Web Application architecture with improved scalability and performance using Azure Web App

Azure App Service is hosting web applications, REST APIs, and mobile back ends developed in languages, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments.

• Web App: Azure App Service is hosting web applications, REST APIs, and mobile back ends developed in languages, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments.
• Azure Redis Cache: Fully managed version of the popular open-source Redis server to store semi-static data.
• Azure Content Delivery Network (CDN): is a global CDN solution for delivering high-bandwidth content. It can be hosted in Azure or any other location. With Azure CDN, you can cache static objects loaded from Azure Blob storage.The main benefit of a CDN is to reduce latency for users, because content is cached at an edge server that is geographically close to the user. CDN can also reduce load on the application, because that traffic is not being handled by the application.
• Data storage: Use Azure SQL Databasefor relational data. For non-relational data, Cosmos DB can be used.
  Modern applications process large amounts of data. In order to scale, it’s important to choose the right storage type. Here are some baseline recommendations.

Type of Data/objects	Recommended storage
Files	Azure Blob Storage
Key/Value pairs	Azure Table storage
Short messages intended to trigger further processing	Azure Queue storage, Service Bus queue, or Service Bus topic
Non-relational data with a flexible schema requiring basic querying	Document database, such as Azure Cosmos DB, MongoDB, or Apache CouchDB
Relational data requiring richer query support, strict schema, and/or strong consistency	Azure SQL Database

• Azure Search: Use Azure Search to add search functionality such as search suggestions, fuzzy search, and language-specific search. Azure Search is typically used in conjunction with another data store, especially if the primary data store requires strict consistency. In this approach, store authoritative data in the other data store and the search index in Azure Search. Azure Search can also be used to consolidate a single search index from multiple data stores.
• Azure DNS. Azure DNS is a hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records using the same credentials, APIs, tools, and billing as your other Azure services.
• Application gateway:Application Gateway is a layer 7 load balancer. In this architecture, it routes HTTP requests to the web front end. Application Gateway also provides a web application firewall (WAF) that protects the application from common exploits and vulnerabilities.

Scalability

• App Service app

  It’s better to deploy solution consisting of several apps to separate App Service plans to enable scaling independently being running on separate instances.

• SQL Database

  Scalability of a SQL database can be achieved by sharding the database i.e. partitioning the database horizontally. Sharding allows you to scale out the database horizontally using Elastic Database tools. It provides better transaction throughput and enables queries can run faster over a subset of the data.

• Azure Search

  Azure Search removes the overhead of performing complex data searches from the primary data store, and it can scale to handle load.

Security

• Cross-Origin Resource Sharing (CORS)

  If you create a website and web API as separate apps, the website cannot make client-side AJAX calls to the API unless you enable CORS.

• SQL Database encryption

  To encrypt data at rest in the database use Transparent Data Encryption (TDE). This enables real-time encryption and decryption of the entire database (including backups and transaction log files) without need of changes to the application. However, Encryption does add some latency, so it’s a better to separate the data that must be secure into separate database and enable encryption only for that database.