Designing A Multi-Area Internet Utility Answer With A Personal Endpoint Database In Microsoft Azure

Introduction

At the moment, we are going to look right into a multi-region answer for an internet utility to offer redundancy. We are going to see how it is suggested to be arrange utilizing the structure proposed by Microsoft. We can even see how the database utilized by the online utility might be out there by way of a personal endpoint and never accessible from the web. This can give us a really sturdy, safe, and extremely out there internet utility answer utilizing Microsoft Azure.

Reference diagram

We are going to begin with the diagram supplied by Microsoft. Particulars can be found on the Microsoft web site under:

https://study.microsoft.com/en-us/azure/structure/example-scenario/sql-failover/app-service-private-sql-multi-region

Parts of the design

The diagram might sound very advanced on the first look, however it’s fairly easy to grasp and arrange. Within the first area known as the “Main area” we arrange an Azure app service to host our internet utility. We then combine this app service into a brand new/current digital community and subnet in Azure and disallow direct entry to the App service from the surface. We then arrange a personal hyperlink subnet in the identical digital community and arrange a personal endpoint to the database e.g., Azure SQL database. Direct entry to the database from the web can be eliminated. Therefore, we are able to solely speak to the database utilizing the non-public endpoint from the App service.

We then replicate the identical setup in one other area known as the “Secondary area”. We then arrange digital community peering between the digital networks in each areas and arrange database geo-replication between the 2 databases. This can make sure that any database modifications within the main area are replicated with the database within the secondary area in case we have to begin utilizing the secondary area.

Subsequent, comes the ultimate service on this architectural design. That’s the Azure entrance door service. That is the purpose to which web customers will hook up with entry our utility. We are going to solely hook up with our app companies from the entrance door. Right here, we are going to set the first area which can deal with our requests. Right here, we can even arrange our secondary area which we swap over in case of a failure of the first area. We additionally allow WAF (Internet Utility Firewall) companies right here to offer additional safety in opposition to assaults like SQL-Injection and many others. 

Two issues I wish to add to this diagram can be the under:

1. Azure monitor and diagnostic settings for the Database and Entrance door service to observe transactions and standing.
2. Utility Insights for detailed instrumentation of the App companies.

Abstract

In right now’s article, we checked out how we are able to design an structure for a multi-region internet utility to offer redundancy. We additionally noticed how the database utilized by the online utility might be out there by way of a personal endpoint and won’t be accessible straight from the web. This gave us a really sturdy, safe, and extremely out there internet utility answer utilizing Microsoft Azure companies. This answer is barely advisable for functions that require a really excessive availability degree as we’re setting it up in multi-regions to stop any downtime. The prices might be excessive as we’ve got a duplicated companies structure.