Sign in

Azure Cloud Architecture Designs

Azure Cloud Architecture Designs
Azure remains flexible and scalable enough to support any application design we may want to create and has tooling to achieve that.

This is a nexus point for all the Azure Cloud architectures, designs and integrations I discuss here on the Imaginarium blog and other endeavors, all linked below. Designs come from a developer perspective.

This page evolves with the blog, along with the discoveries, mistakes, learning, unlocks, insights and any surprise Azure resource costs incurred along the way (not to worry, all under control!!) πŸš€. Enjoy - Batsirai Tambo 😊

Passing messages in Azure Functions, Table Storage, Logic Apps, IoT Hub via SMS

Azure Cloud app design from Overhead Part 1 - Batsirai Tambo

Find more about this design here

Protecting Azure Functions with Azure API Management and Twilio

Azure Cloud integration from Using API Management - Batsirai Tambo

Find out more about this design here

Categorizing audio clips with Azure Video Indexer with Azure Queue triggers

Azure Cloud integration from Using Azure Video Analyser for Media in Azure Functions - Batsirai Tambo

Find out more on this multi-faceted design here

Speech to Text via Azure Functions with Fan Out Fan In

Azure Cloud Functions orchestration from Project Harmony: Azure Function Fan out Fan in - Batsirai Tambo

Find the detailed explanation of Azure Functions Fan Out Fan In here

Azure Cloud Resume Challenge Classic Example

Classic Implementation of Azure Static Web App with a sample resume as a resource - Batsirai Tambo

Find out more discussing the Azure Cloud Resume challenge here

Message hopping using Azure Functions, KeyVault, Microsoft Forms and IoT Hub

Passing messages via Microsoft Form to a Virtual Machine - Batsirai Tambo

This is an Azure Integration I once put together and implemented whereby there was a need to modify some settings for an application living in a number of files. The idea was that non-technical business users would want to change these settings but access to the files directly on the VM itself, and would need to do so with easy to use mechanisms.

Some points that had to be considered:

  • The mechanism in place would ideally have to be free/very low cost.
  • There was no access to build a Microsoft Teams bot/app due to the enterprise Teams tenant/account was severely restrictive to doing that. And the Infrastructure team was not in a position to be opening up Teams to such ideas due to security concerns. The only available feature in this context in Teams was to post messages via a Workflow bot to a known user, but 'Rich cards' and anything more were disabled
  • The virtual machine that hosted the 'app' could not have public ports, publicly accessible FQDNs, or endpoints reaching into it. The app could not be moved to another VM either because that would lead to separate storage volume/fileshare access dependency issues

The question: How can business users simply modify these settings without leading to me upsetting the Infrastructure team.

The answer

Have the user fill in an easy Microsoft Form, where a Power Automate Flow can listen for new submissions come in. The PowerAutomate Flow can meanwhile alert the user via Teams that the submission was received. Then have the form answers be passed as a payload to an HTTP triggered Azure Function that authorizes via a known function key. The Azure Function's job is to then pass that payload onto an Azure IoT hub (Note that that PowerAutomate at the time of writing did not have Azure Iot Hub as an available integration). On the waiting VM, we write a small Windows Service that listens for new messages arriving on the Azure Iot Hub where we have given the Windows Service the credentials of a known and dedicated AAD/Entra ID application (these are Tenant ID ,Client ID and Client Secret), where these credentials are used by the Windows service to access the Key Vault in order get access to a Secret holding the connection string for using the Azure IoT Hub. It is also possible to skip having to create an Entra ID object and using the DefaultAzureCredential Class when it is given environment variables locally (see more here from Fraser McLean). If we had this application running in Azure, we would have simply opted for a managed Identity instead, but when accessing Azure resources from a local target, we have to supply credentials in various different ways available.

The Azure IoT Hub receives the message, the Windows Service code uses known business logic to make the necessary changes to the target files and the User sees the changes as necessary

Some surprising limitations discovered:

πŸ”΄One of the main things discovered during this process was that the consumption tier on Azure Function is rate limited in the sense that it has about up to 50 Function calls per minute!! Beyond this you begin to see HTTP 429 Error responses