SlideShare une entreprise Scribd logo

Azure App Service Deep Dive

Télécharger en tant que PPTX, PDF
Azure Riyadh User Group
Azure Riyadh User Group

Azure App Service Deep Dive

Technologie
1  sur  54
Advanced Topics in App Service RIYADH 5 16 March 2019 Microsoft Riyadh
Wael El Saeed
Agenda • Compute Options • From cPanel and Plesk • Azure App Service Architecture • Application Deployment and Configurations • Revisit deployment slots • Authentication and Authorization • Demo for Custom Domain and SSL • Azure App Service Static IP Restrictions • Backup and Restore • Scale App Service • WebJobs • Monitor • App Service Environments
Back to basics
App Service overview Multiple languages and frameworks ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP, or Python. You can also run PowerShell and other scripts or executables as background services. Devops optimization Set up continuous integration and deployment with Azure DevOps, GitHub, BitBucket, Docker Hub, or Azure Container Registry. Global scale with high availability Scale up or out manually or automatically. Connections to SaaS platforms and on-premises data Choose from more than 50 connectors for enterprise systems (such as SAP), SaaS services (such as Salesforce) Security and compliance App Service is ISO, SOC, and PCI compliant. Authenticate users with Azure Active Directory or with social login (Google, Facebook, Twitter, and Microsoft). Create IP address restrictions and manage service identities.
Application templates Choose from an extensive list of application templates in the Azure Marketplace, such as WordPress, Joomla, and Drupal. Visual Studio integration Dedicated tools in Visual Studio streamline the work of creating, deploying, and debugging. API and mobile features App Service provides turn-key CORS support for RESTful API scenarios, and simplifies mobile app scenarios by enabling authentication, offline data sync, push notifications, and more. Serverless code Run a code snippet or script on-demand without having to explicitly provision or manage infrastructure, and pay only for the compute time your code actually uses App Service overview
Compute Options Selection Factors Hosting model. How is the service hosted? What requirements and limitations are imposed by this hosting environment? DevOps. Is there built-in support for application upgrades? What is the deployment model? Scalability. How does the service handle adding or removing instances? Can it auto-scale based on load and other metrics? Availability. What is the service SLA? Cost. In addition to the cost of the service itself, consider the operations cost for managing a solution built on that service. For example, IaaS solutions might have a higher operations cost. What are the overall limitations of each service? What kind of application architectures are appropriate for this service?
Azure compute services Decision tree
Azure VM’s VS App Services? • “Lift and Shift” vs Refactor? • Scaling in IaaS vs PaaS. • Resources behind the scene.
N-tier architecture style
Web-Queue-Worker architecture style
Azure Service Plans (Tiers) Plan Storage (GB) Ram (GB) Cores Custom Domain Max instances Auto Scale SSL Traffic Manager No of Apps Price 1 1 60 CPU minutes / Day No 10 Free 1 1 240 CPU minutes / Day Yes 100 ~9.49$ 10 S = 1.75 M = 3.5 L = 7 S = 1 M = 2 L = 4 Yes 3 No Yes No Unlimited 54.75-109.50-219 50 Yes 10 Yes Yes Yes Unlimited 73-146-292 250 S = 3.5 M = 7 L = 14 Yes 20 Yes Yes Yes Unlimited 146-292-584 1000 Yes 100 Yes Yes Yes Unlimited 219-438-876
From cPanel and Plesk Cost- effective Scalable Elastic CurrentReliable Global Secure
Azure App Service Architecture
Global & Geo- Distributed Architecture In every Azure-supported region, you’ll find App Service scale units running customers’ workloads (applications) and sets of regional control units. Control units are transparent to the customer (until they malfunction) and considered part of the platform. There’s one special control unit that’s being used as a gateway for all management API calls.
Global & Geo- Distributed Architecture
App Service Scale Unit Collection of servers that host and run your applications. A typical scale unit can have more than 1,000 servers. The clustering of servers enables economy of scale and reuse of shared infrastructure.
Scale Unit Main Building Blocks Front End • Layer seven-load balancer. (simple round robin) • Acting as a proxy, distributing incoming HTTP requests between different applications and their respective Workers. Web Workers • Workers are the backbone of the App Service scale unit. They run your applications. File Servers • A file server mounts Azure Storage blobs and exposes them as network drives to the Worker. A Worker API Controllers • Can be viewed as an extension to App Service Geo-Master. • Geo-Master delegates API fulfilment to a given scale unit via the API controllers. Publishers • The Publisher role lets customers use FTP to access their application content and logs. SQL Azure • Persist application metadata. Data Role • can be described as a cache layer between SQL Database and all other roles in a given unit of scale.
Revisit Deployment Slots • Deployment slots are actually live apps with their own hostnames. • App content and configurations elements can be swapped between two deployment slots, including the production slot. • General settings - such as framework version, 32/64- bit, Web sockets • App settings (can be configured to stick to a slot) • Connection strings (can be configured to stick to a slot) • Handler mappings • Monitoring and diagnostic settings • Public certificates • WebJobs content • Hybrid connections • Publishing endpoints • Custom Domain Names • Private certificates and SSL bindings • Scale settings • WebJobs schedulers Settings that are swapped Settings that are swapped
Authentication and Authorization Authentication Providers Azure Active Directory Google TwitterGoogle Facebook
Demo for Custom Domain and SSL Custom Domain Map a CNAME record Map an A record Map a wildcard domain Redirect to a custom directory SSL Certificates Bind SSL certificate Enforce HTTPS Enforce TLS versions Public certificates
Azure App Service Static IP Restrictions
Backup and Restore Backup • What gets backed up • App configuration • File content • Database connected to your app • Configure Partial Backups • Create a _backup.filter file in the D:homesitewwwroot Restore • Restore From App backup. • Restore From storage. • Restore from snapshot.
Scale App Service • Auto scale settings • Scale based on metrics • Scale to a specific instance count • Specific start/end dates • Repeat specific days • View the scale history of your resource
Autoscale concepts A resource can have only one autoscale setting An autoscale setting can have one or more profiles and each profile can have one or more autoscale rules. An autoscale setting scales instances horizontally, which is out by increasing the instances and in by decreasing the number of instances. An autoscale job always reads the associated metric to scale by, checking if it has crossed the configured threshold for scale-out or scale-in All thresholds are calculated at an instance level. All autoscale failures are logged to the Activity Log. Similarly, all successful scale actions are posted to the Activity Log.
High density hosting on Azure App Service using per-app scaling • Per-app scaling is available only for Standard, Premium, Premium V2 and Isolated pricing tiers.
WebJobs • WebJob types • Continuous vs Triggered • Supported file types for scripts or programs • .cmd, .bat, .exe (using Windows cmd) • .ps1 (using PowerShell) • .sh (using Bash) • .php (using PHP) • .py (using Python) • .js (using Node.js) • .jar (using Java) • Azure WebJobs SDK
Monitor apps in Azure App Service Quotas for Free or Shared apps are: Quota Description CPU (Short) The amount of CPU allowed for this app in a 5-minute interval. This quota resets every five minutes. CPU (Day) The total amount of CPU allowed for this app in a day. This quota resets every 24 hours at midnight UTC. Memory The total amount of memory allowed for this app. Bandwidth The total amount of outgoing bandwidth allowed for this app in a day. This quota resets every 24 hours at midnight UTC. Filesystem The total amount of storage allowed.
Quota enforcement • If an app exceeds the CPU (short), CPU (Day), or bandwidth quota, the app is stopped until the quota resets. During this time, all incoming requests result in an HTTP 403 error.
Understand metrics Sample of Common metrics Metrics only in Basic, Standard and Premium tiers.
Enable diagnostics logging for apps in Azure App Service • Web server diagnostics • Detailed Error Logging • Failed Request Tracing • Web Server Logging • Application diagnostics • Using Trace class in .net.
App Service Environments The ASE is a deployment of the Azure App Service into a subnet of a customer’s Azure Virtual Network The ASE provides:  Network isolation for apps  Larger scale than multi-tenant  More powerful hosts  Ability to work with all VPN types
ASE is Dedicated environment • An ASE is dedicated exclusively to a single subscription and can host 100 App Service Plan instances. • An ASE is composed of front ends and workers. Front ends are responsible for HTTP/HTTPS termination and automatic load balancing of app requests within an ASE. Front ends are automatically added as the App Service plans in the ASE are scaled out. • Workers are roles that host customer apps. Workers are available in three fixed sizes: • One vCPU/3.5 GB RAM • Two vCPU/7 GB RAM • Four vCPU/14 GB RAM
Types of App Service Environments External ASE: • All app inbound and outbound traffic flow through the VIP • Large scale internet accessible app hosting • Higher memory workers • Internet accessible but network restricted apps ILB ASE: • Internal Load Balancer (ILB) on a VNet IP is used for app access. Outbound from VNet flows through an external VIP • Internal app hosting • WAF fronted apps • Internet isolated app hosting for 2 tier systems
subnet App Service Environment Front Ends Workers Azure Virtual Network Open to the internet Locked down to the ASE VIP IP SSL Assign an IP SSL Address to a single app Use NSGs to lock down access to that app. Enables things like hosting a public app that calls an API app that only apps in the ASE can reach External ASE – The one ASE 2 tier application
External ASE + ILB ASE 2 tier application Azure Virtual Network VIP App Service Environment ILB Internet App Service Environment Web apps API apps
External ASE + ILB ASE 2 tier with geo distribution Azure Virtual Network VIP App Service Environment ILB Internet App Service Environment Web apps API apps Azure Virtual Network VIP App Service Environment Web apps Site to Site VPN East US West US
App Service Worker ILB ASE + VNET Integration 2 tier application Point to Site VPN App Service Environment subnet ILB Azure Virtual Network
ILB ASE inbound connections with WAF App Service Environment Azure Virtual Network ILB WAF Configure your apps with a Web Application Firewall virtual device for extreme application security.Internet
ILB ASE with WAF 2 tier application API apps App Service Environment Azure Virtual Network ILB WAF Leverage the benefits of the WAF with a web app that calls back to an API app on the same ILB ASE. The traffic between the web and API apps stays in the VNet. Internet web apps
Site to Site or ExpressRoute VPN Azure Virtual Network ASE high level network VIP App Service Environment subnet Internet On Premises An ASE is a deployment of the Azure App Service into a subnet in a customer’s Azure Virtual Network The apps in an ASE are exposed to the internet through a VIP Because the apps are in the ASE inside the customer’s VNet, they can access resources that are also in the VNet If the VNet is connected to an on premises network via a Site to Site or ExpressRoute VPN then they can access resources on premises If you want private site access then create an ASE that uses an Internal Load Balancer instead of one with an external VIP ILB
Routes and security groups Route selection is based on its origin in the following order 1. User defined route 2. BGP route (with ExpressRoute) 3. System route ASE management traffic must source from the VNet • If you have ER with forced tunneling, define a UDR on the ASE subnet sending 0.0.0.0/0 to internet Network security groups • must allow (for now) inbound to ASE subnet from any IP to subnet on ports 454/455 • Must allow outbound from ASE subnet to any IP. • Must allow ASE subnet to talk to ASE subnet on any port
Azure Files ASE dependencies (all required) subnet App Service Environment Multirole VIP Workers Azure Virtual Network Azure SQL Azure DNS Cert authority Management Traffic to the dependencies MUST originate with the ASE VIP It CANNOT be force tunneled on premises and sent out a SNAT
ASE inbound connections subnet App Service Environment Multirole VIP Workers Azure Virtual Network HTTP/HTTPS FTP Remote Debug Management (REQUIRED) Apps are at <appname>.<asename>.p.azurewebsites.net
ILB ASE inbound connections subnet App Service Environment Multirole VIP Workers Azure Virtual Network HTTP/HTTPS FTP Remote Debug Management (REQUIRED) ILB Apps are at <appname>.<customer managed domain> Internet isolated unless the customer sets up a WAF or proxy with public DNS names
App Service feature access Customer browser Geomaster Stamp controller Front end Portal Controller Scm site Management ARM Old stuff Scm site Some scm site features include: • Functions • Kudu • Web jobs • Logstream • Deployment • Extensions • Process Explorer • Console
External ASE feature access subnet App Service Environment Multirole VIP Workers Azure Virtual Network Management ILB Customer browser Portal Controller ARM Normal feature access goes through the VIP on either port 454 or port 443 Scm site Scm site port 443 Management ports 454
External ASE feature access – 443 NSG subnet App Service Environment Multirole VIP Workers Azure Virtual Network Management ILB Customer browser Portal Controller ARM If you try to control app https access and lock down 443, you can break feature access Scm site Scm site port 443 Management ports 454/455
ILB ASE feature access subnet App Service Environment Multirole VIP Workers Azure Virtual Network Management ILB Customer browser Portal Controller ARM <appname>.scm.<customer managed domain> is not in public DNS and is not internet accessible. Features that depend on such access do not work when customer is outside of the VNET Scm site
ILB ASE feature access, part 2 subnet App Service Environment Multirole VIP Workers Azure Virtual Network Management ILB Customer browser Portal Controller ARM If customer browser is in the VNET then they can hit the scm site from their browser. The portal controller still cannot hit the scm site as it is outside the VNET There is ongoing work to change how this behaves so that there is no communication from the Portal Controller to the scm site. Scm site Scm site
Azure Files Forced tunnel challenges subnet App Service Environment Multirole VIP Workers Azure Virtual Network Azure SQL Azure DNS Cert authority Management Today this model won’t work. The traffic must originate from the VIP. To avoid this you currently need to set UDRs to send everything to the internet ER VPN On Premises network
Thanks

Recommandé

Azure App Service
Azure App ServiceAzure App Service
Azure App Service
BizTalk360
 
Azure App Service Architecture. Web Apps.
Azure App Service Architecture. Web Apps.Azure App Service Architecture. Web Apps.
Azure App Service Architecture. Web Apps.
Alexander Feschenko
 
Azure web apps
Azure web appsAzure web apps
Azure web apps
Vaibhav Gujral
 
Azure Migration Program Pitch Deck
Azure Migration Program Pitch DeckAzure Migration Program Pitch Deck
Azure Migration Program Pitch Deck
Nicholas Vossburg
 
Azure Migrate
Azure MigrateAzure Migrate
Azure Migrate
Mustafa
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to Azure
Robert Crane
 
App Modernisation with Microsoft Azure
App Modernisation with Microsoft AzureApp Modernisation with Microsoft Azure
App Modernisation with Microsoft Azure
Adam Stephensen
 
Introduction to Azure Functions
Introduction to Azure FunctionsIntroduction to Azure Functions
Introduction to Azure Functions
Callon Campbell
 

Recommandé

Azure App Service
Azure App ServiceAzure App Service
Azure App Service
BizTalk360
 
Azure App Service Architecture. Web Apps.
Azure App Service Architecture. Web Apps.Azure App Service Architecture. Web Apps.
Azure App Service Architecture. Web Apps.
Alexander Feschenko
 
Azure web apps
Azure web appsAzure web apps
Azure web apps
Vaibhav Gujral
 
Azure Migration Program Pitch Deck
Azure Migration Program Pitch DeckAzure Migration Program Pitch Deck
Azure Migration Program Pitch Deck
Nicholas Vossburg
 
Azure Migrate
Azure MigrateAzure Migrate
Azure Migrate
Mustafa
 
Introduction to Azure
Introduction to AzureIntroduction to Azure
Introduction to Azure
Robert Crane
 
App Modernisation with Microsoft Azure
App Modernisation with Microsoft AzureApp Modernisation with Microsoft Azure
App Modernisation with Microsoft Azure
Adam Stephensen
 
Introduction to Azure Functions
Introduction to Azure FunctionsIntroduction to Azure Functions
Introduction to Azure Functions
Callon Campbell
 
Microsoft Azure Networking Basics
Microsoft Azure Networking BasicsMicrosoft Azure Networking Basics
Microsoft Azure Networking Basics
Sai Kishore Naidu
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overview
gjuljo
 
Microsoft Azure - Introduction to microsoft's public cloud
Microsoft Azure - Introduction to microsoft's public cloudMicrosoft Azure - Introduction to microsoft's public cloud
Microsoft Azure - Introduction to microsoft's public cloud
Atanas Gergiminov
 
Azure migration
Azure migrationAzure migration
Azure migration
Arnon Rotem-Gal-Oz
 
App Modernization with Microsoft Azure
App Modernization with Microsoft AzureApp Modernization with Microsoft Azure
App Modernization with Microsoft Azure
Microsoft Tech Community
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure Networking
Pedro Sousa
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft Azure
Guy Barrette
 
Migrate an Existing Application to Microsoft Azure
Migrate an Existing Application to Microsoft AzureMigrate an Existing Application to Microsoft Azure
Migrate an Existing Application to Microsoft Azure
Chris Dufour
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An Introduction
Venkatesh Narayanan
 
Azure 101
Azure 101Azure 101
Azure 101
Korry Lavoie
 
Azure Governance
Azure GovernanceAzure Governance
Azure Governance
Benjamin Hüpeden
 
Azure SQL Database
Azure SQL DatabaseAzure SQL Database
Azure SQL Database
rockplace
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access management
Dinusha Kumarasiri
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft Azure
Kasun Kodagoda
 
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Edureka!
 
Business Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft AzureBusiness Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft Azure
Aymen Mami
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft Azure
Aptera Inc
 
Accelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdfAccelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdf
Amazon Web Services
 
Azure Arc by K.Narisorn // Azure Multi-Cloud
Azure Arc by K.Narisorn // Azure Multi-CloudAzure Arc by K.Narisorn // Azure Multi-Cloud
Azure Arc by K.Narisorn // Azure Multi-Cloud
Kumton Suttiraksiri
 
On-premise to Microsoft Azure Cloud Migration.
On-premise to Microsoft Azure Cloud Migration. On-premise to Microsoft Azure Cloud Migration.
On-premise to Microsoft Azure Cloud Migration.
Emtec Inc.
 
Azure Web Apps - Introduction
Azure Web Apps - IntroductionAzure Web Apps - Introduction
Azure Web Apps - Introduction
Christopher Gomez
 
Azure Web Apps
Azure Web AppsAzure Web Apps
Azure Web Apps
Gaurav Madaan
 

Contenu connexe

Tendances

Tendances (20)

Microsoft Azure Networking Basics
Microsoft Azure Networking BasicsMicrosoft Azure Networking Basics
Microsoft Azure Networking Basics
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overview
 
Microsoft Azure - Introduction to microsoft's public cloud
Microsoft Azure - Introduction to microsoft's public cloudMicrosoft Azure - Introduction to microsoft's public cloud
Microsoft Azure - Introduction to microsoft's public cloud
 
Azure migration
Azure migrationAzure migration
Azure migration
 
App Modernization with Microsoft Azure
App Modernization with Microsoft AzureApp Modernization with Microsoft Azure
App Modernization with Microsoft Azure
 
Let's Talk About: Azure Networking
Let's Talk About: Azure NetworkingLet's Talk About: Azure Networking
Let's Talk About: Azure Networking
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft Azure
 
Migrate an Existing Application to Microsoft Azure
Migrate an Existing Application to Microsoft AzureMigrate an Existing Application to Microsoft Azure
Migrate an Existing Application to Microsoft Azure
 
Azure Active Directory - An Introduction
Azure Active Directory - An IntroductionAzure Active Directory - An Introduction
Azure Active Directory - An Introduction
 
Azure 101
Azure 101Azure 101
Azure 101
 
Azure Governance
Azure GovernanceAzure Governance
Azure Governance
 
Azure SQL Database
Azure SQL DatabaseAzure SQL Database
Azure SQL Database
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access management
 
Introduction to Microsoft Azure
Introduction to Microsoft AzureIntroduction to Microsoft Azure
Introduction to Microsoft Azure
 
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
Azure Active Directory | Microsoft Azure Tutorial for Beginners | Azure 70-53...
 
Business Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft AzureBusiness Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft Azure
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft Azure
 
Accelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdfAccelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdf
 
Azure Arc by K.Narisorn // Azure Multi-Cloud
Azure Arc by K.Narisorn // Azure Multi-CloudAzure Arc by K.Narisorn // Azure Multi-Cloud
Azure Arc by K.Narisorn // Azure Multi-Cloud
 
On-premise to Microsoft Azure Cloud Migration.
On-premise to Microsoft Azure Cloud Migration. On-premise to Microsoft Azure Cloud Migration.
On-premise to Microsoft Azure Cloud Migration.
 

Similaire à Azure App Service Deep Dive

Azure from scratch part 3 By Girish Kalamati
Azure from scratch part 3 By Girish KalamatiAzure from scratch part 3 By Girish Kalamati
Azure from scratch part 3 By Girish Kalamati
Girish Kalamati
 
AWS Summit Singapore Webinar Edition | Architecting a Serverless Data Lake on...
AWS Summit Singapore Webinar Edition | Architecting a Serverless Data Lake on...AWS Summit Singapore Webinar Edition | Architecting a Serverless Data Lake on...
AWS Summit Singapore Webinar Edition | Architecting a Serverless Data Lake on...
Amazon Web Services
 

Similaire à Azure App Service Deep Dive (20)

Azure Web Apps - Introduction
Azure Web Apps - IntroductionAzure Web Apps - Introduction
Azure Web Apps - Introduction
 
Azure Web Apps
Azure Web AppsAzure Web Apps
Azure Web Apps
 
Paa sing a java ee 6 application kshitiz saxena
Paa sing a java ee 6 application kshitiz saxenaPaa sing a java ee 6 application kshitiz saxena
Paa sing a java ee 6 application kshitiz saxena
 
Azure for SharePoint Developers - Workshop - Part 3: Web Services
Azure for SharePoint Developers - Workshop - Part 3: Web ServicesAzure for SharePoint Developers - Workshop - Part 3: Web Services
Azure for SharePoint Developers - Workshop - Part 3: Web Services
 
Azure from scratch part 3 By Girish Kalamati
Azure from scratch part 3 By Girish KalamatiAzure from scratch part 3 By Girish Kalamati
Azure from scratch part 3 By Girish Kalamati
 
What is Serverless Computing?
What is Serverless Computing?What is Serverless Computing?
What is Serverless Computing?
 
Azure Cloud Application Development Workshop - UGIdotNET
Azure Cloud Application Development Workshop - UGIdotNETAzure Cloud Application Development Workshop - UGIdotNET
Azure Cloud Application Development Workshop - UGIdotNET
 
AWS Summit Singapore Webinar Edition | Architecting a Serverless Data Lake on...
AWS Summit Singapore Webinar Edition | Architecting a Serverless Data Lake on...AWS Summit Singapore Webinar Edition | Architecting a Serverless Data Lake on...
AWS Summit Singapore Webinar Edition | Architecting a Serverless Data Lake on...
 
Application modernization with azure PaaS and FaaS
Application modernization with azure PaaS and FaaSApplication modernization with azure PaaS and FaaS
Application modernization with azure PaaS and FaaS
 
Designing Microservices
Designing MicroservicesDesigning Microservices
Designing Microservices
 
SpringOne Tour: An Introduction to Azure Spring Apps Enterprise
SpringOne Tour: An Introduction to Azure Spring Apps EnterpriseSpringOne Tour: An Introduction to Azure Spring Apps Enterprise
SpringOne Tour: An Introduction to Azure Spring Apps Enterprise
 
Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101Adelaide Global Azure Bootcamp 2018 - Azure 101
Adelaide Global Azure Bootcamp 2018 - Azure 101
 
AWS Summit Singapore - Managing a Database Migration Project | Best Practices
AWS Summit Singapore - Managing a Database Migration Project | Best PracticesAWS Summit Singapore - Managing a Database Migration Project | Best Practices
AWS Summit Singapore - Managing a Database Migration Project | Best Practices
 
15-factor-apps.pdf
15-factor-apps.pdf15-factor-apps.pdf
15-factor-apps.pdf
 
Microsoft Azure Platform-as-a-Service (PaaS)
Microsoft Azure Platform-as-a-Service (PaaS)Microsoft Azure Platform-as-a-Service (PaaS)
Microsoft Azure Platform-as-a-Service (PaaS)
 
Azure Web App services
Azure Web App servicesAzure Web App services
Azure Web App services
 
App Service Web
App Service WebApp Service Web
App Service Web
 
Where to Begin? Application Portfolio Migration
Where to Begin? Application Portfolio MigrationWhere to Begin? Application Portfolio Migration
Where to Begin? Application Portfolio Migration
 
CSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps sessionCSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps session
 
Build on AWS: Migrating and Platforming
Build on AWS: Migrating and PlatformingBuild on AWS: Migrating and Platforming
Build on AWS: Migrating and Platforming
 

Plus de Azure Riyadh User Group

Plus de Azure Riyadh User Group (9)

Azure Logic Apps
Azure Logic AppsAzure Logic Apps
Azure Logic Apps
 
Power of Azure Devops
Power of Azure DevopsPower of Azure Devops
Power of Azure Devops
 
Azure Messaging Services 2
Azure Messaging Services 2Azure Messaging Services 2
Azure Messaging Services 2
 
Azure Messaging Services #1
Azure Messaging Services #1Azure Messaging Services #1
Azure Messaging Services #1
 
Azure Bot Service
Azure Bot ServiceAzure Bot Service
Azure Bot Service
 
Azure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage OverviewAzure Compute, Networking and Storage Overview
Azure Compute, Networking and Storage Overview
 
Azure App Services
Azure App ServicesAzure App Services
Azure App Services
 
Azure Big Picture
Azure Big PictureAzure Big Picture
Azure Big Picture
 
Cloud Fundamental
Cloud FundamentalCloud Fundamental
Cloud Fundamental
 

Dernier

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Dernier (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Azure App Service Deep Dive

  • 1. Advanced Topics in App Service RIYADH 5 16 March 2019 Microsoft Riyadh
  • 3. Agenda • Compute Options • From cPanel and Plesk • Azure App Service Architecture • Application Deployment and Configurations • Revisit deployment slots • Authentication and Authorization • Demo for Custom Domain and SSL • Azure App Service Static IP Restrictions • Backup and Restore • Scale App Service • WebJobs • Monitor • App Service Environments
  • 5. App Service overview Multiple languages and frameworks ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP, or Python. You can also run PowerShell and other scripts or executables as background services. Devops optimization Set up continuous integration and deployment with Azure DevOps, GitHub, BitBucket, Docker Hub, or Azure Container Registry. Global scale with high availability Scale up or out manually or automatically. Connections to SaaS platforms and on-premises data Choose from more than 50 connectors for enterprise systems (such as SAP), SaaS services (such as Salesforce) Security and compliance App Service is ISO, SOC, and PCI compliant. Authenticate users with Azure Active Directory or with social login (Google, Facebook, Twitter, and Microsoft). Create IP address restrictions and manage service identities.
  • 6. Application templates Choose from an extensive list of application templates in the Azure Marketplace, such as WordPress, Joomla, and Drupal. Visual Studio integration Dedicated tools in Visual Studio streamline the work of creating, deploying, and debugging. API and mobile features App Service provides turn-key CORS support for RESTful API scenarios, and simplifies mobile app scenarios by enabling authentication, offline data sync, push notifications, and more. Serverless code Run a code snippet or script on-demand without having to explicitly provision or manage infrastructure, and pay only for the compute time your code actually uses App Service overview
  • 7. Compute Options Selection Factors Hosting model. How is the service hosted? What requirements and limitations are imposed by this hosting environment? DevOps. Is there built-in support for application upgrades? What is the deployment model? Scalability. How does the service handle adding or removing instances? Can it auto-scale based on load and other metrics? Availability. What is the service SLA? Cost. In addition to the cost of the service itself, consider the operations cost for managing a solution built on that service. For example, IaaS solutions might have a higher operations cost. What are the overall limitations of each service? What kind of application architectures are appropriate for this service?
  • 9. Azure VM’s VS App Services? • “Lift and Shift” vs Refactor? • Scaling in IaaS vs PaaS. • Resources behind the scene.
  • 12. Azure Service Plans (Tiers) Plan Storage (GB) Ram (GB) Cores Custom Domain Max instances Auto Scale SSL Traffic Manager No of Apps Price 1 1 60 CPU minutes / Day No 10 Free 1 1 240 CPU minutes / Day Yes 100 ~9.49$ 10 S = 1.75 M = 3.5 L = 7 S = 1 M = 2 L = 4 Yes 3 No Yes No Unlimited 54.75-109.50-219 50 Yes 10 Yes Yes Yes Unlimited 73-146-292 250 S = 3.5 M = 7 L = 14 Yes 20 Yes Yes Yes Unlimited 146-292-584 1000 Yes 100 Yes Yes Yes Unlimited 219-438-876
  • 13. From cPanel and Plesk Cost- effective Scalable Elastic CurrentReliable Global Secure
  • 15. Global & Geo- Distributed Architecture In every Azure-supported region, you’ll find App Service scale units running customers’ workloads (applications) and sets of regional control units. Control units are transparent to the customer (until they malfunction) and considered part of the platform. There’s one special control unit that’s being used as a gateway for all management API calls.
  • 17. App Service Scale Unit Collection of servers that host and run your applications. A typical scale unit can have more than 1,000 servers. The clustering of servers enables economy of scale and reuse of shared infrastructure.
  • 18. Scale Unit Main Building Blocks Front End • Layer seven-load balancer. (simple round robin) • Acting as a proxy, distributing incoming HTTP requests between different applications and their respective Workers. Web Workers • Workers are the backbone of the App Service scale unit. They run your applications. File Servers • A file server mounts Azure Storage blobs and exposes them as network drives to the Worker. A Worker API Controllers • Can be viewed as an extension to App Service Geo-Master. • Geo-Master delegates API fulfilment to a given scale unit via the API controllers. Publishers • The Publisher role lets customers use FTP to access their application content and logs. SQL Azure • Persist application metadata. Data Role • can be described as a cache layer between SQL Database and all other roles in a given unit of scale.
  • 19. Revisit Deployment Slots • Deployment slots are actually live apps with their own hostnames. • App content and configurations elements can be swapped between two deployment slots, including the production slot. • General settings - such as framework version, 32/64- bit, Web sockets • App settings (can be configured to stick to a slot) • Connection strings (can be configured to stick to a slot) • Handler mappings • Monitoring and diagnostic settings • Public certificates • WebJobs content • Hybrid connections • Publishing endpoints • Custom Domain Names • Private certificates and SSL bindings • Scale settings • WebJobs schedulers Settings that are swapped Settings that are swapped
  • 21. Demo for Custom Domain and SSL Custom Domain Map a CNAME record Map an A record Map a wildcard domain Redirect to a custom directory SSL Certificates Bind SSL certificate Enforce HTTPS Enforce TLS versions Public certificates
  • 22. Azure App Service Static IP Restrictions
  • 23. Backup and Restore Backup • What gets backed up • App configuration • File content • Database connected to your app • Configure Partial Backups • Create a _backup.filter file in the D:homesitewwwroot Restore • Restore From App backup. • Restore From storage. • Restore from snapshot.
  • 24. Scale App Service • Auto scale settings • Scale based on metrics • Scale to a specific instance count • Specific start/end dates • Repeat specific days • View the scale history of your resource
  • 25. Autoscale concepts A resource can have only one autoscale setting An autoscale setting can have one or more profiles and each profile can have one or more autoscale rules. An autoscale setting scales instances horizontally, which is out by increasing the instances and in by decreasing the number of instances. An autoscale job always reads the associated metric to scale by, checking if it has crossed the configured threshold for scale-out or scale-in All thresholds are calculated at an instance level. All autoscale failures are logged to the Activity Log. Similarly, all successful scale actions are posted to the Activity Log.
  • 26. High density hosting on Azure App Service using per-app scaling • Per-app scaling is available only for Standard, Premium, Premium V2 and Isolated pricing tiers.
  • 27. WebJobs • WebJob types • Continuous vs Triggered • Supported file types for scripts or programs • .cmd, .bat, .exe (using Windows cmd) • .ps1 (using PowerShell) • .sh (using Bash) • .php (using PHP) • .py (using Python) • .js (using Node.js) • .jar (using Java) • Azure WebJobs SDK
  • 28. Monitor apps in Azure App Service Quotas for Free or Shared apps are: Quota Description CPU (Short) The amount of CPU allowed for this app in a 5-minute interval. This quota resets every five minutes. CPU (Day) The total amount of CPU allowed for this app in a day. This quota resets every 24 hours at midnight UTC. Memory The total amount of memory allowed for this app. Bandwidth The total amount of outgoing bandwidth allowed for this app in a day. This quota resets every 24 hours at midnight UTC. Filesystem The total amount of storage allowed.
  • 29. Quota enforcement • If an app exceeds the CPU (short), CPU (Day), or bandwidth quota, the app is stopped until the quota resets. During this time, all incoming requests result in an HTTP 403 error.
  • 30. Understand metrics Sample of Common metrics Metrics only in Basic, Standard and Premium tiers.
  • 31. Enable diagnostics logging for apps in Azure App Service • Web server diagnostics • Detailed Error Logging • Failed Request Tracing • Web Server Logging • Application diagnostics • Using Trace class in .net.
  • 32. App Service Environments The ASE is a deployment of the Azure App Service into a subnet of a customer’s Azure Virtual Network The ASE provides:  Network isolation for apps  Larger scale than multi-tenant  More powerful hosts  Ability to work with all VPN types
  • 33. ASE is Dedicated environment • An ASE is dedicated exclusively to a single subscription and can host 100 App Service Plan instances. • An ASE is composed of front ends and workers. Front ends are responsible for HTTP/HTTPS termination and automatic load balancing of app requests within an ASE. Front ends are automatically added as the App Service plans in the ASE are scaled out. • Workers are roles that host customer apps. Workers are available in three fixed sizes: • One vCPU/3.5 GB RAM • Two vCPU/7 GB RAM • Four vCPU/14 GB RAM
  • 34. Types of App Service Environments External ASE: • All app inbound and outbound traffic flow through the VIP • Large scale internet accessible app hosting • Higher memory workers • Internet accessible but network restricted apps ILB ASE: • Internal Load Balancer (ILB) on a VNet IP is used for app access. Outbound from VNet flows through an external VIP • Internal app hosting • WAF fronted apps • Internet isolated app hosting for 2 tier systems
  • 35.
  • 36. subnet App Service Environment Front Ends Workers Azure Virtual Network Open to the internet Locked down to the ASE VIP IP SSL Assign an IP SSL Address to a single app Use NSGs to lock down access to that app. Enables things like hosting a public app that calls an API app that only apps in the ASE can reach External ASE – The one ASE 2 tier application
  • 37. External ASE + ILB ASE 2 tier application Azure Virtual Network VIP App Service Environment ILB Internet App Service Environment Web apps API apps
  • 38. External ASE + ILB ASE 2 tier with geo distribution Azure Virtual Network VIP App Service Environment ILB Internet App Service Environment Web apps API apps Azure Virtual Network VIP App Service Environment Web apps Site to Site VPN East US West US
  • 39. App Service Worker ILB ASE + VNET Integration 2 tier application Point to Site VPN App Service Environment subnet ILB Azure Virtual Network
  • 40. ILB ASE inbound connections with WAF App Service Environment Azure Virtual Network ILB WAF Configure your apps with a Web Application Firewall virtual device for extreme application security.Internet
  • 41. ILB ASE with WAF 2 tier application API apps App Service Environment Azure Virtual Network ILB WAF Leverage the benefits of the WAF with a web app that calls back to an API app on the same ILB ASE. The traffic between the web and API apps stays in the VNet. Internet web apps
  • 42.
  • 43. Site to Site or ExpressRoute VPN Azure Virtual Network ASE high level network VIP App Service Environment subnet Internet On Premises An ASE is a deployment of the Azure App Service into a subnet in a customer’s Azure Virtual Network The apps in an ASE are exposed to the internet through a VIP Because the apps are in the ASE inside the customer’s VNet, they can access resources that are also in the VNet If the VNet is connected to an on premises network via a Site to Site or ExpressRoute VPN then they can access resources on premises If you want private site access then create an ASE that uses an Internal Load Balancer instead of one with an external VIP ILB
  • 44. Routes and security groups Route selection is based on its origin in the following order 1. User defined route 2. BGP route (with ExpressRoute) 3. System route ASE management traffic must source from the VNet • If you have ER with forced tunneling, define a UDR on the ASE subnet sending 0.0.0.0/0 to internet Network security groups • must allow (for now) inbound to ASE subnet from any IP to subnet on ports 454/455 • Must allow outbound from ASE subnet to any IP. • Must allow ASE subnet to talk to ASE subnet on any port
  • 45. Azure Files ASE dependencies (all required) subnet App Service Environment Multirole VIP Workers Azure Virtual Network Azure SQL Azure DNS Cert authority Management Traffic to the dependencies MUST originate with the ASE VIP It CANNOT be force tunneled on premises and sent out a SNAT
  • 46. ASE inbound connections subnet App Service Environment Multirole VIP Workers Azure Virtual Network HTTP/HTTPS FTP Remote Debug Management (REQUIRED) Apps are at <appname>.<asename>.p.azurewebsites.net
  • 47. ILB ASE inbound connections subnet App Service Environment Multirole VIP Workers Azure Virtual Network HTTP/HTTPS FTP Remote Debug Management (REQUIRED) ILB Apps are at <appname>.<customer managed domain> Internet isolated unless the customer sets up a WAF or proxy with public DNS names
  • 48. App Service feature access Customer browser Geomaster Stamp controller Front end Portal Controller Scm site Management ARM Old stuff Scm site Some scm site features include: • Functions • Kudu • Web jobs • Logstream • Deployment • Extensions • Process Explorer • Console
  • 49. External ASE feature access subnet App Service Environment Multirole VIP Workers Azure Virtual Network Management ILB Customer browser Portal Controller ARM Normal feature access goes through the VIP on either port 454 or port 443 Scm site Scm site port 443 Management ports 454
  • 50. External ASE feature access – 443 NSG subnet App Service Environment Multirole VIP Workers Azure Virtual Network Management ILB Customer browser Portal Controller ARM If you try to control app https access and lock down 443, you can break feature access Scm site Scm site port 443 Management ports 454/455
  • 51. ILB ASE feature access subnet App Service Environment Multirole VIP Workers Azure Virtual Network Management ILB Customer browser Portal Controller ARM <appname>.scm.<customer managed domain> is not in public DNS and is not internet accessible. Features that depend on such access do not work when customer is outside of the VNET Scm site
  • 52. ILB ASE feature access, part 2 subnet App Service Environment Multirole VIP Workers Azure Virtual Network Management ILB Customer browser Portal Controller ARM If customer browser is in the VNET then they can hit the scm site from their browser. The portal controller still cannot hit the scm site as it is outside the VNET There is ongoing work to change how this behaves so that there is no communication from the Portal Controller to the scm site. Scm site Scm site
  • 53. Azure Files Forced tunnel challenges subnet App Service Environment Multirole VIP Workers Azure Virtual Network Azure SQL Azure DNS Cert authority Management Today this model won’t work. The traffic must originate from the VIP. To avoid this you currently need to set UDRs to send everything to the internet ER VPN On Premises network

Notes de l'éditeur

  1. Servers is not empty No. of NICs not for fun
  2. App Service clusters bunches of servers into a single unit called a “scale unit” (or a “stamp”).  There are many such scale units across the globe in Azure datacenters. In every Azure-supported region, you’ll find App Service scale units running customers’ workloads (applications) and sets of regional control units. There’s one special control unit that’s being used as a gateway for all management API calls.
  3. If your app needs to access remote resources as a client, and the remote resource requires certificate authentication, you can upload public certificates to your app. Public certificates are not required for SSL bindings of your app.
  4. Public Certificate: https://docs.microsoft.com/en-us/azure/app-service/app-service-web-ssl-cert-load
  5. Ensure the maximum and minimum values are different and have an adequate margin between them. Manual scaling is reset by autoscale min and max. Always use a scale-out and scale-in rule combination that performs an increase and decrease. Choose the appropriate statistic for your diagnostics metric. Choose the thresholds carefully for all metric types. Considerations for scaling threshold values for special metrics. Considerations for scaling when multiple profiles are configured in an autoscale setting Always select a safe default instance count Configure autoscale notifications
  6. CPU time vs CPU percentage CPU Time: Useful for apps hosted in Free or Shared plans, because one of their quotas is defined in CPU minutes used by the app. CPU percentage: Useful for apps hosted in Basic, Standard, and Premium plans, because they can be scaled out. CPU percentage is a good indication of the overall usage across all instances.
  7. Christina 1 min From start: 49.5 min
  8. Christina 30 sec From start: 48.5
  9. Border Gateway Protocol (BGP)
  10. Christina 30 sec From start: 48.5
  11. Christina 30 sec From start: 48.5
  12. Christina 30 sec From start: 48.5
  13. Christina 30 sec From start: 48.5
  14. Christina 30 sec From start: 48.5
  15. Christina 30 sec From start: 48.5
  16. Christina 30 sec From start: 48.5
  17. Christina 30 sec From start: 48.5