Back

Our Experience with Azure - Part 2 of 2

Azure Part Two
Written by
Brad Hunt

In an earlier article, we provided a brief introduction to using Azure to build web sites. In this post, we want to give some real-world examples of how and why our clients used Azure to meet a specific business objective. At Smooth Fusion, the majority of our projects are web applications, so we will primarily focus on how Azure meets the business needs of web sites.

Three common problems we have solved through the use of Azure are:

  • Compliance

  • Scalability

  • Identity Management

Compliance

Smooth Fusion does quite a bit of work for a major insurance company. On many of our projects, we collect credit card data and in some cases health care related information. A key advantage of Azure is that it can help us and our end clients meet regulatory requirements for Payment Card Industry (PCI) compliance and Health Insurance Portability and Accountability Act (HIPAA) compliance.

PCI Compliance

When working to achieve PCI compliance there are two factors to consider:

  1. The application that actually collects, stores, processes and transmits the credit card data must be compliant.

  2. The servers, network and other infrastructure in which the application operates must be compliant.

The application itself is covered under the Payment Application Data Security Standard (PA-DSS). This separate standard is applied to the actual applications and has to do with the way the application was coded. Using Azure does not inherently make an application PA-DSS compliant.

The infrastructure in which the application operates is covered under a separate standard known as the PCI Data Security Standard (PCI DSS). It is with this specific PCI DSS standard that hosting in Azure can be helpful. PCI DSS applies to all components in the infrastructure that could store, transmit or process cardholder data including: firewalls, virtualization software and virtual machines, switches, routers, security appliances, web servers, database servers or any other component that could access cardholder data.

Azure is Level 1 compliant under this PCI DSS standard, which has been independently verified by a Qualified Security Assessor (QSA) 1. What this means in practice, is that when you host in Azure, you don’t need to worry about the networking or infrastructure components that Azure controls. You still, of course, need to ensure the application itself is secure, and that you meet all the requirements of the PCI DSS standard that don’t have to do with infrastructure, such as having an information security program in place.

The PCI standards documents can be found on the Security Standards Council web site. You can also download the Azure PCI Attestation of Compliance and the Azure Customer PCI Guide from Microsoft.

HIPAA Compliance

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires that companies follow certain guidelines when collecting electronic protected health information. Similar to PCI compliance, with HIPAA the network infrastructure must follow specific security and privacy guidelines and service providers must supply written agreements indicating they do so. This written agreement is called a HIPAA Business Associate Agreement (BAA) which Microsoft will provide its Azure customers as part of a contract addendum2. For those customers interested in implementing a HIPAA compliant solution on Azure, Microsoft has provided an Azure HIPAA Implementation Guide.

The Microsoft Azure Trust Center offers additional important information about the security, privacy and compliance features of Azure.

Scalability

A key reason we have used Azure for our clients has been for the scalability it offers. Two examples of projects we have completed that required scalability were a reward program for a regional bank and a web site crawler project.

Reward Program

One of our clients is a regional bank with locations in Texas and New Mexico. Each year, the bank holds a community wide initiative in which they donate a total of $50,000 to ten local charities. The recipients of the money are determined by public voting. As you can imagine, the charities are motivated to spread the word and ask their supporters to vote. When the bank first started this program a number of years ago, they underestimated the amount of web site traffic the voting would generate. The site crashed and they had to add additional capacity. We recently took over the web site and rebuilt it from the ground up. Part of this rebuild was to build the site on Azure. When we implemented a new voting site this year, we were prepared. Initially the site was setup to run two load balanced servers, but we also used the auto scaling feature of Azure Cloud Services. With auto scaling, with a few simple clicks, you can set the conditions under which Azure will automatically spin up new servers and then remove them when they are not needed.

In Figure 1 below, you can see that we set up auto scaling to automatically add one new server at a time when the two servers we had in production got to 60 to 80 percent CPU utilization. We set a max value of four servers and configured Azure to add and remove one at a time after a certain period of time.

Scaling

 

Figure 1: The auto scaling properties screen.

The whole process took less than two minutes to configure, and required no coding changes in our application since we already were set up to take advantage of load balancing. The web site has performed really well through the course of the voting with no downtime or server problems.

Web Site Crawler

For another project, our client had a need to index content across a large number of web sites. In this case, we were looking for specific key words that might be found on these web sites. So we used Azure to first create the web crawler that would look at each desired web site and record all the site content up to 1000 pages and three levels deep. A second step was to then analyze this data to look for specific words. As you can imagine this meant parsing through a huge set of data. To accomplish this task, we actually used 50 servers all running in parallel to parse the data. Each server ran a process that would pull results from a common database and then analyze the data. Using multiple servers allowed us to reduce the overall run time down from several weeks to a few days.

Identity management

Another reason we have used Azure for our projects is to meet identity management needs. Identity management basically means how we keep up with users, their accounts and their access to a site. Azure provides many ways to integrate user access into a site, including:

  • –Active Directory – you can extend your on-premise Active Directory accounts to the cloud to allow for single sign on to web applications hosted in Azure.

  • –Multi-factor authenticationusing Azure you can add a second layer to your logins such as a phone call, text message or app notification.

  • –Access Control Service (ACS)you can allow your users to log in with existing Facebook, Google or Yahoo! accounts.

For one of our recent projects, we worked with our client to create a software coding game that is targeted at students. Part of the concept of the game is that users can log in to create an account so that they can track their progress and play the game over a period of time. The application keeps up with users’ progress and scores as they advance through the levels. Since the target audience for this application is high school and college students, it is very likely that they already have accounts on Google or Facebook. Instead of asking these users to create a new account in our system, we integrated the Access Control Service3 described above. Not only did this allow students to use existing login credentials, it allowed us to not have to code an authentication layer into our application. We ask the users how they want to log in, and then send the users off to the ACS service, which in turn communicates with the APIs of various platforms and handles the authentication for us. Then we receive a token back to our system to uniquely identify the user. If users need to manage their credentials, they do so in the original systems, thus allowing us to not worry about things like password resets.

References

  1. http://azure.microsoft.com/en-us/support/trust-center/compliance/

  2. http://azure.microsoft.com/en-us/support/trust-center/compliance/

  3. http://msdn.microsoft.com/library/hh147631.aspx

Smooth Fusion is custom web and mobile development company and leading Progress Sitefinity CMS Partner. We create functional, usable, secure, and elegant software while striving to make the process painless for our customers. We offer a set of core services that we’ve adapted and refined for more than 250 clients over our 17 years in business. We’ve completed more than 1700 projects across dozens of industries. To talk to us about your project or review our portfolio, send us a message and one of our project managers will reach out to you quickly.

 

Recent Posts

Have A Project In Mind?

          

Let's Get Started