Azure Application Architecture : Web-Queue-Worker

The center of a web-queue-worker architecture is based on the web front-end. The web front-end communicates with the worker using a messaging queue system. The worker is optional. If the application need to perform resource-intensive tasks, long-running workflows, or batch jobs then a worker is needed. Any long-running work is done asynchronously by the worker. The worker can be triggered by messages on the queue, or run on a schedule for batch processing. The front-end is implemented as an Azure App Services as well as the WebJob. Others components that […]

Read More →

Azure Application Architecture : N-tier

The n-tier (multi-tier) architecture is the traditional three-tier application separate with layers of services that has is own responsibility. It can be a logical or physical layers. The typical layers are the presentation (web), a middle tier (application/business) and the data layer (database). You can add any extra layers depending on the needs of the application or it could also be constituted with the presentation and data layer only.   When to use the n-tier architecture When you have a simple application to build When you want to migrate your […]

Read More →

Create a S2S VPN connection using RRAS 2016 between Azure and an on-premise network

A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it. The communication between your on-premises VPN device and an Azure VPN gateway is sent through an encrypted tunnel over the internet. Also it exists two others possibilities to connect a cloud environnement with an on-prem one which are P2S (Point-to-site) and ExpressRoute. P2S establish […]

Read More →

AAD – Using Managed Service Identity (MSI) with Azure App Service and Azure SQL Database

Managed Identity Service is a useful feature to implement for the cloud applications you plan to develop in Azure. You can use this identity to authenticate to any service that supports Azure AD authentication without having any credentials in your code. The credentials never appear in the code or in the source control. It works by defining a service principal ID attributed to either a system-assigned (Azure Service instance) or a user-assigned (Azure stand-alone resource). The difference between both is that for the system-assigned identity, the service principal ID is available […]

Read More →

ADFS – Extranet Smart Lockout (ESL)

Since June 2018, There is this new feature for your AD FS 2016 infrastructure called Extranet Smart Lockout (ESL). The feature is similar to the one present in the Azure cloud called Azure AD Smart Lockout. The feature let you differentiate between sign-in attempts that look like they’re from the valid user and sign-ins from what may be an attacker. As a result, AD FS can lock out attackers while letting valid users continue to use their accounts. This prevents denial-of-service on the user and protects against targeted attacks. This feature only […]

Read More →

AAD – Smart Lockout (SL)

Azure AD Smart Lockout (SL) is a machine intelligence algorithm create to be able to distinguish between genuine users and attackers. It can recognize sign-in coming from valid users and threat them differently than ones of attackers and other unknown sources. The factors include past sign-in behaviour, user’s devices and browsers. By default, smart lockout locks the account from sign-in attempts for one minute after ten failed attempts. The account locks again after each subsequent failed sign-in attempt, for one minute at first and longer in subsequent attempts. The lockout threshold […]

Read More →

Azure AD Connect – How to extend your Active Directory Domain to Azure AD ? Part 3 | Federation

What is exactly a federated solution ? It enables applications to redirect to Azure AD for user authentication instead of prompting for its own password. Federated single sign-on is supported for applications that support protocols such as SAML 2.0, WS-Federation, or OpenID Connect, and is the richest mode of single sign-on. It implements an authentication mechanism that can use federated identity. It separates user authentication from the application code, and delegate authentication to a trusted identity provider. This can simplify development and allow users to authenticate using a wider range […]

Read More →