I'm having a hard time understanding what exactly is meant by 'data processing' in GDPR. There's one specific scenario which I'll explain later, but I will first try to simplify my question.
Let's say I have 2 servers: one running a database and one is a HTTP web server.
The database is located in the EU and stores privacy sensitive data.
The HTTP web server is located outside the EU but doesn't store any data.
Would it violate GDPR if a consumer would enter privacy sensitive data which is sent to the HTTP web server and then stored on the database server when no trace of the data is left on the HTTP web server?
This might sound like an odd question, so let me elaborate.
In a real-world scenario, there would be (at-least) 4 servers:
2 databases
2 HTTP web servers
For each server type, one is located in the EU, and the other is not.
The database in the EU stores all EU data. The database outside will never contain any EU privacy sensitive data.
Now, we define a single entry point for the 2 HTTP web servers. You could do this using Azure Traffic Manager which utilizes the DNS protocol to balance the load between the 2 servers.
Usually, the entry point will route all EU traffic through the HTTP server in the EU. Unless the server in the EU goes down. The entry point will then direct traffic from the EU to the HTTP server outside the EU. Based on the JWT token provided the non-EU web server still knows the request is GDPR bound, so it will use the EU database to handle the request.
Would this violate GDPR?
Related
Is it possible to include a separate Azure App Service as part of another App Service?
For example lets say that I have a website called www.mycompany.com hosted in its own Azure App Service. I have another Azure App Service that I want to make it accessible by going to a specific URL in the first App Service.
So in other words when a request comes to www.mycompany.com/eu/ I want the content of this endpoint (/eu) to be served from the other app service. Would a load balancer work? The reason I want to do this is because the /eu endpoint has grown too big and I would like to separate that from the main site and host it on a separate app service. I hope my question is clear.
Thanks in advance.
For this purpose you could use Application Gateway.
In a certain sense it resembles a load balancer (it is a L7 LB indeed) as you indicated, but the product provides many additional features.
The following image, extracted from the product documentation, explains how it works:
Basically, as outlined in the aforementioned docs, when describing how an Application Gateway accepts a request (note they mention WAF in the explanation, an optional security threat prevention system):
Before a client sends a request to an application gateway, it
resolves the domain name of the application gateway by using a Domain
Name System (DNS) server. Azure controls the DNS entry because all
application gateways are in the azure.com domain.
The Azure DNS returns the IP address to the client, which is the
frontend IP address of the application gateway.
The application gateway accepts incoming traffic on one or more
listeners. A listener is a logical entity that checks for
connection requests. It's configured with a frontend IP address,
protocol, and port number for connections from clients to the
application gateway.
If a web application firewall (WAF) is in use, the application
gateway checks the request headers and the body, if present,
against WAF rules. This action determines if the request is valid
request or a security threat. If the request is valid, it's routed
to the backend. If the request isn't valid and WAF is in Prevention
mode, it's blocked as a security threat. If it's in Detection mode,
the request is evaluated and logged, but still forwarded to the
backend server.
The routing to one backend or another can be based on URL Paths:
You can find an example of this configuration in this related Microsoft article.
In your use case, you will need to define two backends, one for every App Service, and define routing rules as appropriate.
As indicated before, your DNS should point to the Application Gateway: it will handle the routing to one or other App Service based on the route, /eu/* or /*, provided by the client.
The order of the routes is important: once a rule is matched, it will be the one processed.
Application Gateway is a regional service: Azure Front Door leverages a similar functionality (and much more) globally.
Please, consider review the associated costs of these services.
I am answering my own question to hopefully help others in the same situation. This was simply done using a reverse proxy. This article explains everything you need to set it up - https://ruslany.net/2014/05/using-azure-web-site-as-a-reverse-proxy/
What i want to do is:
have two domains been served by the same code (pointing to the same folder)
each one using its own database and theme (css, images)
separate clients been registered in US to interact with databases based in US from those been registered in EU to interact with databases based in EU. Even if they try to login from an other region.
I don't know if that is possible with Azure, what structure i need, or what tools to use.
Azure Traffic Manager works at the DNS level and enables us to control the distribution of traffic across our application endpoints according to one of several traffic-routing methods, you could try to use it. This blog explained how to use scale Azure Websites globally with Traffic Manager, please refer to it.
I have been looking at setting up Geo DNS routing using Azure Traffic Manager (Performance mode). Basically I have an application (Web App and Azure SQL Database) set-up in East US, North Europe and Australia East. For compliance reasons data cannot be shared between data centres, and I do not want the user to have to make a choice regarding which data centre the use:
us.app.com
eu.app.com
au.app.com
I want to be able to use app.com and then have that routed based on the user location. All of which Traffic Manager does - however it will also fail over to other data centres if the closest data centre is unavailable. I don't want the fail-over behaviour - if for some reason the Web App is down in the closest region, I want the user to receive an error.
Has anyone experience of any other providers that offer such a facility? Can the fail-over behaviour be turned off on Traffic Manager.
Interesting question!
Firstly, please note that the 'Performance' mode routing in Traffic Manager is not guaranteed to route a given user to the same data center if that use travels...for example, if an EU user accesses the service whilst visiting the US, they will be routed to the US endpoint. For this reason, where there is a strong constraint to link a user with a particular region, an application-level re-direct may be required.
To address the question you actually asked...there's no built-in ability to disable endpoint monitoring / failover in Traffic Manager today. As a workaround, I suggest making a placeholder site that hosts an error page using Azure Web Apps, then using nested Traffic Manager profiles as follows
3 child profiles, each with 2 endpoints - one of your service endpoints plus the error page web app. These will use the 'Priority' traffic-routing method (aka 'failover' if you're using the old ASM APIs)
1 parent profile, with 3 endpoints, namely the 3 child profiles above. This should use the 'Performance' traffic-routing method. You'll have to specify the location of each endpoint, which should be the same as the app that it contains.
In this way, if one of your apps fails, traffic will be directed to the error page site instead of to the other apps.
Configuring nested Traffic Manager profiles isn't supported in the Azure Portal today. You will need to use Azure PowerShell or Azure CLI (which supports Windows, Linux and Mac OS)
Regards,
Jonathan Tuliani
Program Manager
Azure Networking - DNS and Traffic Manager
I'm currently developing a mobile app which will be pushed world-wide across the app stores. This app uses a WebAPI REST service as the backend which I currently have running on MS Azure in Europe (which backs onto a database also in Europe).
My problem is, I'd like to create multiple Azure WebApi endpoints (i.e. Australia, US, etc for latency reasons), each with their own database which has geo-replication enabled.
Does anyone know a method/product/service I could use which allows me from the app to either:
Connect to a single domain which behind the scenes picks the closest server to the user.
OR
The app itself is able to determine based on a given list the closest server and connect to that?
I've looked at Azure CDN but this is for static content which is great but I need something for dynamic content.
What you're looking at is Traffic Manager. Traffic manager enables that exact scenario, of finding the closest service that hosts your REST API.
Keep in mind though, that the database replication is (for the time being) a thing you have to do yourself, although we do provide you with the tooling and guidance on how.
I'm currently performing a research on cloud computing. I do this for a company that works with highly private data, and so I'm thinking of this scenario:
A hybrid cloud where the database is still in-house. The application itself could be in the cloud because once a month it can get really busy, so there's definitely some scaling profit to gain. I wonder how security for this would exactly work.
A customer would visit the website (which would be in the cloud) through a secure connection. This means that the data will be passed forward to the cloud website encrypted. From there the data must eventually go to the database but... how is that possible?
Because the database server in-house doesn't know how to handle the already encrypted data (I think?). The database server in-house is not a part of the certificate that has been set up with the customer and the web application. Am I right or am I overseeing something? I'm not an expert on certificates and encryption.
Also, another question: If this could work out, and the data would be encrypted all the time, is it safe to put this in a public cloud environment? or should still a private cloud be used?
Thanks a lot!! in advance!!
Kind regards,
Rens
The secure connection between the application server and the database server should be fully transparent from the applications point of view. A VPN connection can connect the cloud instance that your application is running on with the onsite database, allowing an administrator to simply define a datasource using the database server's ip address.
Of course this does create a security issue when the cloud instance gets compromised.
Both systems can live separately and communicate with each other through a message bus. The web site can publish events for the internal system (or any party) to pick up and the internal system can publish events as well that the web site can process.
This way the web site doesn't need access to the internal database and the internal application doesn't have to share more information than is strictly necessary.
By publishing those events on a transactional message queue (such as MSMQ) you can make sure messages are never lost and you can configure transport level security and message level security to ensure that others aren’t tampering messages.
The internal database will not get compromised once a secured connection is established with the static Mac ID of the user accessing the database. The administrator can provides access to a Mac id through one time approval and add the user to his windows console.