Week 11 Part V · Integration and AI-Enabled Systems

Azure Cloud Services and Enterprise Integration

Instructor lesson plan: lecture (2 h) and practice (2 h).

Learning objectives

Map an enterprise .NET application onto Azure services without hiding architecture decisions inside deployment details.
Choose between Azure App Service, Azure SQL, Storage, Key Vault, Entra ID, Managed Identity, Service Bus, Functions, and Application Insights.
Design cloud integration boundaries for configuration, secrets, identity, messaging, background workflows, telemetry, and failure handling.

Tools this week

Azure App ServiceAzure SQLKey VaultManaged IdentityService BusAzure FunctionsApplication Insights

🎓Lecture · 2 hours

0:00-0:15	15 min	Cloud as architecture, not just hostingHow cloud choices affect security, data, reliability, cost, observability, and coupling.
0:15-0:40	25 min	Core Azure map for .NET apps App Service for web/API hosting. Azure SQL for relational persistence. Storage for blobs, files, queues, and durable artifacts. Application Insights for telemetry and operational evidence.
0:40-1:05	25 min	Identity and secrets Entra ID for identity and enterprise authentication. Managed Identity to avoid application secrets. Key Vault for secrets, certificates, and connection material.
1:05-1:15	10 min	Break
1:15-1:40	25 min	Messaging and background work Service Bus for commands, events, retries, dead-letter queues, and decoupling. Azure Functions for event-driven workflows. Hosted services for app-owned background processes.
1:40-2:00	20 min	Enterprise integration designDraw the deployment and integration view: users, API, database, identity, secrets, queues, functions, telemetry, and external APIs.

Common misconception to confront.

Students often think: Azure deployment is an operations topic outside software design.
Set it straight: cloud services shape the application's boundaries, identity model, failure modes, cost, and security posture.

Check for understanding

Why use Managed Identity with Key Vault?

The application can access secrets or resources without storing long-lived credentials in configuration files or source code.

When is Service Bus a better fit than a direct HTTP call?

When work can be asynchronous, needs retry or dead-letter handling, or should be decoupled from the caller's request latency.

Key takeaways.

Azure choices are architecture decisions.
Identity, secrets, messaging, data, and telemetry need explicit boundaries.
A strong .NET course should teach how enterprise applications integrate with cloud services, not only how controllers call services.

📚Reading & resources

Video: Azure Functions for .NET developers Microsoft Learn session on scalable event-driven serverless applications in .NET.
Azure App Service documentation Hosting model for web apps and APIs.
Azure Key Vault overview Secrets, keys, certificates, and managed access.
Azure Service Bus overview Enterprise messaging, queues, topics, and decoupled workflows.

💻Practice · 2 hours

0:00-0:20	20 min	Azure service mapTeams draw the Azure view of their application: API, database, identity, secrets, storage, messaging, functions, telemetry.
0:20-0:45	25 min	Configuration and secrets boundaryReplace hardcoded settings with options classes and identify what would move to Key Vault.
0:45-1:05	20 min	Identity and authorization boundaryIdentify where Entra ID, app roles, claims, and Managed Identity would appear in the design.
1:05-1:15	10 min	Break
1:15-1:45	30 min	Messaging or Functions designChoose one workflow that should be asynchronous and sketch Service Bus, Azure Functions, or hosted-service handling.
1:45-2:00	15 min	Project-integration briefSubmit an Azure deployment and integration diagram plus one ADR explaining the cloud-service choices.

Project integration (this week)

Create an Azure deployment and integration view for the project.
Document configuration, secrets, identity, data, messaging, and telemetry choices.
Add one ADR justifying the selected Azure services and rejected alternatives.