Overview of the ISO 27001 App Service Environment/SQL Database workload blueprint sample

The ISO 27001 App Service Environment/SQL Database workload blueprint sample provides additional infrastructure to the ISO 27001 Shared Services blueprint sample. This blueprint helps customers deploy cloud-based architectures that offer solutions to scenarios that have accreditation or compliance requirements.

There are two ISO 27001 blueprint samples, this sample and the ISO 27001 Shared Services blueprint sample.

Important

This sample is dependent on infrastructure deployed by the ISO 27001 Shared Services blueprint sample. It must be deployed first.

Architecture

The ISO 27001 App Service Environment/SQL Database workload blueprint sample deploys a platform as a service based web environment. The environment can be used to host multiple web applications, web APIs, and SQL Database instances that follow the ISO 27001 standards. This blueprint sample depends on the ISO 27001 Shared Services blueprint sample.

ISO 27001 ASE/SQL workload blueprint sample design

This environment is composed of several Azure services used to provide a secure, fully monitored, enterprise-ready workload infrastructure based on ISO 27001 standards. This environment is composed of:

  • Role-based access control (RBAC) role named DevOps that has rights to deploy and manage resources in an Azure App Service Environments deployed by the blueprint sample
  • Azure Policies to lock down what services can be deployed to the environment and denying the creation of any public IP address (PIP) resource
  • A virtual network containing a single subnet and peered back to a pre-existing shared services environment and forcing all traffic to pass by the shared services firewall. The virtual network hosts the following resources:
    • An Azure App Service Environments that can be used to host one or more web applications, web APIs, or functions
    • An Azure Key Vault instance using a VNet service endpoint, for storing secrets used by applications running in the workload environment
    • An Azure SQL Database server instance using a VNet service endpoint, for hosting databases used for applications in the workload environment

Next steps

You've reviewed the overview and architecture of the ISO 27001 App Service Environment/SQL Database workload blueprint sample. Next, visit the following articles to learn about the control mapping and how to deploy this sample:

Additional articles about blueprints and how to use them: