Enterprise Considerations for Implementing Azure Integration Services — Part 1

#AIS #Integration #Enterprise Integration

Preface

Azure Integration Services (or AIS) are a set of cloud services provided by Microsoft Azure for mission critical Enterprise Integrations. It includes comprehensive set of cloud based tools and services which can be leverage to implement an iPaaS Solution. The 4 Main components for Azure Integration Services are:

1. API Service: API Management
2. Orchestration Service: Logic Apps (or Function Apps)
3. Messaging Service: Service Bus
4. Event Service: Event Grid

Azure Integration Services

What are Integration?

As the term suggests integrations are basically connection between multiple systems; these can be cloud services, SaaS services, on-premise applications, business partners etc.

Creating an Integration platform enables organizations to:

• Establish security guidelines.
• Automate and Orchestrate business process and workflows.
• Helps with consistency of implementations.
• Drives Efficiency by encouraging reusability.
• Provides Observability and Monitoring Capabilities.
• Azure integration Services Considerations

Ingress Considerations:

1. Implement the API Management Service instance to a virtual network - internal mode.
2. Protect the API’s against common vulnerabilities by implementing Application gateway WAF tier. This provides a way to secure the API’s.
3. NSG rules should be applied to APIM subnets.
4. Implement a Path based route in Application Gateway that directs only external API URL paths to the APIM. This protects internal API’s from being accessed from outside.
5. Implement authorization in API management service with OAuth 2.0 and validate-jwt policy to validate the OAuth token. This can be done to validate for scopes in the API. (More details here: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-protect-backend-with-aad)
6. API management service provides capability of Multi-Region implementation for high availability. To utilize this we can add policy to set backends based on Request Context Region. (More details: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-deploy-multi-region)
7. Consider utilizing service endpoints for outbound connectivity with common Azure Services (Azure SQL, AzureActiveDirectory etc.) from APIM subnet.

Ingress Design

#AIS #Integration #Enterprise Integration