Software Deployment Best Practices in the Azure Cloud

Cloud deployment is the process of deploying and managing applications, services, and infrastructure in a cloud computing environment. Cloud deployment provides scalability, reliability and accessibility over the internet, and it allows organizations to take advantage of the benefits of cloud computing, such as cost savings and improved flexibility.

Deploying software in a cloud environment involves several steps, including packaging the software, creating or provisioning the infrastructure, configuring and deploying the software, testing and monitoring, and scaling and updating. It’s important to familiarize yourself with the tools and services offered by the cloud provider you are using, and to have a plan in place for scaling and updating the software as needed.

What Is Azure App Service?

Azure App Service is a hosting service for HTTP-based web applications, mobile backends, and REST APIs. You can develop applications in your preferred language (.NET, .NET Core, Ruby, Java, Node.js, PHP, Python), and easily run and scale them in Linux and Windows-based environments. It is commonly used to migrate applications to the Azure cloud.

App Service adds the features of the Microsoft Azure cloud to your application—including security, autoscaling, load balancing, and auto-management. In addition, it provides DevOps capabilities like continuous deployment (powered by GitHub, Azure DevOps, and Docker Hub), package management, custom domains, staging/testing environments, and TLS/SSL certification.

Software Deployment Best Practices in Azure

Use Deployment Slots

Use deployment slots whenever possible when deploying new production versions. With the standard App Service plan tier or higher, you can deploy an application to the staging environment, see changes, and run smoke tests. When ready, you can switch the staging slots to production slots—swap the worker instances to eliminate downtime, by pre-warming a full production environment.

Continuously Deploy Code

If a project has branches designated for testing, staging, and QA, each branch must be deployed continuously to a staging slot. This makes it easy for stakeholders to evaluate and test deployed branches.

Do not enable continuous deployment for production slots. Instead, the production branch (usually the master branch) should be deployed into a non-production slot. When developers are ready to release the main branch, replace it with a production slot. Swapping to production instead of deploying to production avoids downtime and enables you to easily roll back changes (you simply swap back).

Microsoft Defender for Cloud and Azure Sentinel

Microsoft Defender for Cloud improves security visibility and control of Azure resources, including web applications, to help prevent, detect, and respond to threats. Microsoft Defender for Cloud helps detect threats that may go unnoticed.

Microsoft Sentinel is a cloud-native, scalable security solution that provides Security Information and Event Management (SIEM), as well as Security Orchestration, Automation and Response (SOAR). These solutions provide advanced threat intelligence and security analytics, including attack detection, proactive hunting, threat visibility, and threat response.

Microsoft Sentinel uses Azure-powered AI to power investigation and detection. Microsoft provides its threat intelligence data, and you can bring your own threat intelligence feeds.

Continuously Deploy Containers

For custom containers from a container registry like Docker, you can deploy the container images into staging slots and replace it with a production worker instance to avoid downtime.

For every branch deployed in the slot, you can set up automation to perform these tasks for each commit in the branch:

  • Create an image and tag it—tag images with git commit IDs, timestamps, or other identifying information as part of your build pipeline. Don’t use the default “latest” tag, otherwise deployed code will be more difficult to trace and debug.
  • Push the image—after building and tagging the image, the pipeline can push the image to a container registry. Next, the deployment slot will pull the image from the registry.
  • Ensure the deployment slot is updated with the image’s tag. Once you’ve updated this property, the application automatically restarts and pulls the new image.

Implement Local Caching

All content in Azure App Service is stored in Azure Storage and delivered as a persistent content share. However, some applications require a read-only, high-performance content storage space that can operate with high availability—these applications benefit from a local cache.

However, note that local caching is not recommended for content management sites like WordPress. Also, always use local caching with deployment slots to avoid downtime.

Leverage Azure DevOps

App Service includes a built-in feature to continuously deliver containers via a Deployment Center. In the Azure portal, go to your app, and under Deployments, select Deployment Center. Follow the instructions, selecting a container repository and a branch. This configures your DevOps build and enables the release pipeline to automate the building, tagging, and deployment of containers when developers push new commits to the branch of your choice.

Install a Web Application Firewall

Web applications are commonly targeted by attacks that exploit known vulnerabilities. Common attacks include SQL injection and cross-site scripting attacks. Completely preventing these attacks in your application code can be difficult, because many layers of an application topology might require rigorous maintenance, patching, and monitoring.

A centralized WAF helps simplify security management. Instead of protecting individual web applications, WAF solutions can also address security threats by patching known vulnerabilities from a central location. Azure Application Gateway WAF centrally protects web application traffic from common attacks and vulnerabilities.

Conclusion

Deploying software on Azure is a powerful and cost-effective way to build and run web applications, mobile app backends, and RESTful APIs.

By following best practices you can ensure the success and security of your deployment. These best practices can help you automate the deployment of your resources, ensure consistency across your environments, troubleshoot issues, monitor the performance of your deployment, protect your applications and data, safeguard and manage cryptographic keys and secrets, test your application in a staging environment and ensure that your deployment continues to function properly.

By Gilad David Maayan