This article is contributed. See the original author and article here.
Today we are excited to announce the general of Azure Spring Apps (ASA) landing zone accelerator. You can start deploying your spring applications to Azure Spring Apps at scale using the built with industry-proven practices.
Customers on their app modernization or migration journey to cloud may encounter challenges to deploy spring applications at enterprise scale and get it right at the first time. Landing zone accelerators help you address this challenge providing guidance to deploy workloads faster with better security, scalability, availability, reduced cost, operating confidently with better performance.
Landing zone accelerators provide architectural guidance, reference architecture, reference implementations and automation packaged to deploy workload platforms on Azure at scale. The goal of landing zone accelerators is to save you having to reinvent the wheel by building on the lessons we learned working with our strategic customers. This accelerator allows you to establish secure, compliant, and scalable development, test, or production environments within 15-30 minutes.
ASA landing zone accelerator comes with two parts,
- Design Area Guidance providing recommendations and considerations for critical design pillars: Security, Networking, Identity and Access Management and Monitoring
- Reference implementation providing end-to-end guidance for provisioning Azure Spring Apps and deploying workloads to production-grade secure infrastructure.
Build and deploy spring applications at scale
Azure Spring Apps makes it easy to deploy Spring applications to Azure without any code changes. The service manages the infrastructure of Spring applications so developers can focus on their code. Azure Spring Apps provides lifecycle management using comprehensive monitoring and diagnostics, configuration management, service discovery, CI/CD integration, blue-green deployments, and more.
For application teams, the Spring Apps landing zone accelerator offers a significant head start by bundling together the most used backing services, which teams can select as part of their deployment process. This includes Azure Spring Apps Enterprise for Java Spring Boot applications, Azure Application Gateway for efficient web traffic management, Azure Virtual Machines for streamlined management operations, and diverse database services such as Azure MySQL Flexible Server, Azure PostgreSQL Flexible Server, Azure Cosmos Database and Azure SQL Database for adaptable data storage solutions. Teams can further secure and monitor their operations with Azure Key Vault, Azure Monitor Logs, and Azure Application Insights – or using any monitoring tools and platform of their choice. And they can automate from idea to production using any automation tools and platform of their choice.
On the other hand, platform teams benefit from an array of resources designed to maintain security and operational efficiency. The Azure Firewall, Azure Bastion, Azure ExpressRoute, Azure DNS, and Azure VPN Gateway ensure seamless connectivity, secure access management, and effective traffic control across both on-premises and Azure environments. The Landing Zone Accelerator for Spring Apps builds on the Azure Well-Architected Framework, adhering to its five pillars of architectural excellence – reliability, security, cost optimization, operational excellence, and performance efficiency. Furthermore, it integrates seamlessly with Azure landing zones and other accelerators. Rooted in real-world Azure migration projects, this accelerator framework not only ensures consistent governance but also reduces operational overhead, optimizing cost, and establishing a reliable solution for deploying both private and public applications in single or multi cloud environments.
Design Area Guidance
The reference architecture is considered across four key design areas integrated with centralized services.
- Identity and Access Management
- Network Topology and Connectivity
- Management and Monitoring
- Security, Governance, and Compliance
These design guidelines are based on real-world work with our strategic customers performing large-scale Azure migration and modernization projects, and you can use the architectural guidance to achieve your target technical state with confidence.
MS Learn documentation – Azure Spring Apps landing zone accelerator – Cloud Adoption Framework | Microsoft Learn
Reference Architecture
The reference implementation demonstrates a secure baseline infrastructure architecture to deploy spring and polyglot apps. It uses a hub and spoke architecture with a single spoke hosting Spring Apps. East/West traffic (traffic between resources in the hub and resources in the spoke) is filtered with Network Security Groups and North/South traffic (traffic between the Internet and resources in the hub or spoke) is routed through and mediated with an instance of Azure Firewall.
Core architecture components are below.
- Azure Spring Apps (Enterprise or Standard) is deployed using VNet-injection to allow for mediation inbound and outbound traffic to the Azure Spring Apps Instance and deployed applications.
- The Azure Firewall instance has been configured to write its logs to a Log Analytics Workspace.
- Azure Private DNS zones for Azure Spring Apps and support services deployed with Private Endpoints
- A single Windows Server 2022 Virtual Machine deployed into the spoke Virtual Network for testing access to applications deployed into the Azure Spring Apps instance. This VM is not exposed to the internet and is only accessible via Azure Bastion.
- Log Analytics Workspace where Azure Spring Apps and Azure Firewall deliver logs and metrics.
- Application Insights for monitoring applications deployed to Azure Spring Apps.
- Instance of Azure Key Vault deployed with a Private Endpoint for secrets and certificates storage for applications deployed to Azure Spring Apps.
- Instance of Azure Bastion for connection to the Windows Server 2022 virtual machine running in the virtual network.
Next Steps
For the implementation of this architecture, see the Azure Spring Apps landing zone accelerator repository on GitHub. Deployment options for this architecture include ready-to-go Bicep, Terraform, scripts with automation provided in both Azure DevOps and GitHub Actions.
Lets get started by forking the repo to create a dev, test or production environment in 15-30 minutes using the landing zone accelerator. The artifacts in this repository provide groundwork that you can customize for your environment and automated provisioning pipelines. For any feedback, please use the GitHub Issues.
Meet the Experts
This accelerator was created and maintained by Cloud Solution Architects, Software Engineers, and Program Managers at Microsoft. Check them out under the GitHub repo contributors section.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments