Pillars of great Azure Architecture

blogs.karthikeyanvk.in
Pillars of a great Azure architecture
Karthikeyan VK
https://blogs.karthikeyanvk.in
@karthik3030

Enter Text
Why Should I learn Pillars of a great Azure architecture ?
• Guides you to design, build, and continuously
improve a secure, reliable, and efficient application.
• One stop shop for designing non-functional
requirements for your cloud based project.
Green/Brown field projects.
• Building solution in cloud is hard.

Enter Text
Why Should I learn Pillars of a great Azure architecture ?
• Role of a solution architect is not only to deliver
business value through the functional requirements
of the application, but to ensure the solution is
designed in ways that are scalable, resilient, efficient
and secure application(NFR’s).

Enter Text
What are Pillars of a great Azure architecture ?
Four pillars of Great
Architecture
Security
Performance
and scalability
Availability
and
recoverability
Efficiency and
operations

Enter Text Security

Enter Text
Why Security?
• Data is the most valuable piece of your organization's
technical footprint.
• When a security breach occurs, there can be
substantial impacts to the finances and reputation of
both organizations and customers.
• Security must be throughout the entire lifecycle of
your application, from design and implementation to
deployment and operations

Enter Text
Why Security?
• PCI(Payment Card Industry) for credit cards
• General Data Protection Regulation (GDPR) for
personal data.
• HIPAA for Healthcare.
• All Regulations are mandatory for running the
corresponding organization.
• Securing data is enforced by governments as law.

Enter Text
What should I protect?
• Data could be sensitive data about customers,
financial information about your organization, or
critical line-of-business data supporting your
organization.

Enter Text
What is Defence in Depth
 Multi-layered approach to securing your
environment will increase the security posture of
your environment.
Data
Applications
VM/compute
Networking
Perimeter
Policies &
access
Physical
security

Enter Text
Defence in Depth – Data Layer
 Data layer: Exposing an encryption key or using
weak encryption or no encryption can leave your
data vulnerable, should unauthorized access occur.
 Enable encryption in sql with built in data
encryption, use SASS tokens for storage account.
 Don’t checkin production configuration in source
code. Use Keyvault to access any credentials.

Enter Text
Defence in Depth – Application Layer
 Application layer: Malicious code injection and
execution are the hallmarks of application-layer
attacks.
 Common attacks include SQL injection(No.1 in
OWASP) and cross-site scripting (XSS).
 Use parameters for SQL Queries.
 Enable proper CORS.

Enter Text
Defence in Depth - Compute Layer
 Malware is a common method of attacking an
environment, which involves executing malicious
code to compromise a system.
 Once malware is present on a system, further
attacks leading to credential exposure and lateral
movement throughout the environment can occur.
 Disable RDP at all times, until really neede.

Enter Text
Defence in Depth – Network Layer
 Opening unnecessary ports to the Internet are a
common method of attack.
 These could include leaving SSH or RDP open to
virtual machines.
 Enable internet only when needed for VM’s.
 Strict policies on Egress and Ingress

Enter Text
Defence in Depth – Perimeter Layer
 Denial-of-service (DoS) attacks are often seen at this
layer.
 These attacks attempt to overwhelm network
resources, forcing them to go offline or making them
incapable of responding to legitimate requests.
 Add firewall Rules based on IP.
 Enable V-Net.

Enter Text
Defence in Depth – Policies & Access Layer
 Authentication occurs in this layer for your application.
 Exposed credentials are a risk here and it's important to
limit the permissions of identities.
 Enable monitoring to look for possible compromised
accounts, such as logins coming from unusual places.
 Make sure password has strong policies.
 Enable Just In Time(JIT) access control.
 Enable Multifactor Authentication.

Enter Text
Defence in Depth – Physical layer
 Unauthorized access to facilities through methods
such as door drafting and theft of security badges
affects this layer.
 Transmitting virus through a pen drive by physically
present in the location.
 Access should be multiple level to access a resource
with multiple door and multiple authentication
process.

Enter Text
Defence in Depth – Summary
Layer How To’s
Data Data encryption at rest in Azure blob storage
Application SSL/TLS encrypted sessions
Compute Regularly apply OS and layered software patches
Network Apply security rules Such as Control Egress and Ingress
Perimeter DDoS protection
Policies &
Access Azure Active Directory user authentication, B2B/B2C,MFA
Physical
Security Azure data centre biometric access controls

Enter Text
Performance and scalability

Enter Text
Why performance and scalability ?
• Meet Customer Demands
• Keeps the business Alive
• Not wake up @ night to know solve a outage.

Enter Text
What is Scaling?
• Scaling up is the action of adding more resources to
a single instance.
• Scaling out is the addition of instances.

Enter Text
What is performance Optimization?
• Scaling and performance optimization are about
matching the resources available to an application
with the demand it is receiving.
• Performance optimization includes scaling resources,
identifying and optimizing potential bottlenecks, and
optimizing your application code for peak
performance.

Enter Text
How to design performance and scalability ?
• When optimizing for performance, you'll look at
network and storage to ensure performance is
acceptable.
• Selecting the right networking and storage
technologies for your architecture will help you
ensure you're providing the best experience for your
consumers.

Enter Text
Data partitioning
• In many large-scale solutions, data is divided into
separate partitions that can be managed and
accessed separately.
• Partitioning can help improve scalability, reduce
contention, and optimize performance.
• Think about Database Sharding or elastic pools or
multitenant databases or Polyglot databases.

Enter Text
Caching
• Mechanism to store frequently used data or assets
(web pages, images) for faster retrieval
• Caching can be used at different (DB/Business/UI)
layers of your application.
• Secondary effect is offloading requests from your
database or web servers, increasing the performance
for other requests.

Enter Text
Autoscaling
• Reduces the need for an operator to continually
monitor the performance of a system and make
decisions about adding or removing resources
• Autoscaling is the process of dynamically allocating
resources to match performance requirements
• You can enable autoscaling in Web App, Database,
Kubernetes workloads etc.

Enter Text
Background jobs for Intensive workload
• Minimize the load on the application UI, which can
improve availability and reduce interactive response
times.
• Background jobs can be executed without requiring
user interaction
• For Background jobs use Azure functions, Kubernetes
Cron Job, Keda etc.

Enter Text
Implement scale units
• Scale as a unit.
• For example, adding x number of functions apps
might require y number of additional queues and z
number of storage accounts to handle the additional
workload generated by the function app.
• A scale unit could consist of x function apps, y
queues, and z storage accounts.

Enter Text
Performance monitoring
• In a production environment, it's important to be able
to track the way in which users utilize your system,
trace resource utilization, and monitor the health and
performance of your system.

Enter Text
Performance monitoring – Contd…
• Look across all layers of your application. Identify and
fix performance bottlenecks in your application
• Bottlenecks could be poor memory handling in your
app, or process of adding indexes into your database.
• Look It may be an iterative process as you relieve one
bottleneck and then uncover another.
• Use Appinsights in all your web app and function app.
• SQL also provides great and easy monitoring tools.

Enter Text
Performance and Scalability– Summary
How To’s
Data
Partitioning Database Sharding, Elastic Pool for multitenant database, Polyglot databases
Caching Use HTTP Cache, Redis Cache
Autoscaling Use Auto Scale Up/Out available in WebApp, SQL, Kubernetes
Background
Jobs Use web Jobs, Azure functions and Keda
Scale as units Think scaling as units rather than single entity.
Performance
Monitoring Use App Insights and also log analytics to detect anomaly.

Enter TextAvailability and recoverability

Enter Text
Why availability and recoverability ?
• Any number of things can go wrong at any scale.
Individual servers and hard drives can fail
• Whole datacentre may become unreachable.
• Including high availability and recoverability in the
design of your architecture protects your business
from financial losses resulting from downtime and
lost data.

Enter Text
What is availability and recoverability Design ?
• Designing for availability focuses on maintaining
uptime through small-scale incidents and temporary
conditions like partial network outages.
• Designing for recoverability focuses on recovery from
data loss and from larger scale disasters..

Enter Text
How to design availability and recoverability ?
• For availability, identify the service-level agreement
(SLA) you're committing to.
• Talk to your business about downtime rather than
assuming things
• The goal is to add redundancy to components of the
architecture based on research, not on assumption .
• Design application, so that you are less likely to
experience an outage.

Enter Text
• For recoverability, perform an analysis that examines
possible data loss and major downtime scenarios.
• The analysis should include an exploration of recovery
strategies and the cost-benefit trade-off for each.

Enter Text
• Recovery Point Objective: The maximum duration of
acceptable data loss.
• RPO is measured in units of time, not volume: "30
minutes of data", "four hours of data", and so on.
• RPO is about limiting and recovering from data loss, not
data theft.

Enter Text
• Recovery Time Objective: The maximum duration of
acceptable downtime, where "downtime" needs to be
defined by your specification.
• For example, if the acceptable downtime duration is
eight hours in the event of a disaster, then your RTO is
eight hours.

Enter Text
Efficiency and Operations– Summary
How To’s
Analyse Talk to your stakeholders about acceptable downtime details
RTO Recovery Time Objective, identify how long your application can be down
RPO Recovery Point Objective, max duration of data loss.

Enter Text
Efficiency and operations

Enter Text
How to design efficiency and operations ?
• A great place to start is to look at cost optimization
steps like sizing virtual machines properly and
deallocating virtual machines that aren't in use.
• Where possible, you want to move from IaaS to PaaS
services.
• Automate as much as possible. The human element is
costly, injecting time and error into operational
activities.

Enter Text
• Automate as much as possible.
• The human element is costly, injecting time and error
into operational activities.
• Use automation to build, deploy, and administer
resources.
• Throughout your architecture implement monitoring,
logging, and instrumentation system. Gives you the
capability to see what’s going on

Enter Text
• Modern architectures should be designed with
DevOps and continuous integration in mind.
• DevOps is as much cultural as it is technical, but can
bring many benefits to organizations that embrace it.
• With cloud computing, you're paying for what you
use, so you want to make sure you aren't wasting
resources.

Enter Text
Efficiency and Operations– Summary
How To’s
DevOps Remove the line between Development and Operations.
Automation Find where manual intervention can be automated.
IAAS to PAAS Move you VM to PAAS based solution or serverless to reduce huge cost.

Enter Text
References
@karthik3030
• https://docs.microsoft.com/en-us/learn/modules/pillars-of-a-great-azure-architecture/1-
introduction

Enter Text
@karthik3030
Thank you
/Q&A

Pillars of great Azure Architecture

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Pillars of great Azure Architecture

Ähnlich wie Pillars of great Azure Architecture (20)

Mehr von Karthikeyan VK

Mehr von Karthikeyan VK (19)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Pillars of great Azure Architecture