The SmartDocs Portal is a cloud-native document management system built on Azure, designed to demonstrate modern DevOps practices and enterprise-grade infrastructure patterns. This architecture showcases skills in Azure cloud services, Infrastructure as Code, CI/CD pipelines, and security best practices.
Internet Users
│
▼
┌─────────────────┐
│ Azure Front Door│ ◄── CDN/WAF (Akamai Simulation)
│ + WAF Policy │
└─────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────┐
│ Azure Virtual Network │
│ (10.0.0.0/16) │
├─────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────┐ │
│ │App Service │ │ Database │ │ Frontend │ │
│ │Subnet │ │ Subnet │ │ Subnet │ │
│ │10.0.1.0/24 │ │10.0.2.0/24 │ │ 10.0.3.0/24 │ │
│ │ │ │ │ │ │ │
│ │┌───────────┐│ │┌───────────┐│ │ ┌─────────────────┐ │ │
│ ││.NET API ││ ││SQL Server ││ │ │ Angular SPA │ │ │
│ ││App Service││ ││+ Database ││ │ │ App Service │ │ │
│ │└───────────┘│ │└───────────┘│ │ └─────────────────┘ │ │
│ └─────────────┘ └─────────────┘ └─────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────┘
│ │ │
▼ ▼ ▼
┌─────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ Azure │ │ Azure SQL │ │ Storage Account │
│ Key Vault │ │ Database │ │ - Documents │
│ - Secrets │ │ - Private │ │ - Static Files │
│ - Certs │ │ Endpoint │ │ - Logs │
└─────────────┘ └─────────────────┘ └─────────────────┘
- Virtual Network (VNet): Isolated network environment with segmented subnets
- Network Security Groups (NSGs): Firewall rules for each subnet
- Private Endpoints: Secure connectivity to PaaS services
- Service Endpoints: Direct connectivity to Azure services
- Azure Front Door: Global CDN with WAF protection (Akamai simulation)
- App Services:
- .NET 8 API backend (Linux containers)
- Angular frontend (Node.js)
- Application Gateway: Load balancing and SSL termination
- Azure SQL Database: Managed database with private endpoint
- Storage Account: Blob storage for documents and static content
- Azure Key Vault: Secure secrets and certificate management
- Managed Identities: Passwordless authentication
- Private Endpoints: Network isolation for data services
- WAF Policies: Protection against common web attacks
- Network Security Groups: Subnet-level firewall rules
- Azure Monitor: Infrastructure and application monitoring
- Application Insights: Application performance monitoring
- Log Analytics: Centralized logging and analytics
This architecture directly addresses the job requirements:
| Job Requirement | Implementation | Demonstration |
|---|---|---|
| .NET | ASP.NET Core Web API on App Service | Modern .NET 8 containerized API |
| Angular | Angular SPA on App Service | Frontend application with CI/CD |
| Azure | Complete Azure cloud infrastructure | Multi-service cloud architecture |
| AEM | Mocked content API service | Headless CMS simulation |
| Akamai | Azure Front Door with WAF | CDN with edge caching and security |
| CI/CD | GitHub Actions + Azure DevOps | Automated infrastructure deployment |
| Networking | VNet, NSGs, Private Endpoints | Enterprise networking patterns |
| Operating Systems | Linux containers and VMs | Container orchestration |
| Cloud Infrastructure | Infrastructure as Code | Terraform modules and automation |
Internet → Front Door WAF → App Gateway → App Services
↓
Private Endpoints
↓
SQL Database + Key Vault
- System-Assigned Managed Identities for all App Services
- Azure AD Authentication for SQL Database
- Key Vault Access Policies for secret management
- RBAC for resource access control
- TLS 1.2+ for all communications
- Private Endpoints for database connectivity
- Transparent Data Encryption for SQL Database
- Storage Account encryption at rest
- Key Vault for secrets management
- App Service Plans with auto-scaling rules
- SQL Database with elastic pools (production)
- Front Door global distribution
- Storage Account geo-replication
- CDN caching for static content
- Application Insights for performance monitoring
- Database indexing and query optimization
- Blob storage tiers for cost optimization
- SQL Database: Automated backups with point-in-time restore
- Storage Account: Geo-redundant storage (GRS) in production
- Key Vault: Soft delete and purge protection
- Infrastructure: Version-controlled Terraform state
- App Services: Multi-instance deployment
- SQL Database: Built-in high availability
- Front Door: Global load balancing
- Storage: Zone-redundant storage options
- Free/Basic tiers for App Services
- Basic SQL Database tier
- LRS storage replication
- Estimated cost: ~$10-20/month
- Standard App Service tiers
- Standard SQL Database with reserved capacity
- GRS storage replication
- Estimated cost: ~$50-100/month
- Purpose: Feature development and testing
- Resources: Cost-optimized tiers
- Access: Open for development team
- Deployment: Automatic on develop branch
- Purpose: Live application serving users
- Resources: Performance and reliability optimized
- Access: Restricted with approval gates
- Deployment: Manual approval required
infra/terraform/
├── main.tf # Root configuration
├── variables.tf # Input variables
├── outputs.tf # Output values
├── backend.tf # Remote state config
├── dev/terraform.tfvars # Dev environment values
├── prod/terraform.tfvars # Prod environment values
└── modules/
├── app_service/ # App Service module
├── sql_database/ # SQL Database module
├── storage_account/ # Storage module
├── key_vault/ # Key Vault module
└── cdn_frontdoor/ # CDN module
- Reusability: Modules can be used across environments
- Consistency: Standardized resource configurations
- Maintainability: Centralized updates and improvements
- Testing: Individual module validation
Code Push → Validation → Security Scan → Plan → Approval → Deploy → Monitor
- Validation: Terraform format, validate, and lint
- Security: Checkov security scanning
- Planning: Generate and review Terraform plans
- Cost Analysis: Infracost estimation
- Deployment: Apply infrastructure changes
- Monitoring: Health checks and notifications
- Application Performance: Response times, error rates
- Infrastructure Health: CPU, memory, disk usage
- Security Events: Failed authentications, suspicious activity
- Cost Tracking: Resource consumption and billing
- Critical: Infrastructure failures, security breaches
- Warning: Performance degradation, capacity thresholds
- Info: Deployment completions, scheduled maintenance
- Container Orchestration: Migrate to Azure Container Apps
- Microservices: Break down monolithic API
- Event-Driven Architecture: Azure Service Bus integration
- Advanced Monitoring: Custom dashboards and alerts
- Multi-Region: Global deployment for disaster recovery
- Serverless Functions: Azure Functions for specific workloads
- API Management: Azure API Management for API governance
- DevOps: Advanced deployment strategies (blue-green, canary)
- AI/ML: Azure Cognitive Services integration
This architecture demonstrates enterprise-grade cloud infrastructure design with modern DevOps practices. It showcases the ability to:
- Design scalable, secure cloud architectures
- Implement Infrastructure as Code best practices
- Create robust CI/CD pipelines
- Apply security and compliance standards
- Optimize for cost and performance
- Plan for disaster recovery and business continuity
The implementation serves as a comprehensive portfolio piece demonstrating readiness for senior cloud infrastructure and DevOps roles.