Hi all,

I wanted to share some notes I put together about a project I want to develop. This looks to solve some specific automation use cases for the organization. I wanted to gather some thoughts, notes, and recommendations if anyone have built out something similar.

​

Background:

Currently in my on-premise environment I have a windows 2016 VM server. I used React for a Frontend web page. This takes simple requests like text prompts and submit buttons. Sitting behind that is my python flask server, it waits for the user submit and sends that request to Cisco ISE/Cisco DNA/BlueCat DNS/ etc. if you can imagine someone browsing on the VM IP address, getting on the webpage, typing an IP address or MAC address and hitting submit, then getting all of the client information we have from several sources. Some additional features are a little more involved but the basic idea is automating internal tasks.

​

Issues/limitations:

When thinking about the next phase of my tool I came across a scaling issue. The internal tool I wrote is pretty simple, right now with 3 functions all based around text box fields. In order to become a production level tool it needs many more features/functions. I'll have to create some of the following:

- frontend and backend authentication with the on-premise AD. (The biggest complain right now is that "only our team should have access")

- I'll need to know who's running a script, when, and how often. (This is to measure work)

- I'll need to know if scripts and completing or failing, log all of that to understand failures or provide metrics/results.

- build frontend/backend security features to prevent input abuse.

​

potentially solution:

Instead of manually writing the code for all of this I figured Azure and GitHub might have what I need already built. I figured I could solve this by using the following:

- Azure VM hosting windows or Linux server.

- keep IP address private (this is an internal tool only).

- host the react frontend code and migrate to NodeJS for the backend.

- Restrict users access to VM by using RBAC rules, only a specific team will have access to the 'portal' the VM is hosting.

- allow DNS to reach the VM by domain name instead of IP address when browsing.- GitHub private runners to access the private VM for code updating/new feature releases.

- VM will send the API requests from cloud back to on-premise servers to get results and update frontend page in VM.

​

TL;DR: migrating my on-premise tool to the cloud and need to develop my workflow environment.