As a developer, I always thought application deployment was another task that requires a checklist, mostly for configuration. I have worked on development of several web and desktop applications in the past few years. Recently, I had an opportunity to work on “Cloud Environment” with Microsoft Azure.
A DevOps team was assigned to setup infrastructure for our current project. Fortunately, I got to be a part of it. The project has vast scope. Its architecture allowed us to explore several services provided by Microsoft Azure. The following article will walk you through project infrastructure set up, cloud services and cloud migration to azure used and why we opted for these services over other alternatives.
Continuous integration and continuous deployment with App Services on AzureProject architecture demanded AngularJS Development at one SPA (Single Page Front-end Application) base. It also required multiple Web API type of applications (one for each module) developed with Dot Net to serve SPA. Development started in parallel for all modules.
A DevOps team was specifically assigned to setup an environment where developers can commit and validate their code immediately. This environment helped front end team to work with back end API developers. A mechanism was required to provide continuous deployment for all code commits on GitHub repositories. To achieve this, we separated our front end repository from other Dot Net API repositories, which allowed continuous code integration that front end (HTML and AngularJS) team worked upon. SPA consumed Web APIs with Ajax requests which were configured as part of web application configuration in a single file.
Two types(“namely”) of applications can be deployed with Microsoft Azure. One we used to deploy Web APIs, the other to deploy web application (SPA in our case). Technically, now there is no difference between a Web API App and Web App; both are considered App Services (In MS Azure’s early days, there were three different types of applications with different capabilities - Web API, Web App and Mobile App as part of App Services.).
- Web API Application
- Web Application (being used for SPA)
Publish code to development environment:
- Each module has a separate repository on GitHub.
- App Services are configured to fetch code from GitHub repositories (look for “Deployment Options” in App Service on Azure Dashboard).
- Developer commits and pushes code to GitHub repository on a defined branch.
- As soon as new commit is available, App service pulls code from GitHub repository and starts building application.
- Application is deployed if application build succeeds; process fails otherwise and previous build remains intact.
- Web API deployment process is customized to execute required SQL scripts on Azure Database with each commit to development branch.
- To execute SQL scripts on desired database server, configuration options are defined using Application Settings for each Web API type of application.
- As soon as SQL script is executed on target database server, a utility written in Python executes and an email is sent to internal organization group with script output in case of any errors in SQL script execution.
Security with Azure Active Directory Integration
The most important factor considered during deployment and in the deployment of Enterprise Applications is “Security”. Microsoft’s Azure AD (Active Directory) provides ways to handle security for all web apps, APIs, Database Servers, Cloud Services, Cloud Storage, etc.
Securing a Web API application with Azure AD has become simple. This is so because we can configure it using Authentication/Authorization configuration section on Azure portal. All APIs secured with Azure AD authentication will allow only users logged into Azure AD accounts to access respective APIs. OAuth 2.0 protocol is used for authorization at the base.
Business owners are provided with options for Azure AD. They can opt to go online and use Azure AD online or synchronize their local Active Directory with Azure AD. For applications, which allow users to sign in using social media, the allowed Authentication Providers Azure are: Facebook, Google, Twitter and Microsoft Accounts.
Our project uses Azure AD authentication for Web APIs. This enables only Azure AD registered users to access application APIs. We did implement Claims based authorization for this project. Single page web app on client end uses the ADAL library to interact and manage Azure AD authentication.
Microsoft Azure SQL Database is a managed cloud database that makes application development and maintenance easier. When a database is created on Microsoft Azure, the managed database service creates a server instance in background for new database or asks you to select existing server instance on which database will be hosted. The database service takes care of scalability, backup and high availability of the database based on options configured via portal dashboard.
Azure SQL Server V12 version is in use for current project. You may prefer to configure database to provide better performance at one 'geo-location'. This is because project serves more audience in one part of globe than the other.
Microsoft Azure lets user decide where they wish to setup SQL Server - Instance, redundancy mode, expected performance, etc. Resource utilization can be tracked for selected database from monitoring section. With Azure Database, you can also setup Alert Rules with which you receive alerts (email) from Azure when selected metrics are met.
A cool option will suggest performance improvement areas based on SQL database analytics. These include recommendations like modification in table structure, defining indexes on some of the tables (which are used in stored procedures, etc.). This will help improve performance of SQL queries.
Azure Cloud Services
C# based cloud service
Cloud services come in two ‘flavors’, Worker Role and Web Role. When the requirement is to access local system resources like File System, Worker Roles are preferred as they run like “Windows Service” on Windows Server Virtual Machines. Web Roles run within boundaries of IIS and act more like web applications. Deployment of cloud services can be done from within Visual Studio IDE, or cloud service code can be built into a package and uploaded to cloud service with configurations.
The ETL Service (Extraction and Transformation Layer) specific to our project is a Worker Role which works as a background process, manipulates local file system and interacts with database server.
Python based cloud service
In recent years, Python has become a favorite language for developers working with complex algorithms for Image/Audio/Video manipulations. The requirement was to process images, audios and videos for which Python based web role is used. Web Role created in Python has a queuing mechanism that uses Azure Service Bus to queue process requests from Web APIs. This service creates SFTP users as requested with pre-defined privileges.
Automated resource deployment using ARM Templates
Azure Resource Manager allows you to provision your applications using a declarative template. In a single template, you can deploy multiple services along with their dependencies. One can use same template to redeploy applications on different environments like Development Environment, Staging Environment and Production Environment, etc. ARM template is just formatted JSON text. For every environment, resources will remain same and configuration changes can be handled with pre-defined Application Settings. These ARM templates can be executed with the help of PowerShell cmdlets or from Azure CLI.
Future of cloud
For us, moving entire solution to Microsoft Azure environment was a major decision. It did pay off in terms of gaining lots of experience and knowledge with cloud platforms. Though we explored a small part of cloud, moving to Azure platform reformed our thought process, providing a different perception towards integration of several application components and how easy would it be to deploy on cloud.
Technological evolution in cloud platforms is taking us to a new high. It is making us counter more complex challenges, and with seamless integration. Many advancements are due in the upcoming years; scalability, big data analytics, machine learning and serverless architecture are all set to go mainstream.
We hope that you find the blog useful. You are requested to post your comment as response to this blog.