Azure Sites Architecture and Setup Guide

Azure Sites is a powerful platform for building and deploying web applications. It's built on top of Azure's scalable infrastructure, allowing you to create and manage multiple websites with ease.

To get started with Azure Sites, you'll need to set up a resource group, which is a logical container for your resources. This will help you organize and manage your websites, storage, and other resources.

A resource group can be created in a few clicks, and you can choose from a variety of Azure regions to host your websites. You can also configure network security settings, such as firewalls and virtual networks, to control access to your websites.

Azure Sites supports multiple deployment models, including Azure Resource Manager (ARM) and classic. ARM is the recommended approach, as it provides more flexibility and control over your resources.

Discover more: What Are Static Websites

Azure VNet deployment is a crucial step in setting up an Azure site. There are two deployment modes available: Ingress Gateway and Ingress/Egress Gateway.

In the Ingress Gateway mode, a site is attached to a single VNet and subnet, providing discovery of services and endpoints reachable from this subnet to any other site in the tenant. In the Ingress/Egress Gateway mode, a site is attached to a single VNet with at least two interfaces on different subnets, providing security and connectivity needs for virtual machines and subnets.

To deploy a site, navigate to the Azure VNet object, find your Azure VNet object, and click Apply in the Status column. The Status column will change to Queued and then to Applying. You can also perform a Terraform plan activity before deployment by selecting ... > Plan (Optional) to create an execution plan.

Here are the two deployment modes available:

There are two main deployment modes for Azure VNet sites.

One of these modes is the Ingress Gateway (One Interface) deployment, which attaches a site to a single VNet and single Subnet. This mode provides discovery of services and endpoints reachable from this subnet to any other site configured in the Distributed Cloud Services tenant.

You might like: Architecture of Single Page Application

The Ingress/Egress Gateway (Two Interfaces) deployment is another mode, which attaches a site to a single VNet with at least two interfaces on different subnets. This mode provides security and connectivity needs for virtual machines and subnets via a default gateway through the Site Inside interface.

There are two VNet configurations in this mode: Standalone VNet and Hub VNet.

To deploy an Azure VNet site, you can use either the Console or Terraform method. If you choose to deploy using Console, you'll find the Azure VNet object by navigating to Manage > Site Management > Azure VNET Sites.

You can verify the status of your deployment by checking the Status column for the site object, which will change to Queued and then to Applying. Optionally, you can perform a Terraform plan activity before deployment to create an execution plan.

To check the status of the apply action, click on the ... menu next to the site object and select Terraform Parameters for site object, then click on the Apply Status tab. If everything goes smoothly, the status will change to Applied.

Readers also liked: Azure App Service Plans

If you prefer to use Terraform, you'll need to create a terraform.tfvars file and assign the necessary variables, such as the Azure subscription ID, resource group name, and storage account name. Be cautious when working with credentials and secret keys.

Here are the key steps to deploy a site using Terraform:

After the deployment is complete, you can verify the status of your site by navigating to the list of sites in Console and confirming that the site was applied successfully.

To set up an Azure site, you'll need a Distributed Cloud Services Account. If you don't have one, create an account first.

You'll also need a Microsoft Azure Account, and specific permissions are required to deploy the site. To create a cloud credentials object, check out the Cloud Credentials guide.

The resources required per node are: instance type with an Intel x86-based processor, recommended instance types are listed in the Customer Edge Site Sizing Reference guide.

Worth a look: Azure Cloud

You'll also need to allow traffic from and to the Distributed Cloud public IP addresses in your network and allowlist related domain names. See the Firewall and Proxy Server Allowlist Reference guide for the list of IP addresses and domain names.

ICMP needs to be opened between the CE nodes on the Site Local Outside (SLO) interfaces to ensure intra-cluster communication checks.

Note that the IP address for the SLO interface cannot be changed after deployment, and the MAC address cannot be changed either.

Here's a summary of the required resources:

You'll also need to configure the network firewall settings in the Site Network Firewall section, and optionally configure more settings in the Advanced Options section.

Before deploying the site, make sure to verify the status in the Azure portal by confirming the VNets are online and then testing connectivity.

If you need to enable ExpressRoute, follow these steps: add an ExpressRoute connection, enter a name for the connection, select whether the ExpressRoute is in the same subscription as the site, and enter the Authorization Key.

For another approach, see: Azure Function Local Settings Json

You can deploy Azure sites using a few different methods.

One option is to use the Console, where you can navigate to the Azure VNet object by clicking Manage > Site Management > Azure VNET Sites. From there, you can find your Azure VNet object and click Apply in the Status column to start the deployment.

Alternatively, you can use Terraform to deploy a site. This involves creating a file for variables and assigning the necessary values, such as access keys and secret keys encoded in Base64.

To deploy using Terraform, you'll need to enter terraform init, followed by terraform apply, and then confirm the deployment by entering yes. The entire process may take a few minutes to complete.

Here are the general steps for deploying a site using Terraform:

After the deployment is complete, you can verify the status of the site by navigating to Multi-Cloud Network Connect > Overview > Sites, and checking that the status is Online.