cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Architecture Explaination

Shashwat3105
Brass Contributor

‎Jul 24 2022 12:20 AM

‎Jul 24 2022 12:20 AM

Azure Architecture Explaination

Hello Folks !!

Today I have taken a something offbeat topic into my techspace discussion. I will explain a azure architecture , which  I have used in my own scenario . I have taken this architecture  from azure architecture weblog, which helped me a lot in my current scenario. 

This architecture is about DevSecops concept  and I will explain each service , which I have used here. 

 

So lets go -----

 

Shashwat3105_0-1658641941946.png

 

This architecture is about GitHub security.

 

 

Components Explanation  - 

 

1) GitHub -

It is a place where developers or code designers will use to push or pull the code. It is a distributed version control system . The code can be pushed via visual studio code or through locally , here we have used Visual Studio code as GitHub code spaces. 

Along with GitHub we have put some security features associated with it like Microsoft Azure AD and GitHub security.

 

2) Azure Active Directory and Multifactor Auth

Is a multi-tenant, cloud-based identity service that controls access to Azure and GitHub. Azure AD can be configured as the identity provider for GitHub, and multi-factor authentication can be enabled for extra security. 

 

3) GitHub Security - 

works to eliminate threats in many ways. Agents and services identify vulnerabilities in repositories and in dependent packages. They also upgrade dependencies to up-to-date, secure versions. It can be used for version maintaining.

 

4) GitHub Actions

It is used for deploying the ARM templates , that is used for deploying the code as well as structure provisioning in Azure. It can be used for deploying the PAAS platforms like web apps

 

5) Azure Resource Manager

It uses JSON templates to describe the resources involved in deployment. Teams can also manage these template documents by using DevOps tools, like version control, code collaboration, and CI/CD workflows.

 

6) Azure App Service -

Provides a platform for building and deploying scaling web apps . This platform is often used for patching and scaling of the application in web apps.

 

7) Azure policy

Generally helps the IT team , for policy definitions that you make through . For example if you want to deploy web app of particular configuration and during the deployment the policy of making doesn't matches , then the alert which is configured for this get triggered and stops you for making deployment.

 

8) Microsoft Defender for Cloud

Provides unified security management for hybrid cloud deployment.

 

9) Azure Monitor - 

Used providing a UI representation for logs and metrics . When this service of azure identifies any irregular conditions , it alerts all the apps and personnel that you have created.

 

 

                                                       Working of this Architecture

 

User pushes the code to GitHub repository and whether the user is authentic or not it gets identified by Azure AD where you get the MFA and identity of the user . Then GitHub actions get triggered with a check in GitHub security . GitHub security does the code scanning by the following ways -

 

Secret Scanning -
It inspects repositories or commits for any tokens, keys, or secrets that appear in code. Other users can be notified that secrets have leaked into public view, and service providers can be notified that one of their secrets leaked. Service providers can optionally revoke or renew the secrets.

 

Code Scanning -
It inspects code for known vulnerabilities and coding errors. As an example, if a developer leaves a database connection string exposed in code, this feature discovers the secret. GitHub starts the process of obtaining an uncompromised string after verifying its validity with the database.

The GitHub  actions start deploying the ARM templates to Azure in which we have written a json code for deploying the web app as infrastructure and the code is the deployed through GitHub actions .

 

 

The most important concern how mush costlier this architecture will be...:smile:

 

Cost optimization is always about looking at ways to reduce unnecessary expenses and improve operational efficiencies. It has been always a concern for the IT industries , the client needs a best security architecture with lowest expenses , so here we go  - 

 

  • If possible use Linux to host actions. It can be a dual benefit because it is cost effective and as well as it can be security wise a good deal
  •  In addition, the choice of operating system that hosts Actions jobs affects the per-minute consumption rate and per-minute cost.
  • Address issues during programming, rather than issuing at about a month . So that developers don't need to refresh their knowledge of the code.
  • Please create a budget related alert in azure , so that you can get notified before it exceeds.
  • Have a look at the configuration of the web apps that you have created.
  • Scaling can be helpfull , but only when it is needed .
  • Look at the region where you want to create the resource in azure .

 

Thanks and any updates are welcomed...

 

 

 

 

Labels:
2,594 Views
1 Like
1 Reply
Reply
1 Reply
Eric Starker

‎Jul 27 2022 11:03 AM - edited ‎Jul 27 2022 11:03 AM

‎Jul 27 2022 11:03 AM - edited ‎Jul 27 2022 11:03 AM

Re: Azure Architecture Explaination

@Shashwat3105 

Hello! You've posted in the Tech Community Discussion space, which is intended for discussion around the Tech Community website itself, not product questions. I'm moving your post to the Azure Architecture space - please post Azure Architecture questions and content here in the future. 

0 Likes
Reply