Monitoring Hosts and Domains for RBL Listing Using Azure - Part 2: Deployment

In the previous post of the series (here), we went through the design of a solution to help monitor host and domain listing in RBLs. In this article, we'll go through the process of deploying and configuring the required resources on Azure.

To deploy the solution to your Azure subscription, you have to perform two tasks:

  • Deploy the Azure resources, that is the Storage Account and a Function App
  • Deploy the Azure Function App application code
To deploy the Azure resources, you have to submit an ARM deployment task using the ARM template file saved in the repository (here). There are two ways to create a deployment using this file:

Deploy to Azure button 
The main repository page contains a button that opens the Azure portal and prompts for parameters for the deployment:

Leaving the default values will result in a deployment in the same location as the resource group and randomized resource names.

ARM File Deployment
The other way to deploy an ARM file is to use the Azure Powershell/Bash utilities. Executing the Powershell command: 
1
2
3
New-AzResourceGroupDeployment -Name "<YourDeploymentName>" `
                              -ResourceGroupName "<YourResourceGroupName>" `
                              -TemplateFile .\azuredeploy.json
from the root of the working copy, will have the same result as the portal deployment.

When the deployment is complete, the below resources should appear in the resource group you selected:

The ARM template will not only create the storage account used for saving the hosts, domains and rbls, but the respective tables as well:

The Function App will also be created and its configuration set:

there won't be any functions in it, since this cannot be achieved through ARM 


Moving on to the second part of the deployment, the Function App code, you have to publish it via Visual Studio. Open the solution, right click the project and select "Publish". This will open a new window where you have to select the function app and a number of settings just like below:
play
Following the successful deployment of the Azure resources and the FunctionApp code, there are a few configuration settings you might want to apply:

Inbound Access
You should restrict inbound access to the function app from its "Networking" blade. This will prevent others from accessing your function that by default is accessible from all networks, including the internet.

Function Keys
The most common way to authenticate against a function app is to provide a function key. You should add multiple function keys in order to grant access to different persons and systems so that you minimize the impact when revoking one of them. You can create host-level keys that allow access to all functions in the app (for administrators) or function-level keys that allow access to a specific function (for a system that just needs access to one function).

Deployment Slots
Function deployment slots will allow you to test any changes you make to the code on Azure, prior to deployment to production, in order to identify any potential issues.

DevOps
You can configure an Azure DevOps pipeline that will automatically deploy the newest codebase to your Function App, whether on a testing slot or directly on production.

Previous Articles
    Part 2 - Deployment

Popular posts from this blog

Domain Controller Machine Password Reset

Managing Active Directory User Certificates using PowerShell

Configuring a Certificate on Exchange Receive Connector