AppManager Deployment Options - Akumina Community

AppManager Deployment Options

Objective

Use this document as a base guide to recommend possible deployment models.

Pre-Requisites

  1. App Gateway is an optional component, if your deployment does not require Web Application Firewall (WAF) including OWASP3.0, prevention or detection then you do not need to setup App gateway
  2. App Gateway requires custom domain and Valid SSL certificate for the domain
  3. App Gateway can be configured to use Base or Multi-site back-end routing
  4. Admin access to DNS is required to configure DNS entries
  5. Admin access to AAD (Azure Active Directory) is required to configure Akumina App level access
  6. It is recommended for traffic manager to use route traffic through multiple regions, or the same region with multiple app services deployment but not required for single region single endpoint.
  7. For Cost Estimation:  Multiply the price with number of instances of WebApp

Simple Deployment

Component:

1 X WebApp

1 X Key Vault

1 X Application Insight

1 X Storage

1 X Security Center

Deployment using App Gateway

Components:

1 X App Gateway

2 X WebApp

1 X Key Vault

1 X Application Insight

1 X Storage

1 X Security Center

1 X Redis Cache

Deployment using Traffic Manager with App Gateway

Components:

1 X Traffic Manager

2 X App Gateway

2 X WebApp

1 X Key Vault

1 X Application Insight

1 X Storage

1 X Security Center

1 X Redis Cache

Deployment using Multi Region

Components:

1 X Traffic Manager

4 X App Gateway

4 X WebApp

1 X Key Vault

1 X Application Insight

1 X Storage

1 X Security Center

1 X Redis Cache

Deployment Summary

  1. Create Resource Group
  2. Create Key Vault
  3. Create Storage Account
  4. Create Redis cache
  5. App Gateway
    1. Create VNET (ex., 10.100.0.0/16)
    2. Create SubNet (ex., 10.100.0.0/24)
    3. Create app gateway
  1. Web App
    1. Create Web App
    2. Configure SSL certificate
    3. Configure custom domain
    4. Configure Application Insight
  1. App Gateway
    1. Configure HttpSettings, Backend pools, Listeners, Rules and Health probes
    2. Add “A” record to app gateway IP endpoint
    3. Add “TXT” record to app gateway endpoint
    4. Optional: Enable Alert and Diagnostic logs
  1. Step#6 and step#7 requires multiple times to adjust the DNS entries
  2. Traffic manager
    1. Create traffic manager for multi-region deployments
    2. Change DNS entries to configure Traffic manager
  1. AppGateway scenario to restrict direct access to Web App configure allowed IP as App Gateway IP.
  2. Create “SharePoint” App entry to point to AppGateway or Traffic manager URL based on your scenario

References:

Microsoft technical reference

https://blogs.technet.microsoft.com/kv/2018/06/25/announcing-virtual-network-service-endpoints-for-key-vault-preview/

https://gallery.technet.microsoft.com/Overview-of-Azure-c1be3942

https://www.microsoft.com/en-us/trustcenter/default.aspx

https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security#trusted-microsoft-services

 

CIDR Guidance

https://www.ipaddressguide.com/cidr

 

Pricing calculator

https://azure.microsoft.com/en-us/pricing/calculator/

Views: 1276
//]]>