WIXLIB

Architecting an N-Tier ApplicationInfrastructure in Microsoft AzureAuthored By: Thomas Mitchellthomasmitchell.net

ContentsAbout the Author . 3Introduction . 3Business Requirements . 3Planning the Architecture . 4Production Environment Considerations. 4Proposed Architecture (Production) . 5Backup Environment Considerations . 8Proposed Architecture (Backup) . 8Azure Active Directory . 11Putting it All Together . 12Completed Solution . 13Conclusion . 142

About the AuthorMy name is Tom Mitchell. I am a 20 year veteran of the ITindustry and throughout the course of such a long an interestingcareer, I have built a rather in-depth skill base. My skillset spansover a dozen different IT disciplines but my specialties include: Microsoft ExchangeMicrosoft Office 365Microsoft Active DirectoryMicrosoft AzureI have designed and architected the smallest solutions and someglobal solutions. I have deployed and implemented said solutionsas well as supported them. My expert-level knowledge of theseand other disciplines such as virtualization and storage allow meto meticulously design and efficiently implement/troubleshootall kinds of IT solutions and infrastructures.In addition to the coveted MCSE: Cloud Platform and Infrastructure certification, I also carry severalother industry certifications, including multiple Microsoft MCSA certifications.My superior ability to see things from a strategic perspective allows me to architect solutions thatclosely align with business needs. By avoiding “tunnel vision” that focuses on “now” when designingsolutions, I can ensure that my solutions stand the test of time and grow with the business.IntroductionOver the summer, an associate of mine approached me and asked if I could answer some MicrosoftAzure questions for another associate of his. I obliged. After a few calls, I was asked to architect anddeploy a rather large application infrastructure in Microsoft Azure. This infrastructure was needed tosupport a new, web-based application that the customer wanted to deploy.The purpose of this document is to provide a detailed look at how I architected a solution, providing you(the reader) with a fantastic use case for Microsoft Azure.Business RequirementsOnce engaged by the customer, I began collecting information that I needed to formulate a proposedarchitecture. I asked questions about platform preferences, required availability, security, etc. Initialdiscussions also included conversations about identity management and network connectivity.Production SiteAfter several architecture calls, the customer provided me with a spreadsheet that contained serverinformation. In production, the application’s web front end would be hosted on two virtual machines.The application itself would run on two separate virtual machines and a single logical SQL VM would3

back-end the application. Additional, centralized storage also needed to be made available to anyvirtual machines that were deployed.Backup SiteIn addition to the production environment, a backup site was also required. The customer requestedthat a single web VM reside in the backup site, along with a single application VM and a second SQLserver, which would host a replicated copy of the production database.Identity ManagementDuring discussions, the customer indicate that the application should be “standalone”, meaning accessand identity management needed to be separate from the on-prem Active Directory. In addition, accessneeded to be centrally managed.High AvailabilityBecause the planned application was being made available to the public, the underlying architectureneeded to be highly available and provide multiple levels of redundancy. Not only did the applicationneed to be regionally redundant – it also had to be locally redundant.Security ConsiderationsSince the application would be internet-facing, security was of utmost concern to the customer.Regardless of what the final architecture looked like, it was imperative that the attack footprint of theenvironment be minimized. It was crucial to the customer that only the necessary services be exposedto the internet.Planning the ArchitectureWith the business requirements in hand, I got to work on the design of a solution that would account forall business requirements. I launched my trusty Visio Pro and started drawing.Production Environment ConsiderationsPer the customer’s requirements, the production site needed to be locally redundant at the front-endtier and at the application tier and regionally redundant in the SQL tier. Easy enough. This wouldrequire two VMs in the web tier (customer did not want to use web apps), two VMs in the applicationtier, and a logical SQL virtual machine in the SQL tier.RedundancyTo get local redundancy, I was going to need a public-facing load balancer for the front-end VMs, aprivate load balancer for the application VMs, and a private load balancer for the SQL virtual machine.Yes, although I was only going to be deploying a single SQL VM in the production site, I wanted toprovide the ability to easily add a second one later on. By leveraging a load balancer at the outset forthe SQL tier, adding a second SQL VM later wouldn’t be nearly as onerous.In addition to load balancers, I was also going to need a few availability sets to ensure I always had oneVM available in both the app and web tiers. I also was going to want to deploy one for the SQL tier as4

well – even though I was only deploying a single SQL virtual machine. I planned on this because it’sIMMENSELY easier to initially deploy a VM into an availability set than it is to go back and do it over ifyou decide to add an availability set after the fact.SecurityAs I worked through the architecture plan for the production site, I had to think about the securityrequirements as well. Because the business requirements called for a locked down environment, I hadto devise a way to limit traffic to and from each VM in the proposed solution.While the front-end servers needed to have HTTP(s) open to the world, all public traffic to them neededto be blocked. The app servers would never be accessed publicly so traffic to/from those VMs neededto be limited only to the front-end servers and the SQL server. The SQL server would only ever talk tothe application VMS so it, too, needed to be locked down.Proposed Architecture (Production)After all considering all options, I put the proposed architecture on paper. The production site consistedof a single virtual network, which, in turn, consisted of three subnets: Web, App, and SQL. Each subnetwould be protected by a separate network security group. The NSG for the web subnet would allowHTTP traffic inbound from “ANY” and block all other inbound traffic from outside. The app subnet NSGwould allow only inbound traffic originating from the web subnet or the SQL subnet. Protecting the SQLsubnet required a network security group that blocked all inbound traffic except for SQL trafficoriginating from the application subnet. The graphic below depicts what the production site’s virtualnetwork looked like as drawn in Visio.5

As you saw in the previous graphic, I planned to deploy a vNet in the East US region. The vNet would bea /16 network, which would provide plenty of room for growth. Three /24 subnets would be carved out– once for each tier (web, app, SQL). A separate network security group would be configured for eachsubnet and configured to allow only the required traffic to those subnets.Architecting the production network in this fashion provided maximum network security while alsoallowing for flexibility if ultimately required.With the network architecture drawn out, I moved onto the redundancy piece of production.Because the business requirements called for local redundancy of the web and app virtual machines inthe production site, I added an availability set in both the web tier and app tier. Inside each availabilityset, I added two virtual machines (WEB1/WEB2 & APP1/APP2). I front-ended the web VMs with a publicload balancer. The app VMs were front-ended with a private load balancer. Each configuration lookedsomething like this:6

By utilizing a load balancer in each tier, the application could sustain a single web server failure AND asingle app server failure and continue to function in the production environment, negating the need fora failover to the backup site (yet to be architected).A separate availability set in both the web tier and app tier would ensure that at least one app serverand one web server was always up, even when Microsoft performed maintenance or if there was a faultsomewhere. This architecture ensures a 99.5% availability SLA on the web and application pieces.To save on costs, the customer requested only a single SQL server in production. The productiondatabase would then be replicated to the backup SQL server in the backup site. However, just because Ihad only one SQL server to work with, it didn’t mean I couldn’t PLAN for local redundancy later on. So,as I did with the app and web tiers, I added an availability set to the SQL tier in my Visio diagram, placeda single SQL virtual machine in it, and front-ended the single SQL virtual machine with an internal loadbalancer. By doing so, I was allowing future redundancy without the need to redesign things.When all was said and done, my Visio diagram for the production site looked like this:By architecting production as depicted above, I was able to address both the security requirements andlocal redundancy requirements while also providing flexibility for future growth. As designed, theproduction site could withstand a simultaneous outage of one web server and one app server and stillcontinue functioning. With the network security groups configured, traffic to each tier was limited to7