SEB Azure West Malaysia
About This Architecture
Azure West Malaysia region hosts a secure three-tier architecture with network segmentation across DMZ and private subnets. CSV files in Azure File Storage flow through Private Link to a Standard_D2s_v3 Data Collector VM, which feeds a Standard_D4s_v3 MS SQL Server VM that processes data into Azure SQL Database. Internet users access the web tier through Application Gateway with WAF Policy protecting a Standard_D2s_v3 Web Server VM in the DMZ subnet, while both data and database VMs retrieve secrets from Key Vault. This architecture demonstrates defense-in-depth with NSG-protected subnets, private endpoints for storage access, centralized secret management, and WAF protection for public-facing workloads. Fork this diagram on Diagrams.so to customize VM SKUs, add Azure Bastion for secure management access, or integrate Azure Monitor and Log Analytics Workspace for comprehensive observability.
People also ask
How do I design a secure three-tier architecture in Azure West Malaysia region with Private Link and WAF protection?
Deploy a three-tier architecture in Azure West Malaysia using Private Link for secure File Storage access to Data Collector VMs, NSG-protected subnets for network segmentation, Application Gateway with WAF Policy for internet-facing web tier protection, and Key Vault for centralized secrets management across data and database VMs.
- Domain:
- Cloud Azure
- Audience:
- Azure solutions architects designing secure multi-tier applications in Southeast Asia regions
Generated by Diagrams.so — AI architecture diagram generator with native Draw.io output. Fork this diagram, remix it, or download as .drawio, PNG, or SVG.
