Table of Contents
1 Production Architecture
Regardless of the cloud vendor, on-prem, off-prem or hybrid, the guiding principles of production architecture remain the same.
1.1 Guiding Principles
- Principle of least access
- Isolate at the network layer 1
- Must have DR (disaster recovery)
- Must be HA (highly available)
- All access from internet goes thru a firewall (layer 7)
- Admin users can only connect to network via jumpbox from known IP range
- Protected network only accepts requests from public network IP
- DB in restricted network (only accessible by protected network or jumpbox)
- Can only connect to jumpbox from a known IP address
- Keep your audit logs in a different location from your app
- For DR, spin up similar system in another geo location
- Use DB Peering between the two locations
- Use load balancers to handle cutover
1.2 Environments
- At a minimum, non-prod and prod and expand as needed
- Script everything so spinning up new environments is repeatable
- DR is a production clone in another geo location
2 Cloud Security
2.1 Roles & Access Controls (Principle of least access)
- Restrict access to admin portal & cli to only view necessary resources (e.g. In Azure, limit view to the resource group)
- Turn on MFA
- Notify all admins when a change is made to admin settings
2.2 Data Collection and Storage
- Encryption at rest (e.g. Turn on transparent data encryption in Azure SQL Server)
- Encryption in transit (e.g. SSL)
- Turn on soft delete
- Use SAS (Shared Access Signature) tokens with limited timeframe (e.g. 20 mins instead of 6 months)
- Turn on security alerts and monitoring (e.g. Azure's advanced threat protection)
Footnotes:
1
: Subnet calculator useful for network design