Currently, I am working on establishing enterprise-scale landing zones for Cloud Adoption Framework in Azure.
While I understood most of the concepts, I would like to see it on Azure.
Are there existing blueprints that I can import to set up Azure Landing Zones in accordance with the Cloud Adoption Framework?
Related
I've a conceptual question about Static web site on Storage Account & App Service.
My team have develop an Angular10 + ASP.NET Core (API) application. Our frontend (Angular10) only consumes our API , so the availability of our app depends on the availability of both, frontend + backend (our API will NOT be consumed by any other app). We don't have any latence issue or requirement as our final users are all in the same region. Our app must be consumed through HTTPS and with a specific name (CNAME).
When we deploy the app to Azure, my team decide to deploy it separately using a Store Account as static web site for Angular 10 and an AppService for the API as backend of our App.
As far I see on MS docs (here is the related article):
"App Service Static Web Apps is a great alternative to Azure Storage static website hosting and is also appropriate in cases where you don't require a web server to render content"
Because of we currently need an AppService to render content, i have some questions:
The app works but, is a correct arquitectural approach or is better only publish our app to an AppService?
There are any security/cost related/whatever topic that makes StaticWebSite + AppService approach better than only AppService deploy?
I think that this approach does not give us any facility or advantage. Instead of this, we have to configure more things on Azure to connect through SSL and to give a CNAME to our app and AppService deploy.
Please, can you give me your oppinion?
Thanks in advance
Best regards
Luis
The best approach would be to split out the SPA and API and host them separately. This creates a loose coupling between the applications giving you more flexibility around performance, scalability, and deployment.
The .NET Core API could be hosted on an Azure App Service, or could it even be refactored into running as a set of serverless Azure Functions? Converting it into functions would allow for auto scaling and a likely reduction in cost as you only pay when the function is running. It depends what the API methods are actually doing.
The SPA could be hosted as a static web site in a storage account blob container, and with a CDN endpoint mapped to it you can set it up to expose the SPA using HTTPS on a custom domain. Alternatively you could use an Azure Static Web App (although this is still in preview). This simplifies the deployment of SPAs as it will connect to your code repo and build and deploy the SPA for you when changes are committed to the repo.
That would of course mean configuring two separate CNAME subdomain records (assuming you wanted to the API to have a custom domain name), but that's not a big deal and ultimately a clearer separation on concerns.
Static Web Hosting: https://learn.microsoft.com/en-gb/azure/storage/blobs/storage-blob-static-website-how-to
Azure Static Web Apps: https://learn.microsoft.com/en-gb/azure/static-web-apps/overview
Static Hosting with Azure CDN: https://www.red-gate.com/simple-talk/cloud/azure/static-hosting-with-azure-blob-storage-and-azure-cdn/
Hosting option depends on your requirements.
Use case for using Static web site on Storage Account is a need to manipulate or process data on the server side, simply call the relevant managed Azure service like Azure Cognitive Services or leverage a web server of your own hosted on Azure Functions.
https://azure.microsoft.com/en-us/blog/static-websites-on-azure-storage-now-generally-available/
Your are Static web site makes a call to Azure WebApp API, so you should have Azure WebApp Plan.
Azure WebApp Plan can host both API and Static web site. Benefits of such scenario are:
Reduce cost as you can host multiple WebApps in same Azure WebApp Plan.
Azure WebApp gives you more hosting features versus Storage Account
Deployment can be implemented in same way for both Static web site and API
My website and my domain are hosted on a different service provider from azure. I created a CNAME record and I have added my custom domain to the azure. So right now I can go to http://images.mysite.com/images/myimage.png. The image that loads comes from the blob storage from azure. However, if I try to do this via https, I get NET::ERR_CERT_COMMON_NAME_INVALID error.
I've been through many guides, and seen just about every setting in azure portal and I can't figure out how to import my ssl into azure so that this will work. I have a feeling it has to do something with Azure CDN option, which I don't have configured and don't want to pay extra just for this one feature. Can I do this without it somehow?
I've been through many guides, and seen just about every setting in
azure portal and I can't figure out how to import my ssl into azure so
that this will work.
Simple answer to your question is that it is not possible as of today. Azure Storage still doesn't support HTTPS with custom domain. You'll need to use CDN if you wish to use your SSL certificates to facilitate secure connection.
From https://learn.microsoft.com/en-us/azure/storage/blobs/storage-custom-domain-name:
Azure Storage does not yet natively support HTTPS with custom domains.
You can currently Use Azure CDN to access blobs by using custom
domains over HTTPS.
I already have a domain name purchase from Google Domains.
I would like to host this site on Microsoft Azure, How should I plan to purchase all the required resources on Azure, if I want to host a Wordpress site, but would also need control over the size, if in future I plan to host some microsite with NodeJS or any other technologies like Java or .Net Core.
What would be my cost per month considering the above requirements?
Below is the list that I envisioned that I may need, can anyone suggest something this I missed.
A VM with Ubuntu (That would take care of Wordpress, Database(MySQL), NodeJS, Java and others)
Map my domain with Azure and map it with the VM
The solution you're thinking of is also known as IaaS (Infrastructure as a Service) and it is something you'd usually consider when migrating from an on-prem solution where you already have the VMs images for your needs.
In your particular case I'd recommend looking into PaaS (Platform as a Service) - specifically Azure App Service.
Everything you enumerated can be hosted in an Azure App Service as it supports all major technologies for deploying web apps today (.Net, Node.js, Java, etc).
In addition to your own code, Azure offers a number of build-in templates for 3rd party vendors that allow you to deploy pre-packaged solutions such as Wordpress without having to worry about the installation yourself. See this Wordpress on Azure article for more details.
Pricing information for Azure Web Apps can be found on the docs page. In your case I suspect you could do with a B1 or S1 instance.
Lastly, for your domain name, you can easily map and configure any custom domain to an Azure Web App by simply updating the DNS records in your Domain Management system and reference that in the Azure Portal. See docs for details.
Adding to Alex's response. To provide you a good understanding on hosting website on Azure. Firstly, I wish to highlight that Azure offers several ways to host websites: Azure App Service WebApps (PAAS solution), Virtual Machines (IAAS), Service Fabric, and Cloud Services.
Azure App Service (PAAS solution) is the best choice for most web apps. Deployment and management are integrated into the platform, sites can scale quickly to handle high traffic loads, and the built-in load balancing and traffic manager provide high availability.
WebApp is a fully managed compute platform that is optimized for hosting websites and web applications.
If you wish to host your website/app on an Azure VM (IAAS solution), you would typically install, design and configure the app in a similar way as you would onprem. If you have an existing application that would require substantial modifications to run in App Service you could choose Virtual Machines in order to simplify migrating to the cloud.
Take a look at the supported and unsupported configuration on App Service Migrate - Migration checklist when moving to Azure App Service : https://azure.microsoft.com/en-us/blog/migration-checklist-when-moving-to-azure-app-service/
I have a SaaS web app developed with Angular 8 and Asp.net Core Web API. I have deployed web api to a azure web app and deployed angular front-end web app to another azure web app as well.
The users are from China and Australia and other countries. I want to have region load balance like Chinese users uses web app on china azure region and australian users use Australian azure region web app so that it has best performance. Azure SQL DB will be in one place (in australia).
In addition, i want to prevent attacking to web front app and web api like d-dos, web scraping and SQL injection. For web scraping, i want to add access rate limitation from one ip.
Can you please advise what service i should use? I saw the blog talking about azure application gateway, azure load balancer, azure front door and azure traffic manager. It is a bit confusing to me. I need a best practise based on my this real world scenario. Should I use one of the service or should I use multiple services?
Based on your requirement:
Since the Backend Resource is Web App, you can ignore Load balancer (Layer 4) where you can only add VMs or VMSS
Your another requirement is WAF, and it is only available in AFD and AppGW. But you can use Traffic Manager as first Tier Load balancing and have AppGW in the different regions to provide high resilience.
As you want users from specific country to reach nearest backend resource, it seems like, the best solution for you is AFD.
AFD is a global Load balancer. It has WAF capability. It can Cache the data and provide quicker responses(CDN functionality). AFD uses an intelligent probing mechanism, through which it chooses the endpoint which is closer to the client who is making the request.
Hope this helps.
Given:
Couple of websites created using Azure Web Sites execution model.
No RDP access since Azure Web Sites doesn't provide it.
Possibility to install/create Cloud Service on Azure. Cloud Service
does have RDP access to its websites.
Question:
Will it be possible to access the existing websites via RDP on Cloud Service?
Assuming you had deployed your sites in Azure Cloud Services and enabled RD, you can very well look at the setup and config of your site(s) under it.
However if you make any changes, it may not be reflected to the setup as the Azure Cloud Services is non persistent and during any Data center activities like load balancing the fabric controller may just pull of your instance and re-deploy in someother instance. During this process all your changes will be lost and the original package of cscsf and cscfg will utilized during deployment.