Highly Available and Auto-Scaling Azure Cloud Setup for Web Traffic and with Region level BCDR

Scenario

Azure Cloud Setup involving an Cloud-ready application of Private Tour Operator that accepts registration for pilgrimage. The application to be hosted in one region and during an region level outage, the infrastructure can be failover to a secondary region. Additional two virtual machines are deployed where one is used for hosting the staging site for development purpose and the other is for hosting customer support ticketing system.

Challenges

Client needed the application to be highly available in case of a azure zone disaster and able to apply BCDR in case of entire region outage. So we needed to design the Azure Infrastructure to be highly- available to a Azure Zone Outage and be able to Fail-over to a secondary region during Azure region level outage.

Objectives

Host the application in a file share service storage account and for compute, deploy Azure Virtual Machine Scale set (VMSS) which is the auto-scale solution from Azure and to provide BCDR solution. Two additional Virtual Machines, geo-replicated storage and backup solution as well as traffic load balancing and web application firewall solutions are also needed.

Project Delivery

We deployed Azure Front Door service which helped us to manage, and monitor the global routing for the web traffic in one region and during region level outage, we could prioritize traffic to secondary region. Azure VMSS was used to provide compute (vCPu/RAM) and the web-files are stored in Geo-redundant Azure Storage File Service account. The user uploads are configured stored in Azure Blob Storage. Azure CDN service was deployed to cache static objects such as images, videos loaded from Azure Blob storage for delivering high-bandwidth content. Azure Load Balancer deployed in front of Azure VMSS provided web traffic distribution to VMSS as well as secure RDP. Azure Application Gateway is used to filter out web traffic with Web Application Firewall providing protection against common web and SQL attacks and providing secure access to web content. Geo-replicated Azure Hosted MSSQL was deployed to service Database for VMSS. Azure Backup is used to take backup of files stored in file service and also for other two machines. Azure VPN is sued for secure access to the Azure Infrastructure. Key Vault is used for storing credentials and certificates. The entire infrastructure is secured by Azure Security Center and monitoring provided by Azure Monitor.

Results

We have deployed an secure, highly available web portal that is resilient to zone and region level outage. Geo-replication and backup service provides instant file/folder recovery as well as data for secondary region in case of BCDR.

Tools Used

1. Azure Front Door
2. Azure Load Balancer
3. Azure Application Gateway
4. Azure CDN
5. Azure Blob Storage
6. Azure File Share Service
7. Azure VMSS
8. Azure Backup
9. Azure Security Center
10. Azure Monitor
11. Azure SQL Database
12. Azure Site-To-Site VPN
13. Azure Key Vault
14. Azure Virtual Network
15. Azure Recovery Vault
16. Azure CDN

GET STARTED WITH OUR CLOUD SERVICES