Identity and Access Management

Instead of maintaining own Identity Management it shall - for security reasons (with Key Vault and Managed Identities), functional reasons (group-, role-, synchronization-, privilege-, and scope-management) and connectivity reasons - be delegated to Azure AD (Active Directory). Most companies already use Azure AD (Skype, Office365 etc.) which makes integrating external services easier.

Azure AD also provides Multi Factor, Password Less Authentication and Single Sign On. With Azure AD Connect on premise Active Directory Domain Services can be synced.

Integration of external identity provider (Facebook, Google, Direct Federation etc.) is not a requirement for now, but possible. 

Azure Active Directory B2C shall be used for Customer Identity integration allowing custom UI.

Managed Identity is a strong recommendation for containerized microservices.

Microservices with Docker Container

Containerized microservices architecture has advantages concerning scalability, portability and integration of multiple applications in different languages. For cost management and performance auto scalable infrastructure is a good option.

Orchestrated with Gateways (WebSocket/HTTPS, Web Application Firewall, SSL Offloading, smart routing), Load Balancing (distributing workload) and autoscale VM Scale Sets it offers also great performance.

High availability

Implement backup datacenter in different geolocations. Use Azure Availability Zones with promised 99.99% uptime. Set Azure Front Door or Azure Traffic Manager on top and keep data layer in sync.

Backup / Retention

Backups for databases can be scheduled on a regular basis. 

• Full backups every week.
• Differential backups every 12 or 24 hours.
• Transaction log backups approximately every 10 minutes.

(standard values can be customized)

For Azure Blob Storage even continuous backup or soft delete is possible.

Additionally, infrastructure as a code is a recommendation for portability and recovery.

In this case study no redundant backup datacenter for high availability like in finance industry seems to be a reasonable requirement.

Functional Requirements

With Azure Cognitive Services translations can be automized.

Chat, Videocalls can be implemented via Azure Communication Services (not required yet).

Image and Video Processing requirements needs to be analyzed (either implement external services or use Azure Batch together with FFMPEG for videos). Currently an upload to blobs is fine.

Mailing or SMS Services are not integrated in Azure but can be implemented via MailJet, Gmail or SendGrid. In Azure AD B2C self-service with mailing is possible.

With Azure Scheduler regular tasks can be triggered (send reports, clean data, set reminder etc.), otherwise own microservices like quartz built in C# or others can be an option.

DevOps / Staging / Testing

Staging shall at least comprise a production, preproduction and test environment. 

DevOps requires a careful design when it comes to Continuous Integration, Continuous Delivery (CI/CD) and Testing. Integrating Azure Test Plans into Azure DevOps needs to be thoroughly analyzed for cost and resource reasons. Testing is becoming very complex over time, so it shall be automized as far as possible from the very beginning.

Integration of automated testing must be a core principle in DevOps.

Besides Integrated Development Testing the following scheduled tests shall be set up to be performed at least once a year:

• load testing
• penetration testing (including monitoring and analytics)
• data recovery tests
• system recovery test (with infrastructure as code)
• disaster management (with defined scenarios)

IoT (Internet of Things)

Is not a requirement yet. But the use of sensors creating tickets for empty dispensers, open doors, changed temperature or other detectors can be a good addition. In Azure IOT Hub those requirements are easy to integrate. For example, in banking filling ATMs or printer are triggered by sensors to avoid unnecessary visits.

Cost Management

Any infrastructure requires a continuous monitoring of cost including looking for alternatives and total cost analysis. Azure provides very detailed cost analysis features and projections with alerting.

Monitoring and Health

UX / Front End

For user experience monitoring external libraries or own microservices should be implemented. But these should be implemented together with really performed analysis. It is very important to know where users are lost or if they become inactive. Also integrate feedback triggers directly into the Front-End Application and collect error logs.

Health

Azure has built in health (health probes in container) and performance monitors (container insights) with sophisticated notification and auto cure services.

SLA Monitoring

In case availability and quality promises are given in SLAs there are many ways to implement this. One possible advanced solution is Azure Monitor.