Resilience Architecture in Azure (native)

Hi folks. In my last blog Post, I explain how you can implement a resilience architecture in Azure based on (nearly) the same resources who I used in AWS.

In that Blog post, I’ll explain (for my point of view) the better option based on Azure native services.

 I’ve used the following Azure services:

AWS EFSAzure File Storage
AWS EC2 and Auto scalingAzure App Service
AWS LoadbalancerAzure Load Balancer
AWS ElasticIP
AWS Route Tables
AWS Internet Gateway
AWS NAT Gateway

The main idea, is to build a resilience WordPress architecture, using Azure App services and a managed database at the backend.

Here is the architecture design of my solution:

First of all, I’ll created the base, an Azure VNET with the following settings:

  • IP Space:
  • Subnet Name: backend
  • Subnet address range:
  • Service endpoints: Microsoft.SQL
  • Subnet delegation: Microsoft.Web/serverFarms

Cool, now I’ll create the Backend, an Azure MySQL Server with the following configuration details:

Please use min. the “General Purpose” MySQL Database, because the “Basic Purpose” MySQL Database doesn’t support PSE!

When the configuration is finished, we create a database first. There isn’t any portal configuration available, but we can use the Azure cloud shell!

Open the CloudShell and switch to the “Bash”:

Connect to the Azure MySQL server and create a new database. Here is the code:

mysql -h %HOSTURL% -u $USERNAME%@%HOSTNAME% -p

Replace the following variables with your configuration:


Great, we have now an Azure MySQL Database in place, we can bind the Database to the internal network. Open the Azure MySQL server object and select the option “Connection security”

This image has an empty alt attribute; its file name is image-5.png

No, add the existing Subnet to the MySQL Server. Please click on “Add existing virtual network” and add the required values. The input looks like the following:

This image has an empty alt attribute; its file name is image-6.png

Important, please check that the option “Allow access to Azure services” is set to “No”.

Okay, we can create the first frontend App service at the region “West Europe

I use the following configuration settings:

  • Name: demoresarch01-we
  • Publish : Code
  • Runtime stack: PHP 7.3
  • Operating System: Linux
  • Region: West Europe
  • Linux Plan (West Europe): demoresarch01-svcplan-we
  • SKU: P1v2

Cool, we have to deploy the WordPress content to the Azure App Services. Normally we upload the content to each Azure App Service, but today I will show another preview feature to define a shared storage on Azure App Services. The only limitation, you cannot bind the storage Account with PSE to an internal network.

Open the Azure App Service App and go to the “configuration” option:

On the right side, you can find the option “Path mappings”

My configuration looks like the following:

The important path here is the “Mount path”. I’ll mount the WordPress content to my apache root path (different in azure).

I you want more information, open the following LINK.

Now it’s important to enable another preview feature for Linux App Services: “VNet integration”. Open the Azure App Service App and select the option “Networking”. In the tab on the right side select “VNet Integration”.

The next step is really easy, select your existing subnet where you have enable the feature:

  • Subnet delegation: Microsoft.Web/serverFarms

The finished configuration looks like the following:

Great, we are ready now and have a fully resilience architecture including PaaS services only in West Europe. BUT, we can do more!

The service is hosted in different zones (excluding the App Service, this isn’t available at the moment) in West Europe. Now we want to bind the service in different regions. The architecture is a little bit different and looks like the following:

We create a second frontend App service at the region “North Europe

I use the following configuration settings:

  • Name: demoresarch01-ne
  • Publish : Code
  • Runtime stack: PHP 7.3
  • Operating System: Linux
  • Region: West Europe
  • Linux Plan (West Europe): demoresarch01-svcplan-ne
  • SKU: P1v2

Implement the Path mapping at the new App service. Another important point, activate the option “Allow Azure Services to connect” on the Azure MySQL database:

We can remove the Azure virtual network and the PSE implementation at the Database and App Service. Cool, now we can create an Azure traffic manager profile. I use the priority configuration. The final configuration looks like the following:

The frontend and the content is now available in two regions. I’ve used a global loadbalancer with priority. The last part is the replication of the backend database to the failover region. This option is really simple, create at the region “North Europe” an Azure MySQL server and select the “Replication” option at the MySQL object.

At the end, you have the following object configured in Azure:

Fazit: I’ve implemented the solution WordPress in that area with PaaS services only, which is the best and the most effective way at the cloud. The solution works really good and performs very well! From the coast perspective, there are two different ways available, the cheaper one based on a single region and the expensive way, but also the much more resilience way. I guess it depends at the customer needs.