Developing a Simple Distributed System in Azure Cloud Platform
This article is a requirement of course module SENG 41283 : Distributed and Cloud Computing offered as a part of the Bachelor of Science Honours in Software Engineering degree program.
All the source codes used in this application can be found at the end of the article.
For this assignment, I developed a simple employee management system where a user can sign in to add and get the details about the employees in an organization. The basic application architecture is as follows.
To use the application, the user must be authenticated via the azure active directory. Then he can access the Get Employees and Add Employee options.
In the Get Employees flow, the request is first routed to the main service through the gateway and it first checks whether the employee data is cached in the Redis cache. If they are, then it sends the cached data as the response. If not, it forwards the request to the database service, which retrieves data from the MySQL database and sends them back to the user through the main service.
In the Add Employee flow, employee data is sent to the main service and it forwards the employee data except for the image of the NIC to the database service to save them in the database. The NIC image is forwarded to the storage service which saves it in the azure storage account.
A resource group is a container that holds related resources for an Azure solution. We can easily manage and organize resources for a particular solution (in this case, the employee management system) via a resource group. We can create a resource group through the azure portal by specifying a name and a region. The following image shows the Employee-Web-Application resource group that I’ve created.
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service which let users sign in and access resources in internal (our applications) and external(Microsoft Office 365, the Azure portal) resources.
Since I’m using the azure subscription provided by the university, I’ve used University of Kelaniya as my active directory, and registered my application in it.
When registering the application we can setup platform configurations, supported account types, redirect URLs, logout URLs etc.
Static Web App (Front-end)
Front-end for the employee management system is developed using React and hosted on a Azure Static Web App. With the use of GitHub actions, the app is automatically built and deployed on every push.
Authentication is implemented using MSAL.js in the front-end and it’ll let users sign in from any Azure active directory. Here is how it looks like after deploying,
Front Door and Web Application Firewall
Azure Front Door offers several functionalities. First of all it lets us define, manage and monitor global routing for our web apps. This can make our application robust and highly available.
Secondly, since it act as a proxy for incoming and outgoing traffic, we can setup custom and managed Web Application Firewall (WAF) rules for detecting and preventing security threats. Managed rules protect the web application from common threats defined in the top-ten Open Web Application Security Project (OWASP) categories like Cross Site Scripting (XSS) , SQL Injection (SQLi) and HTTP Header Injection.
Azure App Service in the Back-end
Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. It supports many of the languages such as .NET, .NET Core, Java, Ruby, Node.js, PHP, and Python. Furthermore, app service provides an azure managed production environment and DevOps capabilities as well.
In this application, I have used Azure App Services to implement the main service and the database service.
Main Service with Cache
Since we are allowed to use open source code repositories, I have forked a sample Redis boilerplate repository and modified it for my purpose. Source code for this service is also continuously deployed via GitHub actions.
One special thing to note down here is that we have to set environment variables in the source code using the configuration tab.
As before with the main service, I’ve forked a sample Sql boilerplate repository, and modified it for the use of this application. As with the previous one, the environment variables need to be set in the configurations tab.
Azure Function in the Back-end
An Azure Function is a serverless compute service that can run event-triggered code without having to manage or provision infrastructure. I used an HTTP trigger function that gets triggered when received a post request. When triggered, the function uploads the data in the request body as a Blob to the azure storage.
There are three different storage resources used in this system. Azure Database for MySQL server, Azure Cache for Redis and Azure Storage account.
Azure Database for MySQL server
Azure Database for MySQL is a relational database service in the Microsoft cloud based on the MySQL Community Edition database engine. It offers enterprise grade security and compliance, automatic backups, built in high availability and many more.
Once we create a database server with a database users and a passwords, we can connect to the database remotely using server name, username and password. They are used as environment variables in employeeRepository app service.
However, in order to go through the firewall we need to whitelist the client’s IP address. Since the client of our database is a azure service, we can allow access to them using Allow access to Azure services rule.
Azure Cache for Redis
Azure cache for Redis is a secure data cache and message broker that provide high throughput and low latency access to data for applications. Azure Cache for Redis offers Redis as a managed service. It provides secure and dedicated Redis server instances and full Redis API compatibility. The service is operated by Microsoft, hosted on Azure, and accessible to any application within or outside of Azure.
Here, the host name, ports and primary key should be used as environment variables in the employee-main app service.
Azure Storage Account
Azure storage account provides storage capability for data objects such as blobs, files, queues, tables, and disks. It can be accessed via tools like Storage Explorer or SDKs for various languages.
Application Insights for Monitoring
Azure Application Insights can be used to monitor an application in real time. It automatically detects performance anomalies, has powerful analytics tools to diagnose problems and understand user behaviors within the app. To use application insights on a resource, we need to connect it with the resource and once connected, we can monitor insights and create custom dashboards.
As noted in the architecture diagram, I’ve applied application insights for main service, database service and storage service.
Azure cloud platform offers scalable, fast, reliable and user friendly cloud services that can be used to setup distributed system infrastructures in a convenient manner. Apart from few hiccups when setting up the azure functions the whole process was surprisingly smooth. Since there are tons of resources available, users have flexibility to choose what suits best for their requirement. As for the billing, azure offers several plans(some are even free), so a user could pick what works best for him/her.
Finally, I should mention that this assignment was a great experience for me to dip my toes on to the field of cloud computing and get a hands-on experience.
- ARM Templates : https://github.com/nipunsampath/SENG-41283-arm-templates
- Front-end : https://github.com/nipunsampath/employee-web-app-frontend
- Main Service : https://github.com/nipunsampath/nodejs-redis-boilerplate
- Database Service : https://github.com/nipunsampath/nodejs-sql-boilerplate
- Storage Service : https://github.com/nipunsampath/handle-file-upload