Data Sources

Data sources available for use by the ICS community

Platforms

ICS supported platforms.

Teams

ICS Teams


Menu Button Menu Button

Resource Group: i2-redcap-prod-rg

Overview

The i2-redcap-prod-rg resource group is designed to support the infrastructure for i2 REDCap, a web application for data collection. This environment contains various resources for application hosting, database management, networking, monitoring, and security, combining to create a robust platform for hosting and managing applications.

Resources

  1. Certificate Orders

    • Type: Microsoft.CertificateRegistration/certificateOrders
    • Name: i2-redcap-prod-cert
    • Properties: This resource represents an SSL certificate order for the domain redcap.wustl.edu, with auto-renewal enabled. The certificate is stored in Azure Key Vault.
    • Related Resources:
      • SSL Certificate (dependent on this resource).

  2. SSH Public Keys

    • Type: Microsoft.Compute/sshPublicKeys
    • Name: i2-redcap-prod-mysql-vm_key
    • Properties: Contains the SSH public key for remote access to the MySQL virtual machine.
    • Relationship: Used in the Virtual Machine configuration.

  3. Flexible Servers

    • Type: Microsoft.DBforMySQL/flexibleServers
    • Name:
      • i2-redcap-prod-mysql-flex
      • i2-redcap-prod-v8-flex
      • redcapv7-prod-restore-backup-host
    • Properties: Configured for MySQL databases with backup options, high availability, and private network settings.
    • Relationships:
      • Private Endpoint: Secured connection to the MySQL databases.
      • Private DNS Zone: Ensures private connectivity for the MySQL database.

  4. Action Groups

    • Type: microsoft.insights/actionGroups
    • Names:
      • i2-redcap-prod-email-admins-ag
      • i2-redcap-prod-vm-low-mem-alert
      • ics-rdc-dba
    • Properties: Configured to send alerts via email for various conditions, such as low memory on VMs or administrative actions on MySQL databases.
    • Relationships: Trigger actions based on monitor metrics.

  5. Application Gateway

    • Type: Microsoft.Network/applicationGateways
    • Name: i2-redcap-prod-gateway
    • Properties: Manages web traffic and provides SSL termination with IP configurations for backend services.
    • Related Resources:
      • Public IP: Directs incoming traffic to the Application Gateway.
      • Backend Address Pool: Connects to the web VM's internal IP address.

  6. Virtual Machines

    • Type: Microsoft.Compute/virtualMachines
    • Name: i2-redcap-prod-web-vm-01
    • Properties: Configured with diagnostics enabled and using managed identities.
    • Relationships:
      • Network Interface: Static private IP assigned (10.24.96.150).
      • SSH Keys: Used for secure access through SSH.

  7. Storage Account

    • Type: Microsoft.Storage/storageAccounts
    • Name: i2redcapprodstorage
    • Properties: Standard redundancy, public access allowed, and configured for data encryption.
    • Relationships: Data is stored in various containers for logs, application data, and backups.

  8. Route Tables

    • Type: Microsoft.Network/routeTables
    • Name: i2-redcap-prod-route-table
    • Properties: Specifies routes for outgoing traffic to defined IP address ranges.
    • Related Resources: Connects resources to the internet or VM gateway.

  9. Public IP Address

    • Type: Microsoft.Network/publicIPAddresses
    • Name: i2-redcap-prod-ip
    • Properties: Static public IP (20.37.135.137) with a DNS label for accessing the resources externally.

Data Storage

The primary storage would be the Storage Account (i2redcapprodstorage), which houses multiple containers for different data purposes, such as:

  • Logs: For application logs, operational logs, and insights logs.
  • File Shares: SMB file share available for the MySQL VM and the web application.
  • Database Information: The flexibleServers are essentially housing the MySQL databases used in the REDCap applications.

Data from the MySQL databases can be backed up in the storage account, providing a failsafe against data loss.

Networking

The Networking setup is critical for secure and efficient communication:

  • Virtual Network: Utilizes managed Private DNS zones to ensure that database endpoints are accessible privately.
  • Private Endpoints: For MySQL, allows secure communication without exposing databases to the public internet.
  • Subnets: Defined for resources to segregate traffic efficiently.
  • IP Addresses:
    • Web VM: Private IP 10.24.96.150.

Security Overview

Security mechanisms are well established within the resource group:

  • SSL Certificates: Secure connections to the application.
  • Key Vaults: Store secrets and certificates to tightly control access.
  • Private Endpoints: Minimize exposure of databases by preventing public internet access, thus enhancing security.
  • Network Security Groups: Can be configured for each resource to limit inbound and outbound traffic.

Recommendations for Mitigating Security Risks:

  • Regularly rotate keys and certificates in the Key Vault.
  • Monitor network traffic and enable security policies to minimize exposure to potential attacks.
  • Utilize Bastion Host or VPN access for admin access rather than opening SSH ports publicly.

Other Information

The infrastructure is built to scale as needed, with the Application Gateway configured for autoscaling, ensuring requests can be handled efficiently. Costs can be optimized further based on utilization patterns and appropriate monitoring practices.

This resource group configuration lays a solid foundation for future expansions or additional services, ensuring scalability, security, and manageability are kept in high regard.

Table of Contents

Updated on October 23, 2024