Skip to main content
All Projects

DMI Internship

3-Tier Architecture on Microsoft Azure

February 2026
AzureVNetNSGMySQLNginxDevOpsCloud

Reproduced a production-style 3-tier architecture on Azure — Next.js/Nginx on public VMs, Node.js backend on private VMs managed by PM2, and Azure MySQL Flexible Server with High Availability and a read replica, connected through private networking and NSG rules.

Overview

Having deployed the 3-tier architecture on AWS, this assignment reproduced the same production pattern on Microsoft Azure — validating the architectural principles across platforms and building genuine multi-cloud competence. The deployment used Azure-native services throughout, with no reliance on AWS tooling.

Problem

Translating an AWS architecture to Azure is not a simple mapping exercise. Azure's networking model, NSG rule structure, load balancer configuration, and managed database offering each have distinct behaviours. The challenge was to achieve the same security posture and tier isolation using Azure-native patterns.

Architecture

  • Tier 1 — Presentation: Next.js served via Nginx on public Azure VMs, fronted by a Public Load Balancer
  • Tier 2 — Application: Node.js backend on private VMs, managed by PM2 for process persistence and zero-downtime restarts
  • Tier 3 — Data: Azure MySQL Flexible Server with High Availability enabled and a read replica — connected via private subnet with SSL transport enforcement

Technologies Used

  • Microsoft Azure VMs — web and application tier compute
  • Azure MySQL Flexible Server — managed database with HA and read replica
  • Azure Public Load Balancer — traffic distribution across web tier VMs
  • Custom VNet, Private Subnets, NSGs — network isolation
  • Nginx — reverse proxy and web server for Next.js frontend
  • PM2 — Node.js process manager for application tier persistence
  • SSL enforcement — transport encryption on all database connections

Engineering Challenges Resolved

This was not a textbook deployment. Real issues encountered and resolved during the build:

  • JSON configuration errors in Azure VM extensions — diagnosed and corrected by tracing the extension execution logs
  • Nginx port binding conflicts — resolved by identifying the conflicting process and correcting the Nginx site configuration
  • Reverse proxy misconfiguration — corrected upstream address resolution between Nginx and the Node.js API
  • SSL transport enforcement — configured MySQL Flexible Server to require SSL and updated application connection strings accordingly

Resolving real deployment failures is where engineering competence is actually built. This project produced more learning than a clean deployment would have.

Results

Full 3-tier deployment running on Azure with strict private networking, HA database, read replica, and SSL-enforced database connections. NSG rules validated to confirm no direct internet path to the application or database tiers.

Key Learnings

Azure and AWS share the same architectural principles — private subnets, NSG/Security Group rules, managed databases, load balancers — but the implementation details differ enough that hands-on experience with both platforms is genuinely distinct from knowing one. Multi-cloud competence is not theoretical; it is built by deploying the same patterns on different platforms and resolving the differences.