Serverless computing in Azure with .NET
eBook - ePub

Serverless computing in Azure with .NET

  1. 468 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Serverless computing in Azure with .NET

About this book

Harness the power of the Cloud, leveraging the speed and scale of Azure Serverless computingAbout This Book• Take advantage of the agility, scale, and cost-effectiveness of the cloud using Azure Serverless compute• Build scalable, reliable, and cost-effecient applications with Serverless architecture and.NET• Learn to use Azure functions to their fullest potential in.NETWho This Book Is ForThis book is for.NET developers who would like to learn about serverless architecture. Basic C# programming knowledge is assumed.What You Will Learn• Understand the best practices of Serverless architecture• Learn how how to deploy a Text Sentiment Evaluation application in an Azure Serverless environment• Implement security, identity, and access control• Take advantage of the speed of deployment in the cloud• Configure application health monitoring, logging, and alerts• Design your application to ensure cost effectiveness, high availability, and scaleIn DetailServerless architecture allows you to build and run applications and services without having to manage the infrastructure. Many companies have started adopting serverless architecture for their applications to save cost and improve scalability.This book will be your companion in designing Serverless architecture for your applications using the.NET runtime, with Microsoft Azure as the cloud service provider. You will begin by understanding the concepts of Serverless architecture, its advantages and disadvantages. You will then set up the Azure environment and build a basic application using a sample text sentiment evaluation function. From here, you will be shown how to run services in a Serverless environment. We will cover the integration with other Azure and 3rd party services such as Azure Service Bus, as well as configuring dependencies on NuGet libraries, among other topics. After this, you will learn about debugging and testing your Azure functions, and then automating deployment from source control. Securing your application and monitoring its health will follow from there, and then in the final part of the book, you will learn how to Design for High Availability, Disaster Recovery and Scale, as well as how to take advantage of the cloud pay-as-you-go model to design cost-effective services. We will finish off with explaining how azure functions scale up against AWS Lambda, Azure Web Jobs, and Azure Batch compare to other types of compute-on-demand services.Whether you've been working with Azure for a while, or you're just getting started, by the end of the book you will have all the information you need to set up and deploy applications to the Azure Serverless Computing environment.Style and approachThis step-by-step guide shows you the concepts and features of Serverless architecture in Azure with.NET.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Serverless computing in Azure with .NET by Sasha Rosenbaum in PDF and/or ePUB format, as well as other popular books in Computer Science & Programming Languages. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Packt Publishing
Year
2017
eBook ISBN
9781787281561
Edition
1
Topic
Computer Science
Subtopic
Programming Languages
Index
Computer Science

Securing Your Application

In this chapter, we will discuss the different aspects of securing an application deployed using serverless computing. We will discuss the shared responsibility model between the client and the cloud provider, and outline the security controls provided by the Azure platform. We will walk through a step-by-step guidance for the following aspects:
  • Connecting a Function App to a private network
  • Deploying a Function App on a private network, without internet access
  • Protecting the Function App with a network firewall
  • Configuring function authorization with API keys
  • Configuring Function App authentication with Azure Active Directory and Facebook identity providers
  • Handling data encryption in transit and at rest
  • Managing administrative access to the application
Unlike the previous chapters, the examples in this chapter are not presented in the context of the text sentiment analysis application. This is because the different approaches to securing the application are sometimes mutually exclusive. Thus, we will demonstrate each security feature on new Function App deployment.

Securing the application

There are many different levels to application security. When running in a traditional data center, you are responsible for the entire security stack, top to bottom. When running in the public cloud, you move towards a shared responsibility model with your cloud vendor, where part of the security controls are handled by the vendor.
The different layers of security can be viewed as the following list:
  • Physical
  • Host infrastructure
  • Networking
  • Application level:
    • Authentication and authorization
    • Code quality
    • Data encryption:
      • Encryption in transit
      • Encryption at rest
      • Managing keys and secrets
  • Administrative access
The level of responsibility of the cloud provider versus the client depends on the hosting model you are using--IaaS, PaaS, or SaaS. IaaS requires the highest involvement on the client's part, and SaaS requires the least. This chapter will review security controls in the context of serverless computing, which is a part of the PaaS family.

Physical security

Physical security pertains to the management of data center buildings and facilities, physical servers, and networking devices. Physical security includes protection from unauthorized access to the facility. It also involves ensuring uninterrupted service by securing a reliable power supply, air and cooling regulation, and physical device management.
The public cloud providers accept full responsibility for ensuring the physical security of their data centers.
This provides one of the main advantages of moving the infrastructure to the public cloud.
Since physical security is handled by the platform, we will not discuss it further in this chapter. The details of physical security implementation in Azure are not disclosed publicly, however, some information can be acquired from Azure compliance reports. The reports can be found on the Azure Trust Center website https://azure.microsoft.com/en-us/support/trust-center.

Host infrastructure

Host infrastructure security pertains to the configuration, management, and security of compute (virtual machines, containers, and so on) and storage. This includes access permissions management of the servers, as well as applying optimal configuration at the OS level, and keeping up to date with security patching. In the IaaS model, the shared responsibility of the client starts at securing the host infrastructure.
With the PaaS model, including serverless compute, the cloud provider accepts full responsibility of securing the host infrastructure.
This provides another significant advantage of moving to the public cloud, particularly, to the PaaS services and serverless compute.
Since host infrastructure security is handled by the platform, we will not discuss it further in this chapter. Once again, certain details on it can be acquired from Azure compliance reports, which can be found on the Azure Trust Center website https://azure.microsoft.com/en-us/support/trust-center.

Networking security

Networking security pertains to the configuration, management, and security of virtual networks, load balancers, DNS servers, and the network security devices.
Part of the networking security controls, such as DDOS protection, is handled by the cloud provider. In IaaS model, the client shares the responsibility for deploying and securing the networking components.
Azure serverless compute can be deployed in two different modes: in a "public" environment, with the networking components fully handled by the platform, and in a "private" environment, where the networking components are partially handled by the client.
In this chapter, we will discuss the different deployment modes in detail. In the following sections, we will review the network security options in the following order:
  • Overview of networking concepts
  • Giving a Function App access to a private network
  • Deploying a Function App on a private network, where the application has a publicly reachable IP
  • Deploying a Function App on a private network, where the application has a private IP

Integrating functions with a private network

There are the following three different ways to integrate Azure serverless compute with a private network:
  1. Deployment into a public App Service connected to a private network.
  2. Deployment into ASE with a public Function App endpoint.
  3. Deployment into ASE with a private Function App endpoint.
All three options require the Function App to be deployed into an App Service plan rather than a Consumption plan.
App Service
The Regular Azure App Service is a multi-tenant PaaS environment, that is inexpensive because of the economy of scale, but offers the client little to no control over the underlying infrastructure.
When deployed into an App Service plan, the Azure Function App can be integrated with a private network using a point-to-site VPN connection. This way, resources within the private network become reachable from the Function App, and vice versa.
App Service Environment (ASE)
ASE is a dedicated and isolate...

Table of contents

  1. Title Page
  2. Copyright
  3. Credits
  4. Foreword
  5. About the Author
  6. About the Reviewers
  7. www.PacktPub.com
  8. Customer Feedback
  9. Preface
  10. Understanding Serverless Architecture
  11. Getting Started with the Azure Environment
  12. Setting Up the Development Environment
  13. Configuring Endpoints, Triggers, Bindings, and Scheduling
  14. Integrations and Dependencies
  15. Integrating Azure Functions with Cognitive Services API
  16. Debugging Your Azure Functions
  17. Testing Your Azure Functions
  18. Configuring Continuous Delivery
  19. Securing Your Application
  20. Monitoring Your Application
  21. Designing for High Availability, Disaster Recovery, and Scale
  22. Designing Cost-Effective Services
  23. C# Script-Based Functions
  24. Azure Compute On-Demand Options