Objective
Use this document as a base guide to recommend possible deployment models.
Pre-Requisites
- App Gateway is an optional component, if your deployment does not require Web Application Firewall (WAF) including OWASP3.0, prevention or detection then you do not need to setup App gateway
- App Gateway requires custom domain and Valid SSL certificate for the domain
- App Gateway can be configured to use Base or Multi-site back-end routing
- Admin access to DNS is required to configure DNS entries
- Admin access to AAD (Azure Active Directory) is required to configure Akumina App level access
- It is recommended for traffic manager to use route traffic through multiple regions, or the same region with multiple app services deployment but not required for single region single endpoint.
- For Cost Estimation: Multiply the price with number of instances of WebApp
Simple Deployment
Component:
1 X WebApp
1 X Key Vault
1 X Application Insight
1 X Storage
1 X Security Center
Deployment using App Gateway
Components:
1 X App Gateway
2 X WebApp
1 X Key Vault
1 X Application Insight
1 X Storage
1 X Security Center
1 X Redis Cache
Deployment using Traffic Manager with App Gateway
Components:
1 X Traffic Manager
2 X App Gateway
2 X WebApp
1 X Key Vault
1 X Application Insight
1 X Storage
1 X Security Center
1 X Redis Cache
Deployment using Multi Region
Components:
1 X Traffic Manager
4 X App Gateway
4 X WebApp
1 X Key Vault
1 X Application Insight
1 X Storage
1 X Security Center
1 X Redis Cache
Deployment Summary
- Create Resource Group
- Create Key Vault
- Create Storage Account
- Create Redis cache
- App Gateway
- Create VNET (ex., 10.100.0.0/16)
- Create SubNet (ex., 10.100.0.0/24)
- Create app gateway
- Web App
-
- Create Web App
- Configure SSL certificate
- Configure custom domain
- Configure Application Insight
- App Gateway
-
- Configure HttpSettings, Backend pools, Listeners, Rules and Health probes
- Add “A” record to app gateway IP endpoint
- Add “TXT” record to app gateway endpoint
- Optional: Enable Alert and Diagnostic logs
- Step#6 and step#7 requires multiple times to adjust the DNS entries
- Traffic manager
-
- Create traffic manager for multi-region deployments
- Change DNS entries to configure Traffic manager
- AppGateway scenario to restrict direct access to Web App configure allowed IP as App Gateway IP.
- Create “SharePoint” App entry to point to AppGateway or Traffic manager URL based on your scenario
References:
Microsoft technical reference
https://gallery.technet.microsoft.com/Overview-of-Azure-c1be3942
https://www.microsoft.com/en-us/trustcenter/default.aspx
CIDR Guidance
https://www.ipaddressguide.com/cidr
Pricing calculator