To be able to host a large number of web applications, Cloudvanti will need a resilient and secure infrastructure. The infrastructure where Cloudvanti will be hosted will have multiple layers of security and some redundancies to minimize downtime.
CDN with WAF and DDoS Protection
Most of Cloudvanti's infrastructure leverages Microsoft Azure Cloud services, except for the outermost layer, the CDN. Cloudvanti uses Fastly CDN service and is equipped with additional security features. To learn more about the CDN please refer to this link.
Traffics going through the Cloudvanti Azure network will need to go through an Azure Firewall. Azure Firewall is a managed network security service that is provided by Azure. The Azure Firewall will be an additional security layer on top of WAF and DDoS protection that is already included in the CDN and will be managed and configured by Cloudvanti.
Inbound traffic will be filtered to protect your application from potentially malicious requests. The Azure Firewall is also responsible for filtering outbound requests coming from the Cloudvanti application, to prevent them from accessing insecure or even dangerous sites. For more information about the Azure Firewall, please refer to this link.
Azure Load Balancer and The Public LBs
The Public LB's job is to map the domain name to the App Service hostnames that are provided by Azure. These Public LBs will be handling traffics into all applications that are hosted in Cloudvanti, that's why we will have multiple Public LBs.
The Azure Load Balancer's job is to distribute the traffic to the Public LBs.
For security reasons, the application instances inside Cloudvanti would not be able to freely access the internet. Instead, all outbound traffic from these instances will go to the Forward Proxy first.