PAAS – Plug&play As A Service?

Most of you have probably already seen the picture below many times, describing the different -AAS models with our favourite Italian food.

With the green layers managed by the vendor, does that mean you do no longer have to think about how those building blocks fit into your environment and how you want them to be delivered to you?

No

Carelessly ordering a pizza without giving your correct house number will certainly make someone else in your street very happy.

Now what does this mean when translating this to technical terms?

To use our blog as an example, you can quickly deploy one yourself using the azure marketplace.

5 minutes later and you’ll have a working website.

Add another 5 minutes and your database is compromised by hackers.

Where did we go wrong?

Most templates deploy resources with default settings and lacking security configuration.

The Azure Database for MySQL for example for example didn’t use any firewall rules to protect the database from external sources.

Here we should at least make some rules that only allow traffic from the web app.

Also enforcing SSL where possible is good practice.

Next to some security settings on the database, the basic non-functionals like backup and monitoring deserve some attention.

We prefer not to end up losing all our data or losing traffic because the app service plan is undersized.

With a default deploy from the marketplace:

Configure some backup by following the wizard

Don’t forget to include the database.

I feel safer already!

Another nice component that is certainly worth checking out is application insights.

In this post we will limit the configuration to a basic availability test, monitoring the uptime of our website

Go to the availability blade of the application insights component

 

And define a basic web test from multiple locations

Let this run for a while and you will have a neat graph outlining the historical availability of your application.

In later posts we will focus more on how to secure PAAS components and what powerful features exist to maintain and maintain them during operations

Share this post on

Author: Bart Verboven

Bart Verboven
Hybrid Cloud Datacenter Generalist with specific focus on Microsoft Azure apps & infrastructure

Leave a Comment

All fields are required. Your email address will not be published.