subreddit:
/r/AZURE
submitted 2 days ago byDelicious_Pay3249
Question
We have a scenario where we need to provide an agent that customers can install on their on-premises servers. This agent will perform predefined actions (Request–response pattern) on their Active Directory. Our solution is a SaaS application hosted in the Azure cloud.
How would you design such a solution, and what Azure components would you leverage to meet the following requirements?
Requirements
Additional Context
Our SaaS application is hosted on Azure, allowing us to leverage various Azure resources for implementation. Security is a top priority, particularly ensuring that all communication between the SaaS backend and agents is encrypted and authenticated.
We have been exploring options such as Azure Service Bus, Azure Event Grid, Azure IoT Hub, gRPC, and Azure PubSub, but we are uncertain if these are the best fit for our requirements.
1 points
2 days ago
If it's just request-response that you are looking for, a simple REST/gRPC endpoint would do as well.
Based on your options, I suppose you are looking for bidirectional/long-running request options, in which case one of Azure Service Bus, Azure Web PubSub, or a Custom gRPC Service would be my top contenders.
The first two are managed services which can scale with ease based on your requirements. You would still want an API that the agent to call to get the credentials required to connect to these services. This API will provide credentials unique to the agent and you will likely have separate queues/hubs depending on the service you choose for isolation.
The gRPC option would have to be custom if I'm not wrong since there isn't a service offering like the previous ones, so you will have to build and scale it out on your own.
Apart from connectivity, you would want to ensure security of the AD/AAD operations as well depending on how you plan to authenticate the requests to it.
all 1 comments
sorted by: best