DEV Community

Eng Soon Cheah
Eng Soon Cheah

Posted on • Updated on

Implement platform security

Configure custom domains for PaaS

  • Every domain name in Azure AD is either an initial domain name or a custom domain name
  • Each Azure AD instance comes with an initial domain name in the form
  • The use of custom domains helps ensure that your internal and external URLs are the same, which provides the following benefits:
    • Your users will have an easier experience, which builds user confidence
    • The links contained in applications will work without additional configurations
    • Some configurations will work only if you have custom domains

Configure update domains

  • Microsoft does not automatically update your IaaS VMs
  • Update domains manage intentional moves to take down one (or more) of your servers to provide critical updates
  • To provide redundancy to your application, we recommend that you group two or more virtual machines in an availability set
  • The underlying Azure platform assigns an update domain and a fault domain to each virtual machine in your availability set Alt text of image

Implement Azure Functions updates for serverless computing

  • Azure Functions are an example of serverless applications that can power a single-page app
  • One of the most common update methods is using a PUT statement
  • Performing a PUT operation on a specific Azure UDF resource replaces the entire UDF resource
  • Another method for deploying and updating your function is by using App Service continuous integration
  • The following deployment sources are currently supported:
    • Bitbucket
    • Dropbox
    • External repository (Git or Mercurial)
    • Git local repository and GitHub
    • Microsoft OneDrive
    • Azure DevOps

Configure security for serverless computing

  • Serverless computing moves the responsibility for server management from the application owner to the platform provider
  • This helps eliminate security issues, such as servers with known security variabilities that have not been updated
  • However, there are some security issues and challenges in serverless computing, as you're still responsible for:
    • Your application code
    • Data management
    • Data encryption
    • Identity management
    • Authentication/authorization
    • Configuration of services and role-based access control (RBAC)

Configure container security

  • Networking in a container deployment is a special area that you must address in security scenarios
  • A container image is a lightweight, standalone, executable package that includes everything needed to run an application
  • When an app is containerized, the app and the components needed to run the app are combined in a single image
  • Containers are not inherently vulnerable
  • The kernel is shared among all containers and the host
  • An attacker who gains access to a container should not be able to gain access to other containers or the host

Top comments (0)