Data Sources

Data sources available for use by the ICS community

Platforms

ICS supported platforms.

Teams

ICS Teams


Menu Button Menu Button

Resource Group: i2-redcap-dev-rg

Overview

The i2-redcap-dev-rg resource group is designed to support various applications and services related to the REDCap data management platform. This group includes a comprehensive architecture featuring application gateways, virtual machines, MySQL flexible servers, and managed identities. The deployed resources work cohesively to provide reliable, scalable, and secure access to REDCap’s functionalities for development purposes.

Resources

1. Application Gateway

  • Type: Microsoft.Network/applicationGateways
  • Name: i2-redcap-dev-gateway
  • Purpose: Manages incoming traffic and routes requests to different backend services. This includes:
    • Backend Address Pools: Routes traffic to various services, including a virtual machine and web applications.
    • Frontend Configuration: Uses public IP addresses for external access.
    • Listeners and Routing Rules: Configured to direct traffic based on defined paths to specific backend resources.
  • Important Configurations:
    • Public IP Address: 20.98.177.108
    • Private Link: Subnets for better security and connection to the backend resources.

2. Flexible MySQL Server

  • Type: Microsoft.DBforMySQL/flexibleServers
  • Names:
    • i2-redcap-dev-flex-mysql
    • i2-redcap-dev-flex-mysql-02
    • i2-redcap-dev-v8-flex
  • Purpose: Provides relational database capabilities to support the REDCap application.
  • Important Configurations:
    • Administrator Login: i2admin
    • Backup Configuration: Retains backups every 24 hours for 30 days.
    • Networking: Public network access disabled, utilizing a private DNS zone to connect securely to the application.

3. Virtual Machine

  • Type: Microsoft.Compute/virtualMachines
  • Name: i2-redcap-dev-web-vm-01
  • Purpose: Hosts services for the application.
  • Important Configurations:
    • IP Configuration: Private IP Address 10.24.96.149.
    • Network Interface: Attached to i2-redcap-dev-web-vm-01.
    • OS Profile: Linux-based VM with SSH public authentication enabled while disabling password authentication for enhanced security.

4. Storage Account

  • Type: Microsoft.Storage/storageAccounts
  • Name: i2redcapdevstorage
  • Purpose: Stores application data, logs, and files needed for running REDCap and associated services.
  • Important Configurations:
    • Blob Public Access: Enabled for public blob access.
    • Encryption: Microsoft-managed key encryption for data protection.

5. User Assigned Identities

  • Type: Microsoft.ManagedIdentity/userAssignedIdentities
  • Names:
    • i2-redcap-dev-appgw-identity
    • i2-redcap-dev-mysql-flex-ident
  • Purpose: These managed identities are employed to securely access Azure resources without needing any credentials hard-coded into the applications.

Data Storage

Storage Overview

Data is primarily stored in the storage account i2redcapdevstorage, which hosts blobs, files, and queues needed for application operations. The MySQL flexible servers store relational data critical to REDCap functionalities. The databases created include important collections such as:

  • customer_service
  • information_schema
  • mysql
  • performance_schema
  • redcap_appd87m1

These databases enable efficient data retrieval and management for the applications.

Networking

Virtual Network Configuration

  • Virtual Network: Resources utilize the virtual network i2-redcap-main-vnet.
  • Subnets:
    • Subnets defined for services such as mysql-flex and appsvc.
    • Private endpoints (like i2-redcap-dev-mysql-endpoint) are connected to these subnets for secure communication.
  • IP Addresses:
    • Public IPs:
      • Primary Public IP 20.98.177.108
      • Reserved IPs for Application Gateway: 13.86.91.232, 52.238.248.112, and monitoring 52.176.154.40.
    • Private IP: 10.24.96.149 for internal communication to the VM.

Virtual Network Peerings

The architecture allows components to communicate efficiently over the same network while ensuring isolation and security.

Security Overview

Security Measures

  • Managed Identities: Protect sensitive information by avoiding hard-coded secrets.
  • Network Security Groups (NSGs): Defined rules for inbound and outbound traffic, such as AllowAnyHTTPSInbound for HTTPS traffic.
  • Private Link Configuration: Ensures that MySQL servers only connect through the Azure backbone network without exposing the database to the public internet.

Recommendations

  • Regularly review public IP allocation and configurations to avoid unnecessary exposure.
  • Implement advanced threat protection for databases.
  • Ensure logs and monitoring are set up for anomaly detection.

Other Information

Cost Management

  • Use Azure Cost Management tools to monitor resource usage and optimize costs, especially focusing on the instances of VMs and storage accounts in general.

Scalability

  • Auto-scaling is configured at the VMSS level, though currently disabled. Consider enabling this for better responsiveness to load changes.

Unique Configurations

  • The design employs advanced features of Azure services to provide redundancy and protect against data loss. Utilizing flexible MySQL deployment can help optimize for performance and cost effectiveness.

This documentation serves as a comprehensive understanding of the resources in the i2-redcap-dev-rg resource group, facilitating quick orientation and efficient management.

Table of Contents

Updated on October 23, 2024