.png)
Enterprise Architecture: Food Delivery Platform on Azure
- Anand Nerurkar
- Apr 21
- 2 min read
Enterprise Architecture: Food Delivery Platform on Azure
1. Business Use Case
Build a scalable, secure, cloud-native food delivery platform with high availability, microservices architecture, and seamless integrations.
2. Key Capabilities
User Management
Restaurant Management
Menu Browsing
Order Placement & Tracking
Delivery Assignment
Payments & Wallet
Customer Support
Notifications
Feedback & Reviews
Fraud Detection & Alerts
3. Microservices
Each capability is implemented as a Spring Boot microservice:
user-service
restaurant-service
menu-service
order-service
delivery-service
payment-service
wallet-service
notification-service
support-service
review-service
fraud-detection-service
reporting-service
auth-service (SSO with Azure AD)
4. Azure Cloud Integration Components
Category | Azure Service | Purpose |
Subscription & Networking | Azure Subscription, VNet, Subnets | Logical boundaries, connectivity |
Security | Azure AD, NSG, Azure Firewall | Identity & access control, network segmentation |
Ingress & Load Balancing | Traffic Manager, Application Gateway (WAF), Istio | Geo-distribution, SSL termination, service mesh |
Compute | AKS (Kubernetes Service), Docker | Container orchestration |
Storage & DB | Azure SQL, Cosmos DB, Blob Storage | Structured/unstructured data |
Messaging & Events | Kafka, Azure Event Hub, Service Bus | Async messaging/event streaming |
API Gateway | Azure API Management (APIM) | Central API exposure & governance |
Monitoring | Azure Monitor, Application Insights, Log Analytics | Logging, metrics, alerting |
CI/CD | Azure DevOps, ACR | Build pipelines, image registry |
Security Extensions | Managed Identity, Key Vault | Secret & credential management |
5. Flow Walkthrough: Food Order
Customer Onboarding
Sign-up via auth-service
SSO using Azure AD B2C
Profile stored in Azure SQL via user-service
Browse Menu
menu-service pulls data from Azure SQL/Cosmos DB
API exposed via APIM
Place Order
order-service calls restaurant-service and inventory-service
Order stored in Azure SQL; Kafka event triggered
Payment Processing
payment-service validates wallet/bank
Secure calls using Managed Identity
Delivery Allocation
delivery-service consumes Kafka event
Allocates rider & updates status
Notifications
notification-service triggers email/SMS via Kafka events
Feedback & Reviews
review-service stores feedback
Exposed via APIM
6. Service Mesh with Istio
Secure service-to-service communication
Traffic shaping, retries, timeouts, mTLS
Ingress Gateway integrated with Azure Application Gateway
7. High-Level Security Setup
Azure AD for SSO & microservices auth
API Management with throttling, quotas, and subscriptions
Istio for mTLS, routing, observability
Application Gateway with WAF for OWASP top 10
Firewall & NSG to isolate and control traffic
SSL configured at load balancer level
Managed Identity + Key Vault for secrets
8. Resilience & HA
Multi-AZ AKS setup
Traffic Manager for global routing
Auto-scaling with AKS
Retry logic + Circuit Breaker at service level
9. Risk Categories & Mitigation
Category | Risk Example | Mitigation |
Business | High demand spikes | Auto-scaling, caching, queuing |
Operational | Delivery delays | Real-time tracking, route optimization |
Environmental | Data center outage | Multi-region AKS & SQL |
Technology | Service failure | Circuit breaker, retries, health checks |
Security | Data breach | mTLS, WAF, Azure AD, token validation |
Compliance | GDPR violations | Encryption at rest/in-transit, PII redaction |
People | Insider threat | Role-based access control, audit logs |
10. Capability → Service → Application Mapping
Capability | Service | Application/API |
Order Placement | order-service | /orders |
Payments | payment-service | /payments |
Notifications | notification-service | /notify |
Fraud Detection | fraud-detection | /fraud-check |
Comments