# resources:diagrams:projects:moe:xtierlink:Home #

<callout type="Navigation" class="small">

* [[../|(UP)]]
{{indexmenu>.#2|nsort tsort}}


</callout>


<panel title="Summary">



</panel>


### VPN ###

* Advantages:
  * More or less existing skillsets
* Considerations:
  * Adds a dependency on a vendor service (Data Factory)
  * Ongoing maintenance can be the consumer's development team.
* Disadvantages:
either breaking changes, or paralysis.
  * Extends the current poor value practice of reaching directly into other systems databases, bypassing system logic, albeit via HTTPS.
  * Introducing unanticipated bugs when data is written directly to databases.
  * Leads to duplication of logic with the consumer system to attempt to mitigate the above risks.
  

<uml>
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt

frame Azure {
  frame "App Services" as XAppServices {
    component "Application Server\n(Consumer)" as XAS
  }
 

frame "Corporate Premise" as LegacyPremise {
  frame "DMZ Network" as DMZ {
    note as N0  #yellow
    not used
    end note
  }
  
  frame "Corporate LAN Network" as LAN {
    database "DB" as PremDb
  }
}

XAS -DOWN(0- PremDb : 1433 over VPN

</uml>














### HAPI + DATA FACTORY

* Advantages:
  * ETL is a well known development pattern.
  * Service is already built.
* Considerations:
  * Requires ongoing Maintenance by a different team than the consumer's development team.
* Disadvantages:
  * May lead to poor optimisation of cross platform traffic, adding data costs
  * Security is minimal, provided by:
    * firewall rules restricting traffic whitelisted Data Factory clients.
    * database service accounts (synced using Azure Connect). 
  * Monitoring is general in nature, rather than system/use specific.
  * RAD development patterns lead to tight coupling by bypassing the creating of DTOs and version API contracts -- leading to either breaking changes, or paralysis.
  * Extends the current poor value practice of reaching directly into other systems databases, bypassing system logic, albeit via HTTPS.
  * Introducing unanticipated bugs when data is written directly to databases.
  * Leads to duplication of logic within DataFactory to attempt to mitigate the above risks.


<uml>
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt

frame "Azure" as Azure {
  frame "X Subscription" as XSubscription {
    frame "App Services" as XAppServices {
      component "Application Server\n(Consumer)" as XAS
    }
  }
  frame "H Subsciption" as HSubscription {
    frame "Storage Services" as HStorageServices {
      component "Storage Account" as HStorageAccount {
        artifact "Container" as HContainer
      }
    }
    frame "App Services" as HAppServices {
      component "Application Server" as HAPI
    }
    frame "Database Services" as HSqlServerServices {
      component "Database Server" as HDBS {
        artifact "Database" as HAzureDB
      }
    }
    frame "Data Factory Services" as DataFactoryServices {
      component "Data Factory" as HDF
    }
    HAPI -RIGHT(0- HContainer: HTTPS
    HAPI -RIGHT(0- HAzureDB : 1433
    HAPI -DOWN(0- HDF : HTTPS
  }
  XAS -DOWN(0- HAPI : HTTPS
}

frame "Corporate Premise" as LegacyPremise {
  frame "DMZ Network" as DMZ {
    component "Proxy Server" as ProxyPresentationServer {
      component "Data Factory\nIntegration Runtime" as IntegrationRuntime
    }
  }
  
  frame "Corporate LAN Network" as LAN {
    database "DB" as PremDb
  }
  IntegrationRuntime -(0- PremDb : 1433\n(firewalled)
}


HDF -(0- IntegrationRuntime : HTTPS\n(firewalled)
</uml>








### HAPI + CUSTOM SERVER

* Advantages:
  * Optimises data usage compared to direct access over VPN.
  * Ensures development quality required to better maintain security is not spread over multiple teams dabling with Data Factory, with varying results.
* Considerations:
  * API Service can be a shared service, or per solution as required.
    * Note: if installed as a modular shared service, Accreditation costs can be optimized.
  * Can integrate with Data Factory if that becomes necessary.
  * Does not require Data Factory to continue functioning.
  * Requires ongoing Maintenance by a different team than the consumer's development team.
* Disadvantages:
  * Requires more development effort than Data Factory development.
  * Requires installation of a Proxy and Service on Prem.

<uml>
!includeurl http://skysigal.com/_media/resources/configuration/plantuml/minimalist.txt

frame "Azure" as Azure {
  frame "X Subscription" as XSubscription {
    frame "App Services" as XAppServices {
      component "Application Server\n(Consumer)" as XAS
    }
  }

  frame "HAPI Subscription" as HSubscription {

    frame "Storage Services" as HStorageServices {
      component "Storage Account" as HStorageAccount {
        artifact "Container" as HContainer
      }
    }
    frame "App Services" as HAppServices {
      component "Application Server" as HAPI
    }
    frame "Database Services" as HSqlServerServices {
      component "Database Server" as HDBS {
        artifact "Database" as HAzureDB
      }
    }
    HAPI -RIGHT(0- HContainer : HTTPS
    HAPI -RIGHT(0- HAzureDB : 1433
  }

  XAS -DOWN(0- HAPI : HTTPS

}


frame "Corporate Premise" as LegacyPremise {
  frame "DMZ Network" as DMZ {
    component "Proxy Server" as ProxyPresentationServer
  }
  
  frame "Corporate LAN Network" as LAN {
    component "Application Server" as AppServer
    database "DB" as PremDb
  }
  ProxyPresentationServer -DOWN(0- AppServer : HTTPS\n(firewalled)
  AppServer -RIGHT- PremDb : 1433
}


HAPI -(0- ProxyPresentationServer : HTTPS\n(firewalled)
</uml>