You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/frontdoor/scenario-upload-storage-blobs.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
2
title: Reliable file uploading to Azure Storage Blob through Azure Front Door
3
-
description: Learn how to use Front Door with storage blobs for mission critical content upload, enabling a secure, reliable and scalable architecture.
3
+
description: Learn how to use Front Door with storage blobs for mission critical content upload, enabling a secure, reliable, and scalable architecture.
4
4
services: front-door
5
5
author: kostinams
6
6
ms.service: frontdoor
@@ -12,7 +12,7 @@ ms.reviewer: hmb
12
12
13
13
# Reliable file uploading to Azure Storage Blob through Azure Front Door
14
14
15
-
Uploading files to Azure Storage through Azure Front Door brings certain advantages, including higher resiliency, scalability and additional security, such as scanning of uploaded content with WAF and using custom TLS certificate for storage accounts.
15
+
Uploading files to Azure Storage through Azure Front Door brings certain advantages, including higher resiliency, scalability and extra security, such as scanning of uploaded content with WAF and using custom TLS certificate for storage accounts.
16
16
17
17
In this reference architecture, you deploy multiple storage accounts and Front Door profile with a multiple origins. By using multiple storage accounts for uploaded content, you improve performance, reliability and able to achieve load distribution/sharding by having different clients use storage accounts in different orders.
18
18
@@ -26,7 +26,7 @@ In this reference architecture, you deploy multiple storage accounts and Azure F
26
26
27
27
Data flows through the scenario as follows:
28
28
29
-
1. The client app will call a web-based API and retrieve a list of multiple upload locations. For each file that the client uploads, the API generates a list of possible upload locations, with one in each of the existing storage accounts. Each URL contains a Shared Access Signature, ensuring that the URL can only be used to upload to the designated blob URL.
29
+
1. The client app calls a web-based API and retrieve a list of multiple upload locations. For each file that the client uploads, the API generates a list of possible upload locations, with one in each of the existing storage accounts. Each URL contains a Shared Access Signature, ensuring that the URL can only be used to upload to the designated blob URL.
30
30
2. The client app attempts to upload a blob using first URL from the list returned by API. The client establishes a secure connection to Azure Front Door by using a custom domain name and custom TLS certificate.
31
31
3. The Front Door web application firewall (WAF) scans the request. If the WAF determines the request's risk level is too high, it blocks the request and Front Door returns an HTTP 403 error response. Otherwise the request is routed to the desired storage account.
32
32
4. File is uploaded into Azure Storage account. If this request fails, the client app will have to try to upload to an alternative storage account using next URL from the list returned by API.
@@ -42,11 +42,11 @@ Data flows through the scenario as follows:
42
42
43
43
## Scenario details
44
44
45
-
Quite often the responsibility of file upload is put on the API or backend systems. By having the client app directly upload JSON files into blob storage, we make sure that the compute resource (the API layer handling the uploads from the client) is not the bottleneck in terms of performance, as well as we bring down the costs of the overall solution since now API is not spending compute time on uploading the files.
45
+
Often the responsibility of file upload is put on the API or backend systems. By having the client app directly upload JSON files into blob storage, we make sure that the compute resource (the API layer handling the uploads from the client) is not the bottleneck in terms of performance, and we bring down the costs of the overall solution since now API is not spending compute time on uploading the files.
46
46
47
-
It is the API's responsibility to make sure that the files are distributed evenly between storage accounts, so you will have to define logic to prioritize required storage accounts which should be used by client applications by default.
47
+
It is the API's responsibility to make sure that the files are distributed evenly between storage accounts. That means that it's required to define logic to prioritize storage accounts which should be used by client applications by default.
48
48
49
-
Utilizing Azure Front Door in conjunction with Azure Storage accounts enables customers to have a single point of entry (a single domain) for uploading content.
49
+
Utilizing Azure Front Door with Azure Storage accounts enables customers to have a single point of entry (a single domain) for uploading content.
50
50
51
51
### Azure Front Door configuration with multiple origins as Azure Storage accounts
52
52
@@ -74,7 +74,7 @@ Finally, you need to create a new Rule set configuration. It is important to con
74
74
75
75
### Scalability and performance
76
76
77
-
Proposed architecture allows to achieve horizontal scalability by using multiple storage accounts for uploaded content.
77
+
Proposed architecture allows you to achieve horizontal scalability by using multiple storage accounts for uploaded content.
78
78
79
79
### Resiliency
80
80
@@ -83,11 +83,11 @@ By using multiple storage accounts in different regions this architecture increa
83
83
84
84
### Cost optimization
85
85
86
-
The cost structure of Azure Storage allows to create as many storage accounts, as required without increasing the costs of the solution. The costs are affected by the amount and size of the files stored.
86
+
The cost structure of Azure Storage allows you to create as many storage accounts, as required without increasing the costs of the solution. The costs are affected by the amount and size of the files stored.
87
87
88
88
### Security
89
89
90
-
By using Azure Front Door you are benefiting from security features, such as DDoS protection (the default Azure infrastructure DDoS protection which monitors and mitigates network layer attacks in real-time by using the global scale and capacity of Front Door’s network), as well as Web Application Firewall (WAF) which defends your web services against common exploits and vulnerabilities. You can also use the Front Door WAF to perform rate limiting and geo-filtering if you require those capabilities.
90
+
By using Azure Front Door you are benefiting from security features, such as DDoS protection (the default Azure infrastructure DDoS protection, which monitors and mitigates network layer attacks in real-time by using the global scale and capacity of Front Door’s network), as well as Web Application Firewall (WAF) which defends your web services against common exploits and vulnerabilities. You can also use the Front Door WAF to perform rate limiting and geo-filtering if you require those capabilities.
91
91
92
92
It is also possible to secure Azure Storage accounts by using Private Link. The storage account can be configured to deny direct access from the internet, and to only allow requests through the private endpoint connection used by Azure Front Door. This configuration ensures that every request gets processed by Front Door, and avoids exposing the contents of your storage account directly to the internet. However, this configuration requires the premium tier of Azure Front Door. If you use the standard tier, your storage account must be publicly accessible.
0 commit comments