Alert Plus – Azure Services & Cost Overview

Purpose of This Document

This document provides an overview of the Azure services required to deploy Alert Plus into a customer-managed Azure subscription. It explains what each service does, how Alert Plus processes alerts, and how customers should think about sizing and estimating costs based on:

• Alert volume
• Frequency of data changes
• Size of SharePoint lists and libraries
• Number of tenants and alert destinations

This document is intended for IT administrators, Azure architects, and procurement teams planning an Alert Plus deployment.

High-Level Architecture Overview

Alert Plus is deployed into the customer’s Azure subscription using:

• Azure App Service (Functions)
• Azure Storage
• Azure Key Vault
• Managed Identity and RBAC
• Optional Private Networking components

All services are owned and controlled by the customer. Bamboo does not have access to customer Azure resources or secrets.

Region

• Default: East US
• Customer Choice: Alert Plus can be deployed to any Azure region supported by the customer

Region selection does not impact functionality but may affect latency and Azure pricing.

Compute

Azure App Service Plan

• 1 × App Service Plan
  • Type: Premium v3 (P1v3, Windows)
  • Purpose: Hosts all Alert Plus Function Apps
  • Note: This represents the minimum supported configuration

The App Service Plan hosts three Function Apps:

Function Apps

1. API Function App

• Provides APIs used by Alert Plus SPFx web parts
• Handles:
  • Alert creation
  • Alert updates
  • Alert management

2. Manager Function App

• Acts as the orchestrator for alert processing
• Responsibilities include:
  • Scheduling alert execution
  • Assigning Tenants to Worker Jobs

3. Worker Function App (Primary Scaling Component)

The Worker Function App is the key scaling component in Alert Plus.

• Each Worker Function App supports:
  • Up to 30 Jobs (Shards)
  • Each Job processes 20 alerts per batch

Capacity per Worker App:

• 600 alerts per execution cycle
• Jobs run every 15 minutes

How Alerts Are Processed

1. Worker Job retrieves delta changes from SharePoint
2. Data is loaded and evaluated
3. Alert conditions are processed
4. Notifications are sent (Email today; Teams and other channels in the future)
5. Alert is removed from the queue upon completion

Performance Considerations

Alert execution time can range from seconds to minutes, depending on:

• Frequency of data changes
• Size of lists and libraries
• Complexity of alert conditions
• Number of destinations (email, future Teams, etc.)

If alerts take longer than the 15-minute execution window, queues can overlap, indicating a need to scale compute resources.

Scaling Guidance

Scaling options include:

• Increasing App Service Plan memory and CPU
• Adding additional Worker capacity

Example: Increasing memory to 16 GB typically adds approximately $20/month (refer to Microsoft pricing for confirmation).

Storage

Azure Storage Account

• 1 × Azure Storage Account
  • Type: GPv2
  • Replication: LRS

Storage Services Used

Blob Storage

• Stores alerts during active processing
• Temporary state while alerts are executing

Queue Storage

• Drives alert execution flow
• Multiple queue types:
  • Tenant Queues: Enable multi-tenant processing
  • Worker Queues: Assign alerts to Worker Jobs
  • Email Queue: Handles outbound notification processing

Alerts are removed from queues once processing completes.

Table Storage

• Stores:
  • Alert definitions
  • Alert metadata
  • Processing state

Multi-Tenant Support

For customers with multiple tenants or complex organizational structures:

• Tenant queues provide isolation
• Enables alignment with enterprise architecture and governance requirements

Storage costs are typically low, but may increase with:

• Very large alert volumes
• High-frequency data changes
• Long-running alerts

Security

Azure Key Vault

• Tier: Standard
• Estimated Cost: ~$30/month (refer to Microsoft pricing)

Key Vault stores:

• Client ID
• Client Secret

These credentials allow Alert Plus to securely access SharePoint data.

Managed Identity & RBAC

• No secrets are stored in code
• Worker Jobs use Managed Identity to access Key Vault
• Access is controlled using Azure RBAC
  • Example Role: Key Vault Secrets Officer

Important: Bamboo does not have access to customer secrets or Azure resources.

Networking (Optional but Recommended)

Private Endpoints

• Azure Storage
• Azure Key Vault

Private Endpoints ensure:

• Services are only accessible from within the Azure environment
• No public access, even if endpoints are known

API Management (Optional)

• Can be used to expose APIs securely
• Adds:
  • DDoS protection
  • Rate limiting
  • IP allow/block lists
  • Additional security policies

For customers hosting Alert Plus within their own Azure tenant, API Management and Private Endpoints may not be required but are available to meet stricter security requirements.

Cost Estimation Guidance

Actual Azure costs vary based on usage patterns. Key drivers include:

Primary Cost Drivers

• Number of active alerts
• Alert execution frequency
• Size and change rate of SharePoint data
• Number of Worker Jobs required
• Security and networking requirements

Typical Cost Profile

Customers should consult Microsoft Azure Pricing for exact costs and work with Bamboo to size their deployment appropriately.

Summary

Alert Plus is designed to scale efficiently within a customer’s Azure environment while maintaining strong security and predictable performance. The Worker Function App is the primary scaling lever, with additional flexibility provided through Azure App Service sizing and optional networking controls.

This architecture supports:

• Small teams with modest alert volumes
• Large enterprises with high-frequency, high-volume alerting needs

Bamboo will work with customers during onboarding to validate sizing assumptions and ensure a smooth deployment.