Many organizations still make some incorrect assumptions while implementing the cloud.
While cloud certainly provides the capability of High Availability, High Scalability, Disaster Recovery. These cannot be assumed to be available by default.. Each enterprise will need to specifically design and architect for the same. However..
Do all applications including non-critical ones need an Active-Active DR? No
Do all applications need to scale to millions of users? No
Do all applications have the same performance requirements? Hope Not. .
Should all applications be designed as Micro-Services? Not necessarily
Do all applications need to be deployed across multiple regions? Absolutely Not
Do all applications need to be architected as SAAS, multi-tenanted applications? Certainly Not
What is the right WEB APPLICATION ARCHITECTURE in the CLOUD?
WordPress Websites for Engineers: Elevate Your Brand
WebApplicationArchitectureAzure.pdf
1. ARCHITECTURE IN CLOUD
While cloud certainly provides the capability of High Availability, High Scalability, Disaster
Recovery. These cannot be assumed to be available by default.. Each enterprise will need
to specifically design and architect for the same. However..
Many organisations still make some incorrect assumptions while
implementing the cloud.
Do all applications including non-critical ones need a Active-Active DR? No
Do all applications need to scale to millions of users? No
Do all applications have the same performance requirements? Hope Not. .
Should all applications be designed as Micro-Services? Not necessarily
Do all applications need to be deployed across multiple regions? Absolutely Not
Do all applications need to be architected as SAAS, multi-tenanted applications? Certainly Not
STRATINUUM
2. ARCHITECTURE IN CLOUD
What is the right WEB APPLICATION ARCHITECTURE in the CLOUD?
STRATINUUM
There is no silver bullet/one size fits all.
Right architecture is usually the one that meets the requirements well, and it can be iteratively
improved/changed with out having to rewrite it and spending too much doing it. .
3. CORE ARCHITECTURE PRINCIPLES
STRATINUUM
• Principle of maintainability: We should strive to build our applications
in a way that allows code to be iterated and maintained into the
future. While there is nothing wrong with aspirations, the principle
Does not mean that business will manage the application going
forward.
• Principle of Scalability: Application should be able to scale to the number of users our
web applications has and beyond. Beyond is the key here. As a business and the growth
prospects unless there is complete unpredictability, the scale should be known and the
architecture built enough to meet the requirements.
• Principle of Simplicity: Application is simple and easy to understand and build
• Principle of Performance: Applications are built to respond to requests in a timely manner, Does timely manner
mean 1ms, 2 ms or 6 ms? Not all pages respond at the same rate. Important factor however is customer
experience.
4. CORE ARCHITECTURE PRINCIPLES
STRATINUUM
• Principle of Reliability: Application should be able to handle when
something goes wrong. What if the data centre goes down? This is not
a trivial requirement, a requirement that warrants No single point of
failure, and redundancy built at all layers. However, Does every
application in the enterprise require that?
• Principle of Testability: Application easily be tested. Testing across environments can be
quite expensive, but necessary.
• Principle of Reusability: Application components are built for reuse.
• Principle of Security: Applications are built to be secure against all known vulnerabilities and only the authorised
users can access the application
6. BASIC WEB APPLICATION
Service Description
DNS Translates or resolves web/service to IP address
Active Directory Identity service – SSO, Multifactor Authentication and
conditional access
Key Vault Secure secret store
App Service Compute resource for web app to run
Deployment Slots Functional app to run different instances
Logical Server Default container for Azure SQL database
Monitor Collect and analyse infrastructure and resource data
Log Analytics Edit and run log queries against data in Azure Monitor Logs
store
Reference: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/app-service-web-
app/basic-web-app?tabs=cli
STRATINUUM
7. SCALABLE WEB APPLICATION
Service Description
DNS Translates or resolves web/service to IP address
Active Directory Identity service – SSO, Multifactor Authentication and
conditional access
Front Door Modern content delivery network integrated with intelligent
threat protection
WAF Web Application Firewall
CDN Content delivery network
Blob Object storage for unstructured data
Queue Store large number of messages
App Service Compute resource for web app to run
Function App Serverless compute service to run event triggers
Redis Cache In-Memory cache
SQL Database Relational database
Cosmos DB Managed NoSQL and relational database
Azure Search Index and Query enabled search service
Resource group Logical association of multiple resources
Reference: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/app-service-web-
app/scalable-web-app
STRATINUUM
8. SCALABLE CLOUD APPLICATIONS AND SRE
Service Description
Front Door Modern content delivery network integrated with intelligent
threat protection
API Management API Management platform, supports complete API lifecycle
Application Gateway Web Traffic Load Balancer
Azure Kubernetes
Service Cluster
Managed Container Cluster
Blob Object storage for unstructured data
Data Lake Store and process structured, semi, & unstructured data
Redis Cache In-Memory cache
Azure SQL Relational database
Cosmos DB Managed NoSQL and relational database
Reference: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/apps/scalable-apps-
performance-modeling-site-reliability
STRATINUUM
9. MICROSERVICES ARCHITECTURE ON AKS
Service Description
Azure Pipelines Build and test code
Container Registry Registry for container deployments
HELM Manage Kubernetes
Load Balancer Distribute load/web traffic
Kubernetes Cluster Managed Container Cluster
Active Directory Identity service – SSO, Multifactor Authentication and
conditional access
Monitor Collect and analyse infrastructure and resource data
Key Vault Secure secret store
Elasticsearch Full-test Search Engine
Prometheus Event monitoring and alerting
Cosmos DB Managed NoSQL and relational database
SQL database Relational database
Reference: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks-
microservices/aks-microservices
STRATINUUM
10. MULTI REGION N TIER APPLICATION
Service Description
Traffic Manager DNS based load balancer
Primary Region Primary data centre
Secondary Region Secondary data centre
Azure Portal Unified Console
Active Directory Identity service – SSO, Multifactor Authentication and
conditional access
SQL Server Always
On
Highly available DR Database
Cloud Witness Failover Cluster Quorum
Reference: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/multi-region-sql-
server
STRATINUUM
11. HIGHLY AVAILABLE MULTI REGION WEB APP
Service Description
Active Directory Identity service – SSO, Multifactor Authentication and
conditional access
DNS Translates or resolves web/service to IP address
Front Door Modern content delivery network integrated with
intelligent threat protection
WAF Web Application Firewall
CDN Content delivery network
App Service Compute resource for web app to run
Blob Object storage for unstructured data
Service Bus Message broker with message queues and pub-sub topics
Function App Serverless compute service to run event triggers
Redis Cache In-Memory cache
Cognitive Search AI capable search
SQL database Relational database
Cosmos DB Managed NoSQL and relational database
Geo Replication Replicate data to a secondary region
Reference: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/app-service-web-
app/multi-region
STRATINUUM
12. HIGHLY AVAILABLE ENTERPRISE DEPLOYMENT
APP SERVICE
Service Description
Application Gateway Web Traffic Load Balancer
Subnet Segmented the virtual network
ASE ILB App Service Environment Internal Load Balancer
Jumpbox VM which users can connect via RDP/SSH
Redis In-Memory cache
Reference: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/enterprise-
integration/ase-high-availability-deployment?source=recommendations
STRATINUUM
13. MULTI TIER WEB APPLICATION BUILT FOR HA/DR
Service Description
Availability Sets Logical grouping of VMs for redundancy and availability
Traffic Manager DNS based load balancer
Reference: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/infrastructure/multi-tier-app-
disaster-recovery
STRATINUUM
14. E COMMERCE FRONT END
Service Description
Traffic Manager DNS based load balancer
Cognitive Services AI capable services
CDN Content delivery network
Event Functions Service to handle Event grid events
Event Queue Message Queue service
Active Directory Identity service – SSO, Multifactor Authentication and
conditional access
Blob Object storage for unstructured data
Redis In-Memory cache
Application Insights Application performance monitoring
Reference: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/apps/ecommerce-scenario
STRATINUUM
15. SCALABLE E-COMMERCE WEB APP
Service Description
CDN Content delivery network
Queue Message queue service
Application Insights Application performance monitoring
Functions Service to handle Event grid events
Blob Object storage for unstructured data
Redis In-Memory cache
Reference: https://learn.microsoft.com/en-us/azure/architecture/solution-ideas/articles/scalable-ecommerce-web-
app
STRATINUUM
16. MULTI TENANT SAAS
Service Description
Active Directory Identity service – SSO, Multifactor Authentication and
conditional access
DNS Translates or resolves web/service to IP address
Front Door Modern content delivery network integrated with
intelligent threat protection
Application Gateway Web Traffic Load Balancer
App Services Compute resource for web app to run
Kubernetes Services Managed Container Cluster
Search Index and Query enabled search service
Redis In-Memory cache
Elastic Pools Shared pool of resources
Resource Group Container that holds related resources
Reference: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/multi-saas/multitenant-saas
STRATINUUM
17. MICROSOFT TECHNOLOGY STACK ACROSS PATTERNS
Service Description
DNS Translates or resolves web/service to IP address
Active Directory Identity service – SSO, Multifactor Authentication and
conditional access
Key Vault Secure secret store
App Service Compute resource for web app to run
Deployment Slots Functional app to run different instances
Logical Server Default container for Azure SQL database
Monitor Collect and analyse infrastructure and resource data
Log Analytics Edit and run log queries against data in Azure Monitor
Logs store
Front Door Modern content delivery network integrated with
intelligent threat protection
Application
Gateway
Web Traffic Load Balancer
Kubernetes Services Managed Container Cluster
Search Index and Query enabled search service
Redis In-Memory Cache
Elastic Pools Shared Pool of Resources
Resource Group Container that holds related Resources
WAF Web Application Firewall
CDN Content Delivery Network
Blob Object Storage for Unstructured data
Queue Store large number of messages
Function App Serverless compute service to run event triggers
Service Description
Availability
Sets
Logical grouping of VMs for
redundancy and availability
Event
Functions
Service to handle Event grid events
Event
Queue
Message Queue service
Application
Insights
Application Performance Monitoring
Service Description
SQL Database Relational Database
Cosmos DB Managed NoSQL and relational database
Azure Pipelines Registry for container deployments
HELM Manage Kubernetes
Load Balancer Distribute load/web traffic
Monitor Collect and analyse infrastructure and resource data
Elastic search Full-test search Engine
Prometheus Event monitoring and alerting
API Management Platform supports complete API lifecycle
Data Lake Store and process structured, semi & unstructured data
Primary Region Primary data centre
Secondary Region Secondary data centre
Traffic Manager DNS based load balancer
Azure Portal Unified Console
SQL Server Always
ON
Highly available DR Database
Cloud Witness Failover Cluster Quorum
Service Bus Message broker with message queues and pub-sub topics
Cognitive Search AI capable search
Geo Replication Replicate data to a secondary region
Subnet Segmented the virtual network
ASE ILB App Service Environment internal Load Balancer
Jumpbox VM which users can connect via RDP/SSH
STRATINUUM
STRATINUUM
18. STRATINUUM
Building highly scalable, highly available application with multi-
region deployment can be fairly complex.
There are multiple ways to architect applications. It is very important to segregate
your application workloads and architect them right. Not every application
architecture needs to be built the same way.
Design internal applications (assuming their scale to be low), in a different way than your
external(Customer facing) applications. Bring cost consciousness in to your design.
While migrating applications, like-by-like might be a way to look at initial cost estimates, it is NOT the right way to
design your application. The cloud design is a paradigm shift in programming, embrace that change by designing for
the cloud. Cloud native design, implementing PAAS has its benefits, but if not done right can be expensive.
Continuously monitor and optimize costs.
Consider consumption based pricing models, architectural patterns such as queue based load levelling and auto scaling services when you
have to build scalable applications. Find the right balance between scalability and predictability.