Configure custom domains for PaaS
- Every domain name in Azure AD is either an initial domain name or a custom domain name
- Each Azure AD instance comes with an initial domain name in the form company.onmicrosoft.com
- The use of custom domains helps ensure that your internal and external URLs are the same, which provides the following benefits:
- Your users will have an easier experience, which builds user confidence
- The links contained in applications will work without additional configurations
- Some configurations will work only if you have custom domains
Configure update domains
- Microsoft does not automatically update your IaaS VMs
- Update domains manage intentional moves to take down one (or more) of your servers to provide critical updates
- To provide redundancy to your application, we recommend that you group two or more virtual machines in an availability set
- The underlying Azure platform assigns an update domain and a fault domain to each virtual machine in your availability set
Implement Azure Functions updates for serverless computing
- Azure Functions are an example of serverless applications that can power a single-page app
- One of the most common update methods is using a PUT statement
- Performing a PUT operation on a specific Azure UDF resource replaces the entire UDF resource
- Another method for deploying and updating your function is by using App Service continuous integration
- The following deployment sources are currently supported:
- Bitbucket
- Dropbox
- External repository (Git or Mercurial)
- Git local repository and GitHub
- Microsoft OneDrive
- Azure DevOps
Configure security for serverless computing
- Serverless computing moves the responsibility for server management from the application owner to the platform provider
- This helps eliminate security issues, such as servers with known security variabilities that have not been updated
- However, there are some security issues and challenges in serverless computing, as you're still responsible for:
- Your application code
- Data management
- Data encryption
- Identity management
- Authentication/authorization
- Configuration of services and role-based access control (RBAC)
Configure container security
- Networking in a container deployment is a special area that you must address in security scenarios
- A container image is a lightweight, standalone, executable package that includes everything needed to run an application
- When an app is containerized, the app and the components needed to run the app are combined in a single image
- Containers are not inherently vulnerable
- The kernel is shared among all containers and the host
- An attacker who gains access to a container should not be able to gain access to other containers or the host
Top comments (0)