sppagebuilder/90-seng-41283
The assignment was to create the above sample environment of shared cloud architecture using the Microsoft Azure cloud platform. We get to use the student account for this assignment and had permission to use any code snippets available freely or to create our own sample codes. Azure cloud is a platform that we can use to build, deploy, test and managing applications and services through data centres remotely. It also provides solutions like infrastructure as service (IaaS), Platform as service (PaaS) etc. I studied tutorials and documentation of Azure and started developing the solution for the given architecture.
Referred code samples: https://github.com/AzureADQuickStarts/AppModelv2-WebApp-OpenIDConnect-DotNet
https://github.com/chamodmalintha/Azure-Assignment-Service3
I referred above-mentioned code samples in order to set up service 01 and service 03 of the architecture. Service 01 code had built-in authentication with Microsoft which were developed using C# and ASP.Net framework. It has the functionality to display the details or payload of the user who is authenticated. I modified some functionalities by adding a database and inserting the payload to it. Service 03 which includes MVC architecture was created by me using the same programming language and framework. It has the functionalities of getting data from the SQL database and Redis caching. I used visual studio IDE to work with the coding because it is easy to work with Azure while using IDE’s inbuilt plugins. I built and executed both applications to make sure it is running well locally.
Then I started working with the Azure portal and creating resources for the sample environment. The following link will direct you to the GitHub repository of ARM templates which was generated by the resources’ attributes and parameters.
ARM templates: https://github.com/chamodmalintha/SE-2015-043-Azure-ARM-Templates
Then after as the first step to working with Azure portal, I created resources for the storage purpose because at first, I needed to make sure that program runs locally while connecting to the server and Redis remotely. In order to do that I created SQL database and Redis cache resources in a single resource group and added firewall configurations. I used Microsoft SQL server management studio tool to work with the remotely created SQL database. Because it has the ability to connect with the Azure server in minimum steps and gives out an interface to work with it easily and execute queries, so I didn’t use the portal itself to create tables, execute queries etc. Now let's look into the resource creation one by one.
SQL server — resource
SQL database — resource
Firewall configurations on SQL DB and Sever
Redis cache — resource
Firewall configurations on Redis cache
Microsoft SQL Server Management Studio
After that, I made sure that the remote storage is functioning as expected. Then looked up to publishing both web apps to the cloud. In order to do that I went through cloud documentation and tutorials. Gaining basic knowledge in that area I created a web app plan in azure and created the web app resources for both applications. While I was creating those I also focused on adding the application’s insights resource as well. I published the code directly from the IDE which made the process easier for me. Now let's look into the procedure I went through to create those resources.
WepApp — resources
Web app service plan is created and added prior to the web app resource creation. One plan can contain many web apps or functions as resources. Same steps were followed when creating service 03 as well and also for the application insights as well.
Application insights — resource
Publishing code
Next requirement was to create a function which is integrated with the application and also with the same storage. It was about the Service02 of the architecture diagram. This function should be able to generate files and store them under the storage account of the application. I added output configuration as blob storage type and wrote the function in the Azure portal itself using the C# and .Net core. The resource creations are described below.
FunctionApp (Service02)— resource
Storage account must be created to work with functions therefore I created a new storage account, where it responsible to store files generated by the function itself.
FunctionApp Insights — resource
FrontDoor — resource
The front door’s purpose is to manage several instances of a web application which is deployed into distinct regions. It acts as a single door to all those instances if one instance is down it will give out the service using a close-by instance of an application without the user knowing it. So I created a front door and configured as below and made sure that the main services and integrated services are functioning correctly.
When we creating a front door we need to focus on the security of the web applications as well. After studying the documentation I found out that a firewall is available for the web applications but it has to be used with only CDN, Frontdoor or a Gateway. This enables the security of every request and blocks all the other threats to the application as a whole. This web app firewall is applied to the application globally and also securing the other applications or functions integrated with it.
WAF(WebApp Firewall) — resource
Active Directory(AD)
I identified that the authentication process must be handled after the above resource creations. I went to the default active directory which was given by our university. I saw that many test applications are already been registered there. I also registered my application as webApp-se-2015–043 in that default active directory. When I focusing on users I identified that all university students are registered as users there. So when I registered my application there every student who has an account can be login to my webApp. The steps that I followed to register my webApp are briefly described below.
App registration
Key Vault — resource
Azure key vault is the resource where we can maintain all the app secrets. So according to the assignment we had to create Azure key vault integrating the active directory. We can manage keys, certificates, secrets in it by generating or creating manually. Once we create a secret for a certain application we can use that app secret in our own codes to integrate with that particular app to use its services. In order to create such secret, I manually generated and granted the API permission to access the web app which I have registered within the default students’ active directory of the University of Kelaniya.
After creating all the above resources according to the mentioned way I verified the whole functionality of the two service apps and function and made sure my sample cloud environment was connected to each resource accordingly and successfully functioning.
References:
https://freecoursesite.com/1-az-203-developing-solutions-for-microsoft-azure-exam-prep/
https://www.youtube.com/watch?v=POWm4EfU9bA
