Assignment: Azure cloud

SE/2015/010 — P.H.D Diyasena

The article is as a requirement of the course SENG 41283: Distributed and Cloud Computing. https://science.kln.ac.lk/tunits/setu/index.php/component/sppagebuilder/90-seng-41283

All the resources that I have created and also mentioned in this article can be referred by https://github.com/deshanjali/ARM-Templates-se010

The assignment was about setting up a sample environment using Microsoft Azure cloud platform based on shared architecture concepts. At first, I did some hands-on to get familiar with the azure student portal given to us. Then went through open-source code samples and identified what would be perfect for use in this assignment as it should be not that complex. I came up with very reliable codes written in C# using ASP.Net framework. I downloaded visual studio as my IDE because it has integrated plugins for Azure which can be downloaded easily. The code samples that I have referred to are mentioned below:

Service 01: https://github.com/AzureADQuickStarts/AppModelv2-WebApp-OpenIDConnect-DotNet

Service 02: https://github.com/deshanjali/se010Assignment-webApp2

The first one has the ability to authenticate the user with Microsoft account and then display the primary details of the user. I enhanced it by connecting a database to it, so by clicking a button the user details are inserted to the DB. The second code sample is the one I created to retrieve data from the same database and also it has the ability to cache using Redis. First I locally built and executed the code. Once it is successfully up and running, I started to work with the Azure portal. I created a SQL database and Redis cache in my resource group then connected those to my both web applications. In addition to that, I set up the firewall as well. When I was working with SQL database, I used Microsoft SQL server management studio as the tool to connect with the SQL database in Azure portal, because that gives a very easily accessible interface to work with.

Database and Server creation

Server and SQL database resources creation

Setting up the firewall for the database/server and connected via Microsoft SQL server management studio

Firewall and the Management studio integration

Redis cache was created to work with the web application and it was connected to the application via a connection string. By using caching we don’t need to load data per every request cache DB can store it for a certain time and reload it without connecting the actual database. I set up the firewall configuration as well. I was able to connect the application which was running locally to the Azure Redis cache.

Redis cache creation and setting up the Firewall

Creating and setting up the firewall of Redis cache

Redis code configuration and Usage

After creating the server-side I gradually moved to publish both web apps to the Azure. For that, I created web app resources in the resource group and started publishing the code through the visual studio IDE. While creating web app resources I enabled application insights as well. So it gave out new application insights as resources which were added to the resource group automatically. Following snapshots were taken while creating resources and publishing the code.

Creating web app resources and adding application insights

Publishing web applications

Hosted applications as web app service 01 & 02

Published web applications

Service 03: Function app

Another requirement of the assignment was to create a function which gives files as output. I created a storage account and edited its output configurations. Then wrote a function that has the ability to generates a blob and stores it under the storage account which was created earlier. The function was written in C# and in the Azure portal itself using its editor. While creating the function resource I enabled application insights as well. The steps I followed are shown below:

Function create and configuring output

Executing the function and verifying the output

Next thing I focused was to, creating the front door for the web application. First I referred several tutorials prior to that to gain knowledge then I started by creating a front door resource for my resource group. I configured it to the web application and also checked and validated the app is functioning like before. I learned purposes of the front door like handling multiple regions deployed instances as one and has the capability to cover it from the user and also give data when the close by instance is not working.

Front-door

Configuring frontends, backend pools and routing

Frontdoor is configured successfully for web application and website can be viewed from that particular URL

When creating the front door I identified the requirement of securing the front door of the application. The front door must be secured thoroughly because it is the first point that malicious attacks can be hit in a web application. Even several web apps and functions are integrated behind the front door single entry point must have some kind of a security mechanism. So I went through the resources and found the web app firewall resource which is solely for securing the front doors of applications. This firewall can be used with the front door, CDN or gateway only. So I used it to secure my web application.

WAF(Web application firewall) — creating

WAF with and without — When we don’t have the firewall configured to the web application through the front door we can inject scripts to the URLs as cross-site scripting attacks. But if we have a WAF those threats won’t be happening because it enables several security mechanisms to the application. The difference is clearly shown in the following snapshots.

Active Directory(AD)

After creating all those resources I had remaining requirements of creating CDN and creating Active Directory to handle users and also a key vault to handle secrets of the application. Because of student subscription, CDN resource is not available so I move on with the remaining requirements. I created a separate active directory(AD) because I will have the ability to create my own users with prefered usernames and passwords. To create new users I switched to my newly created active directory from my default directory. Before creating the users I registered my app under app registrations and given it a name that users can see. When I registered my app I modified all the configurations according to my application. After that, I created new users. All the steps I followed are shown below:

Creating a new Active Directory

Registering web application

Adding new Users

Sign-in with the newly created user and payload is displayed and also added to the SQL database

The last thing was to create a key vault to manage the app’s secrets. Therefore I created a key vault and added application secret to it. So anyone who has it can use that secret to access my web application. The key vault creation I followed the following steps:

Key vault creation

Generating a secret and adding API permission

Adding secrets by manually

After completing all the requirements I verified the functionality of both web apps and the function to check whether those are up and running well. From this cloud assignment, I was able to gain a good knowledge of the distributed and shared architectures and how to use cloud platforms like Azure.

All the resources that I have created and also mentioned in this article can be referred by https://github.com/deshanjali/ARM-Templates-se010

References:

Add Microsoft identity platform sign-in to an ASP.NET web app

https://www.youtube.com/watch?v=cdoY_pnqPiA

https://docs.microsoft.com/en-us/azure/app-service/app-service-web-get-started-dotnet-framework

https://freecoursesite.com/1-az-203-developing-solutions-for-microsoft-azure-exam-prep/

https://www.youtube.com/watch?v=CLOgyQFrrZY