Web hosting is the most inconspicuous of our disciplines – and the one that's noticed most when it's missing. Since recently, the entire CARECOM family runs on Microsoft Azure. We've been a Microsoft partner for decades; the move was less a leap than a home game. An open look at why we host this way – and what it means for reliability, security and scalability.
Reliability: updates you don't notice
A new version doesn't simply go „live" with us. It is first deployed to a separate pre-production area (a staging slot), warmed up and checked automatically – and only swapped into live operation once it reports itself healthy via a health check. If it doesn't, the old version stays put. Every release is „all or nothing": the package is mounted as an immutable whole and runs read-only. The result is exactly what good operations should be: ideally, you don't notice an update at all.
Security: passwordless, on a private network
Encryption (HTTPS) goes without saying – what's more interesting is what happens beneath it:
- Passwordless. Our applications authenticate to the database, storage and key vault with an Azure-managed identity (managed identity). There are simply no database passwords left in configuration files – what doesn't exist can't be lost.
- Database on a private network. For the database we use Azure's managed PostgreSQL service (Azure Database for PostgreSQL) – not reachable from the public internet at all; the apps talk to it solely over a private Azure network (VNet).
- Keys in the vault. The keys for encrypted cookies and sign-in tokens live encrypted in an Azure Key Vault – separate from the application itself.
- A German region. Sites and data sit in a German Azure data centre: short distances and data residency in Germany – a clear plus when it comes to the GDPR.
Scalability: growing along, without moving house
The whole family shares one common foundation – which is economical and low-maintenance. If one site gets cramped, we scale its capacity up in minutes, without a move; and when needed, several instances run in parallel.
A word on the technology behind it: our sites run as Blazor Server – each session holds some state on the server. That's comfortable, but it costs memory per connection. Multiple instances were never the problem; the real edge was that on an instance or version switch the session state briefly dropped – the familiar „reconnecting". With .NET 10, Distributed Circuit Persistence largely closes that gap: state you deliberately preserve now survives an instance or deployment switch, too. Only what you deliberately preserve becomes fully seamless – but the normal case grows noticeably calmer.
From the workshop: the past few weeks
This isn't theory; it's exactly what we built most recently. We migrated carecom.de from its previous host to Azure and put the whole family on the same basis: bestes-wetter.de, 3d-spielplatz.de, em-foto-design.de and the latest addition its-all-right.de. All moved onto a shared, privately connected PostgreSQL service (Azure Database for PostgreSQL), and sign-in to database and vault now runs passwordless via managed identities.
Much of this came about in close collaboration with Claude Code (Anthropic's AI) – from the infrastructure to this very post.
What this means for you
This very foundation is our hosting offering: the same reliability, the same security and the same data residency as for our own sites – without you having to deal with slots, identities and networks yourself. Sounds like something for your project? Get in touch.