Microsoft Azure
Information related to working with Keyfax within Microsoft Azure.
Keyfax can operate on premise or in the cloud within Microsoft Azure.
This article lists our recommendations and details various aspects to consider when hosting Keyfax within your own Microsoft Azure cloud environment. Operating from an Microsoft Azure platform, Keyfax can provide all the benefits of a hosted solution as well as supporting access to external SQL databases to support intelligent scripting.
Azure Recommendations
For a high availability installation of Keyfax within Azure we would recommend at minimum 2 virtual machines to act as the Keyfax web servers and using a single Azure SQL Database to host the Keyfax database.
Web Server
For the web server sizes we would generally recommend around 1-2 virtual cores and 4 to 8 GB of physical ram. The size chosen for the VMs will largely depend on anticipated concurrent usage of the Keyfax web application. If size is not known or cannot be anticipated, we would generally suggest starting with smaller virtual machines as the size can be increased within the Azure portal later if necessary. Our recommended specs based on typical usage we see are included below.
For the two web servers we would suggest leveraging zoned availability sets and automated fail over via health monitoring and traffic manager to guarantee a 99.95% SLA for the Keyfax web application.
The two virtual machines are intended only for redundancy purposes to provide automated fail-over should a virtual machine not respond and are not intended for real-time load balancing / scalability. The web application would be pinged every 10 seconds for availability. Only 1 failure is tolerated before switching to the secondary web server. Switchover time should be less than 30 seconds.
Recommended specification for each virtual machine…
Size: Standard D2s v3 (2 vcpus, 8 GiB memory)
OS: Windows Server 2019 Datacentre (we would not suggest Window Sever Core)
VM Generation: 2nd / V2
Disk: Premium SSD LRS
Omfax Systems would suggest an additional 128GB data disk for each virtual machine. This data disk would be separate from the virtual machine OS disk. Whilst most Azure virtual machines come with a 128GB OS disk which is typically sufficient space to store the Keyfax web application files using a separate data disk decouples your Keyfax installation from the virtual machine easing underlying future OS upgrades.
Additional web server requirements…
IIS 10 or above + .NET Framework 4.8
Local SMTP Server via IIS 6 Compatibility Tools
Inbound TCP port 80 & 443 should be open for HTTP / HTTPs
Inbound TCP port 57495 should be open for RDP (to specific IP addresses only)
Database
For the Keyfax database we would suggest using an Azure SQL Database as opposed to SQL Server running on virtual machines. We recommend an Azure SQL database to leverage certain availability, redundancy and scalability capabilities offered by the Azure platform and to ensure the Azure platform automatically handles critical servicing tasks, such as patching, backups, Windows and Azure SQL upgrades, and unplanned events such as underlying hardware, software, or network failures.
Azure SQL databases are built upon what Microsoft refer to as the “high availability architecture” which promises a 99.95% availability SLA for all Azure SQL databases. To achieve a similar SLA with virtual machines would require at minimum SQL Server Standard Edition (for always on fail-over support) and 2 or more virtual machines with SQL Server Standard Edition licenses. This can be considerably more expensive due to the SQL Server licensing costs compared to the PaaS model.
We also find Azure SQL auto-scaling can be useful to accommodate for regional spikes in traffic whilst not over provisioning Azure resources.
Recommended specification for Azure SQL database...
Azure SQL Database (managed instances are not necessary)
Size: Standard S0: 10 DTUs - 30GB storage
The example specifications above were adequate for most Keyfax installation as of Aug 2023.
Connectivity & Security
IMPORTANT Omfax Systems would highly recommend taking advantage of Access Control Lists or other provisions within Azure to ensure at minimum RDP access to the application / web server is restricted to a specific IP address or range of IP addresses. Even with IP restrictions in place, strong usernames and passwords must be used whenever SQL Server authentication and remote connections are possible.
If the host database is on premise and Keyfax needs to communicate with this from Azure via SQL Query Databoxes the machine hosting the HMS database(s), along with firewalls would need to allow remote connections from the Keyfax Azure VMs public IP address. The SQL Server database will also need SQL Server authentication enabled for the remote connection.
If the host system is also installed in Azure, - similarly to an on-premise installation a rule would need adding for the VM hosting the HMS database database via the Azure Portal to allow the Keyfax Azure VM to connect to the VM hosting the HMS database. For performance reasons we would recommend placing both the Host VMs and Keyfax VMs in the same Azure region.
Business Continuity & Disaster Recovery
We would suggest using a service such as Azure Site Back to maintain a real-time back-up of your web server virtual machines. Retention policies should be configured on the database to retain both long term and point in time back-ups of your SQL Azure database.
Test Environment
It’s also worth considering how any test installation of Keyfax would be installed alongside production.
For example, would a test installation be installed alongside production on the same virtual machines or would your Keyfax test installation require separate virtual machines. We would generally recommend separate virtual machines to isolate environments however the production web servers could be used for a test installation if separate virtual machines are cost prohibitive. We would obviously suggest a separate Azure SQL Database for your test database.
If separate test web server virtual machines would be required to keep any test installation of Keyfax separate from production the test virtual machines can of course be a lower specification than the production virtual machines.
Standards & Compliance
Whilst Microsoft provide compliance offerings for regulated industries and markets it’s still a requirement to implement the appropriate standards correctly within your own Azure infrastructure. If the geographic location of your data is important for compliance it would be necessary to ensure the correct region is used for your Azure infrastructure.
Last updated
Was this helpful?