Azure Application Architecture : N-tier
The n-tier (multi-tier) architecture is the traditional three-tier application separate with layers of services that has is own responsibility. It can be a logical or physical layers. The typical layers are the presentation (web), a middle tier (application/business) and the data layer (database). You can add any extra layers depending on the needs of the application or it could also be constituted with the presentation and data layer only.
When to use the n-tier architecture
- When you have a simple application to build
- When you want to migrate your application from on-prem to Azure with minimal change
- When you combine both infrastructure locations in your development. Exemple: Web servers in Azure and database on-prem.
- Portability of services between Azure cloud and on-prem
- Less learning curve for the dev team
- The tiers being physically/virtually decoupled, it improves the scalability, resiliency and security of the architecture
- Its the natural evolution from the traditional application model
- Heterogeneous environment (Windows/Linux)
- The middle tier (application) can become extremely taxing with CRUD operations for the database, adding extra latency.
- Harder to deploy extra features with an interdependent architecture as the n-tier
- Extra work to manage the many physicals/virtuals servers with the patching/updates/bugs/monitoring
- It can be harder to manage the network security in a larger system
Best practices with a n-tier in Azure
- Add auto-scaling to handle changes in load
- Use asynchronous messaging to decouple tiers
- Use cache for semi-static data
- Configure the database with a high-availability solution (Always-on)
- Place a web application firewall (WAF) between the front-end and internet
- Each servers for each tier has its own subnet to create boundaries
- Use network security group to route traffic from front-end to middle tier and middle tier to data tier
- Add a jumpbox that will let you remote the others servers from it configure with a NSG
- Load balancer to distribute traffic for each tiers
- For extra security, add a DMZ in front of the front-end tier with virtual appliance
Good exemple here on how to deploy a n-tier architecture with sql server in azure.