Don t DoS the Proxy
Brian T. Jackett Sr. Premier Field Engineer Microsoft
Sr. Premier Field Engineer at Microsoft Office 365 Dev / Admin, Azure Dev Stir Trek Conference Organizer Blog: www.briantjackett.com Twitter: @BrianTJackett Email: Brian.Jackett@Microsoft.com
Azure Functions Design Considerations Authentication Security Concerns Durable Functions Tips and Tricks
-Jeff Atwood https://blog.codinghorror.com/the-best-code-is-no-code-at-all/
SharePoint on-prem server farm Proposed hosting for autonomic tasks Microsoft Azure <N> Web Front End servers Custom applications run on these servers Serverless no servers to care and feed, patch, etc. <N> Application servers X Proxy Office 365 No servers to host custom applications, server side code not allowed Cloud to cloud communication Azure Serverless (Functions) Storage queue Azure Key Vault <N> Database servers Current State Log Analytics Future State
Serverless Compute Run code without managing infrastructure or platform Supported languages Experimental languages
Triggers HTTP Queue Blob Webhook Timer Bindings HTTP Queue Blob Webhook Twilio
Two styles of functions Pre-compiled (ex. Visual Studio) Uncompiled (ex. VS Code or Azure Portal) Components Trigger event starts the function Input binding additional input at start Output binding where to send output
Consumption Pay per use Auto resource allocation Max timeout 10 minutes (default 5) Dedicated Pay monthly = App Service Plan No warm up (Always On setting) Flexible resource allocation Run > 10 minutes
Portal Visual Studio Authentication + Security Super Special Demo
https://aka.ms/btjafdemo
Azure Functions Design Considerations Authentication Security Concerns Durable Functions Tips and Tricks
Local development = same functions runtime Visual Studio 2017 version 15.5 -or- Azure Functions Core Tools Storage Azure Storage Explorer
Event driven programming
Don t re-invent the wheel https://docs.microsoft.com/en-us/azure/architecture/patterns/
A different style of thinking Design code to run as fast as possible with smallest footprint
Efficiency
Separate configuration from code Stored encrypted Readable in plaintext in Azure Portal though Language Syntax C# %NameOfVariable% PowerShell $Env:NameOfVariable
Portal Visual Studio Authentication + Security Super Special Demo
Azure Functions Design Considerations Authentication Security Concerns Durable Functions Tips and Tricks
What are you connecting to? SharePoint Online MS Graph Azure Storage How are you storing credentials? App Settings Azure Key Vault
Connect to data source (ex. SharePoint Online)?
App Service Managed Service Identity (MSI)
App Service App Settings Azure Key Vault
Azure Functions Design Considerations Authentication Security Concerns Durable Functions Tips and Tricks
Azure Services with Public Endpoints App service (function) Storage Secure these properly!
App Service (function) Configure authentication Disable anonymous access
App Service (function) Disable the default homepage App Setting AzureWebJobsDisableHomepage = True
Access keys = keys to the kingdom Read / write to entire storage account Rotate regularly Store securely Caution with who has access to keys
Shared Access Signature (SAS) token Use SAS tokens when possible Scoped to Account or Container Time bound Allowed Permissions Allowed IPs
Portal Visual Studio Authentication + Security Super Special Demo
Azure Functions Design Considerations Authentication Security Concerns Durable Functions Tips and Tricks
Stateful functions
Function Chaining Fan-out / fan-in Human interaction
Portal Visual Studio Authentication + Security Super Special Demo
Portal Visual Studio Authentication + Security Super Special Demo
Automatically apply retention labels in SharePoint Online
Azure Functions Design Considerations Authentication Security Concerns Durable Functions Tips and Tricks
Azure Storage Explorer to see data in storage If using app service plan, enable Always On setting Functions running locally = no money spent Freebies per month
Brian.Jackett@microsoft.com http://aka.ms/azureicons