SEB Azure West Malaysia

azure · architecture diagram.

Diagrams.so

About This Architecture

Azure West Malaysia region hosts a secure three-tier architecture with network segmentation across DMZ and private subnets. CSV files in Azure File Storage flow through Private Link to a Standard_D2s_v3 Data Collector VM, which feeds a Standard_D4s_v3 MS SQL Server VM that processes data into Azure SQL Database. Internet users access the web tier through Application Gateway with WAF Policy protecting a Standard_D2s_v3 Web Server VM in the DMZ subnet, while both data and database VMs retrieve secrets from Key Vault. This architecture demonstrates defense-in-depth with NSG-protected subnets, private endpoints for storage access, centralized secret management, and WAF protection for public-facing workloads. Fork this diagram on Diagrams.so to customize VM SKUs, add Azure Bastion for secure management access, or integrate Azure Monitor and Log Analytics Workspace for comprehensive observability.

People also ask

How do I design a secure three-tier architecture in Azure West Malaysia region with Private Link and WAF protection?

Deploy a three-tier architecture in Azure West Malaysia using Private Link for secure File Storage access to Data Collector VMs, NSG-protected subnets for network segmentation, Application Gateway with WAF Policy for internet-facing web tier protection, and Key Vault for centralized secrets management across data and database VMs.

SEB Azure West Malaysia

Azureadvancedthree-tier-architecturenetwork-securityprivate-linkapplication-gatewaykey-vault
Domain: Cloud AzureAudience: Azure solutions architects designing secure multi-tier applications in Southeast Asia regions
0 views0 favoritesPublic

Created by

February 26, 2026

Updated

March 2, 2026 at 11:26 PM

Type

architecture

Need a custom architecture diagram?

Describe your architecture in plain English and get a production-ready Draw.io diagram in seconds. Works for AWS, Azure, GCP, Kubernetes, and more.

Generate with AI