Based on Global Black Belt Azure CAD Workshop, this material was used during ugidotnet.org CAD Lab in June 2017.
Azure VMs, AppService, Functions, Logic Apps and Service Fabric were demoed during the day.
3. Balance of
responsibility
Balance of control and responsibility
depends on the category of the service
MOVE-IN READY
Use immediately with minimal configuration
SOME ASSEMBLY REQUIRED
Existing services are a starting point, with additional
configuration for a custom fit
BUILD FROM THE GROUND UP
Building blocks, create your own solution or apps
from scratch
Responsibility OnPrem IaaS PaaS SaaS
Applications
Data
Runtime
Middleware
O/S
Virtualization
Servers
Storage
Networking
MicrosoftCustomer
5. Getting started
>_
REST API
Management portal
Scripting
(Windows, Linux and Mac)
Select image
and VM size
New disk persisted
in storage
Cloud
Blob
Storage
Comprehensive
Networking
Windows Server
Linux
Boot VM from new disk
General Purpose
Basic
Standard
Optimized Compute
Performance Optimized
Network Optimized
Virtual Machines
6.
7. What are the advantages in terms of
security, privacy, etc…
Forensics Lab
9. USGov
HIPAA /
HITECH Act FERPA
GxP
21 CFR Part 11
Global
ISO 27001
SOC 1
Type 2ISO 27018
CSA STAR
Self-Assessment
Regional
Singapore
MTCS
UK
G-Cloud
Australia
IRAP/CCSL
FISC
Japan
China
DJCP
New
Zealand
GCIO
China
GB 18030
EU
Model Clauses
ENISA
IAF
Argentina
PDPA
Japan CS
Mark Gold
China
TRUCS
Spain
ENS
Industry
PCI DSS
Level 1 CDSA
Shared
Assessments
MPAA
Japan My
Number Act
FACT
UK GLBAMARS-E FFIEC
ISO 27017
SOC 2
Type 2
SOC 3
India
MeitY
Canada
Privacy
Laws
Privacy
Shield
ISO 22301
Germany IT
Grundschutz
workbook
Spain
DPA
CSA STAR
Certification
CSA STAR
Attestation
HITRUST
IG Toolkit
UK
FIPS 140-2
DoD DISA
SRG Level 2 ITAR CJIS IRS 1075Section
508 VPAT
SP 800-171
High
JAB P-ATO
DoD DISA
SRG Level 4
DoD DISA
SRG Level 5
Moderate
JAB P-ATO
Azure covers 53 compliance offerings
10. Web and mobile Event-driven
microservices
LOB integration and
hybrid apps
No-code apps
11. Platform Services
Infrastructure Services
Web
Apps
Mobile
Apps
API
Apps
Notification
Hubs
Hybrid
Cloud
Backup
StorSimple
Azure Site
Recovery
Import/Export
SQL
Database CosmosDB
Redis
Cache
Azure
Search
Storage
Tables
SQL Data
Warehouse
Azure AD
Health Monitoring
AD Privileged
Identity
Management
Operational
Analytics
Cloud
Services
Batch
Service
Fabric
Visual Studio
Application
Insights
VS Team Services
Domain Services
HDInsight Machine
Learning Stream Analytics
Data
Factory
Event
Hubs
Data Lake
Analytics Service
IoT Hub
Data
Catalog
Security &
Management
Azure Active
Directory
Multi-Factor
Authentication
Automation
Portal
Key Vault
Store/
Marketplace
VM Image Gallery
& VM Depot
Azure AD
B2C
Scheduler
Xamarin
HockeyApp
Power BI
Embedded
SQL Server
Stretch Database
Mobile
Engagement
Functions
Cognitive Services Bot Framework Cortana
Security Center
Container
Service
VM
Scale Sets
Data Lake Store
BizTalk
Services
Service Bus
Logic
Apps
API
Management
Content
Delivery
Network
Media
Services
Media
Analytics
12. 40Azure regions
NEWLY ANNOUNCED:
France: France Central and France South
Korea: Korea Central and Korea South
DoD East and Central
South Africa: Cape town, Johannesburg
Achieve global scale, in local regions
Trust
17. App Service Core Capabilities
All features and capabilities are shared across all of App Service application (Web, Mobile, Functions and API)
Enterprise grade
Designed for secure mission-critical applications
Fully managed
Optimized for Availability and Automatic scale
Built for DevOps
Agility through Continuous Deployment
Premium Tier
App Service Environments
Hybrid Connections / VPN Support
Scheduled Backup
Azure Active Directory Integration
Site Resiliency, HA, and DR
Role Base Access Control
Audit / Compliance
Enterprise Migration
Client Certs
IP Restrictions/ SSL
Dedicated IP address IP / NSG
Web Sockets
WW Datacenter Coverage
Automated Deployment
AutoScale
Built-in Load Balancing
WW Datacenter Coverage
End Point Monitoring & Alerts
WildCard Support
HTTP Compression
WebJobs
Sticky Sessions
OS & Framework Patching
Auto-Healing
Local Cache
Init Module
Per Site Scaling
Easy Auth
Remote Debugging w/ Visual Studio
Site Staging Slots /Preview
Traffic Routing
Continuous Integration/Deployment
Git/ Hub, Visual Studio Team Services
App & Site Diagnostics
Site Extensions/ Gallery
NET, PHP, Python, Node, Java, Go
Framework Installer
Browser-based editing
Logging and Auditing
Admin-Site
Support Portal
Web Jobs / SDK 1.1
Recommendation Engine
Site Cloning
18. App Service Plans
•
•
•
•
Resource Group
App Service Plan A
Website A API A
App Service Plan B
Website B
Datacenter Region
Standard Tier
Free Tier
Azure Subscription
19.
20. App Service Plans & Apps
Shared pool
App Service Plan 1
SKU x
App Service Plan 2
SKU Y
Web App 1
2x P2
Web App 2
4x P2
Web App 3
4x P2
21. App Service Plan
Host on an App Service Plan
S1 instance
app app app
Real VM
S1 instance
app app app
Price tier: Standard
Compute Resource: S1
Scale: 2
Apps: running 3 apps
Real VM
22. App Service Plan
Scale-Up
S2 instance
app app app
Real VM
S2 instance
app app app
Price tier: Standard
Compute Resource: S2
Scale: 2
Apps: running 3 apps
Real VM
23. App Service Plan
Scale-Out
S2 instance
app app app
Real VM
S2 instance
app app app
Price tier: Standard
Compute Resource: S2
Scale: 3
Apps: running 3 apps
Real VM
S2 instance
app app app
Real VM
24. S1 instance
App Service PlanApp Service Plan
Re-distribute
S3 instance
app
S2 instance
app app
App Service Plan
45. User Level
• A.k.a. Deployment Credentials
• Directly tied to your account (RBAC).
• Unique to each RBAC user.
• Should never be shared between users.
• The same for all web apps in your subscription
• Usage:
• Generally used when…
using an FTP client like FileZilla,
doing a git push from your local repository
logging into the Site Control Manager (SCM) site.
(Web) App-Level Credentials
• aka Publish Profile Credentials
• Automatically generated for each web site.
• Same for each Administrator/Co-Administrator on the
Azure Subscription.
Can be found by downloading the publish profile for
the web app.
• Usage:
• Intended to be used by programs that are
deployments on your behalf (WebDeploy and/or
FTP).
46.
47. 2) Code Repository
1) Develop
4) Deploy to stage 5) Validate
7) Deploy to Cloud8) Monitor and Improve
3) Build 6) Publish
Web Apps
48. App Service Plans, Apps & Slots
App Service Plan 1
SKU x
App Service Plan 2
SKU Y
Web App 1
2x P2
Web App 2
4x P2
Web App 3
4x P2
Web App 2 –
Slot A
2x P2
Web App 2
2x P2
Shared pool
49. Deployment Slots
• A separate web site linked to your primary web site.
• Each deployment slot has it’s own URL and runtime environment.
70. 76
The Azure Resource manager is a:
Highly-scalable geo-
distributed system that
Handles millions of
resources across 100,000’s
of subscriptions
Can create 200 node
cluster in < 5 minutes!
Resource Manager
• Handles thousands of parallel deploys per stamp
• Resilient against failure: retries with “at least once”
guarantee
• Simple, declarative JSON template
• Automatically infers dependences between resources
Logic Apps
• Can handle thousands of parallel runs per stamp
• Resilient against failure: retries with “at least once”
guarantee
• Simple, declarative JSON definition
• Automatically infers dependences between actions
71. Trigger
Trigger
• Recurring Schedule
• Polling (wait on HTTP 202)
• Webhooks
• Manual: POST to workflow url
• Subscribed: workflow subscribes itself
• On Demand: ‘run now’
Action
Action
• Call out:
• API Apps (swagger)
• HTTP endpoints
• Other Logic Apps
• Async Support: 202, retry after interval, …
• Wait for Event:
• Timespan
• Webhook being called
• Retry Policies (can be custom)
Response
Response
• Send Response to:
• Manual Trigger
• WebHook
Split On
Split On
• Debatch incoming array
• Run x instances of the logic app
• Retrieve status for each
Retry
Scope
Conditional
Iteration
Retry
• Default 4 retries, 20 secs in between each
• Configurable up to 1 hour in between
• Can be disabled
Scope
• Encapsulate set of actions
• Used for error handling and compensation
• Possible to access result of each
encapsulated action
Conditional
• If…Else boolean expression
• Can have nested conditions
Iteration
• List Iteration
• Loop single action over list of items
• Runs the action x times
• Possible to get statuses for each action
• Do…Until
• Loop single action based on condition
• Runs action until evaluated to true
• Define limit based on
• Time
• Number of iterations
• Overall action has status/outputs but
not for each iteration
72. Enterprise Integration Pack
Connectors for protocols, SaaS, Enterprise systems
Format Conversion (XML, JSON, FlatFile)
Validation
Extract
Transform
Batching/Debatching
Business Rules
Trading Partner Management
B2B - AS2/X12/EDIFACT
Integration Account
73.
74.
75. • Cloud-scale Event Handlers in no time
• Composing cloud apps becomes simple
• Scales to demand & pay for what you use
• Develop in:
C#, Node.js, Python, PHP, and more
• Schedule event-driven tasks across services
• Expose Functions as HTTP API endpoints
• Fully Open Source
• Running on Serverless Infrastructure
97. Telemetry is collected at each
tier: server backend, middleware,
web service & browser
Telemetry arrives in the cloud
where it is stored & processed with
Machine Learning technology
Detect & Diagnose problems in Azure
Portal; Ask ad-hoc queries in Analytics;
Integrate, Extend & Customize
105. ASE: Concepts
Front Ends:
• HTTP endpoints
• Distribute requests to
workers
• Minimum 2 instances P2
Worker Pools:
• Host the actual apps
• Can have up to 3 pools
of workers, minimum is
one pool
• Can use sizes of P1
through P4
• Can have up to 50
workers
App Service Environment
subnet
Front-End
WorkerPool1WorkerPool2WorkerPool3
VIP
107. Azure Virtual Network
App Service Environment
VIP
vnet
subnet
Azure Virtual Network
App Service Environment
ILB
vnet
subnet
108. On Premises
ASE high level network
Internet
Azure Virtual Network
App Service Environment
subnet
Site to Site or ExpressRoute VPN
VIP
109.
110. App Service
Plan B
ASE: Workers and Update Domains
Worker pool 1:
• Workers (machines): 4
• Available workers:
App Service Environment
subnet
Front-End
WorkerPool1WorkerPool2WorkerPool3
VIP
App Service
Plan A
App Service
Plan B
3210
111. How to scale up correctly
Scale Up App Service Plan B:
• Don’t scale the WP1
• Scale up WP2, then move
ASP to WP2
App Service Environment
subnet
Front-End
WorkerPool1WorkerPool2WorkerPool3
VIP
App Service
Plan B
Web App X
App Service
Plan B
112.
113. • Specify your own subdomain
• Manage your own DNS
• Provide your own SSL certificates
• Host intranet applications
• Build secure 2 tier applications
• Host apps in the cloud not listed in public DNS
114. • Use IPSSL
• Assign an IP address to a specific app
• Buy and use a certificate through the portal
• Leverage Kudu CONSOLE
• Run Functions
115. On Premises
ILB ASE – Intra-net app
Azure Virtual Network
App Service Environment
subnet
Site to Site or ExpressRoute VPN
ILB
116. ILB ASE – 2 tier application
Internet
Azure Virtual Network
App Service Environment
VIP subnet
App Service Environment
subnet
ILB
117. Scenario: WAF
Azure Virtual Network
Azure
LB
App Service Environment
subnet
ILB
Internet
Web Application
Firewall (WAF)
Visitors
Authors
IaaS – MongoDB Cluster
(or others)
subnet