3. Deploy & manage Azure Compute resources - GlennVandenborre/AZ-104-Azure-Administrators GitHub Wiki

3.1 VM Configuration

3.1.1 Cloud Service responsibilities

Characteristics of Azure VM's

  • Basis of IaaS.
  • Own OS, storage, network and can run wide range of applications.
  • multiple VM's implementation for testing, development and deployment.
  • Vertical scaling and pay only what you use.
  • Shared responsibility between Microsoft and customer.

Considerations IaaS and VM's

  • Test and development: bring new applications to market faster.
  • Website hosting: using VM's can be less expensive then traditional weh hosting.
  • Storage, backup and recovery.
  • High Performance computing.
  • Big data analysis.
  • Extended datacenters.

3.1.2 VM Planning

VM Configuration

  • Start with network
  • Choose VM Name
  • Decide Location
  • Determine VM Size
  • Review pricing model
  • Identify Azure Storage
  • Select OS

Network configuration

Virtual networks provide private network connectivity between Azure VM's and other services. You can also connect your on-premises environment with your Azure environment.

VM Name

Choose a meaningful and consistent computername. You can use certain elements to create a logicial hostname for your VM. Environment or purpose, location, instance, product or service and role can help you. (f.e: devwe-webvm01 is webserver1 in development environment in West Europe)

VM Location

Create your VM in the region closest to your customers to avoid high latency when customers want to use your applications. Choosing your location can also influence the cost of your VM.

VM Size

Determine your size depending on the workload of your VM.

Azure Storage

Azure Managed disks handle Azure Storage account creation and management. You just have to specify the disk size and performance tier (Standard or Premium).

VM Pricing

In a subscription every VM is billed on 2 ways: compute and storage. Compute expenses is billed on a per-minute basis but priced on a per-hour basis. You are not charged at all if you stop and deallocate the VM. Compute costs have 2 payment options: Consumption-based and Reserved VM Instances. Storage costs is independently charged. You also pay for any Azure Storage used by the disks.

Operating system

Azure provide a wide range of base Operating systems. If you don't find what you need, you also can search the Azure Marketplace. In case you don't find anything on the Marketplace, then you also can create your own disk image, but Azure only supports 64-bit operating systems.

3.1.3 VM Sizing

VM Sizes

Based on the workload of your VM, you can determine the appropiate VM size and classifications.

  • General purpose: balanced CPU-to-memory
  • Compute optimized: high CPU-to-memory
  • Memory optimized: high memory-to-CPU
  • Storage optimized: high disk throughput and I/O
  • GPU: heavy graphics rendering and video editing
  • High performance computes: fastest and most powerful CPU VM's with optional high-throughput nic's

Resizing VM's

Agile and elastic approach if the existing size doesn't meet your needs anymore. You can easily resize your VM if your current hardware configuration supports the new size.

3.1.4 VM Storage

VM Storage and disks

All Azure VM's have minimum 2 disks: operating system disk and a temporary disk. They also can have 1 or more data disks. All disks are stored as VHD's. (virtual hard disks)

Operating system disk

OS disk is registered as a SATA drive and has a pre-installed operating system.

Temporary disk

The Temporary disk is a disk where data might get lost during a maintenance event or by redeploying a VM. Never store critical data on this disk to avoid losing this data. On Windows VM's the temporary disk is labeled as D: by default and stores the pagefile.sys file. On Linux VM'sthe temporary disk is labeled as /dev/sdb and is mounted to /mnt by the Azure Linux Agent.

Data disk

A data disk is a managed disk that's attached to a virtual machine to store application data, or other data you need to keep. Data disks are registered as SCSI drivers with the label of your choosing.

3.1.5 VM creation in Azure Portal

Image choosing

Choose which image to use on your VM. There are a lot of choices for servers and clients. Check out the Azure Marketplace if you don't find the one you need.

VM image configuration

  • Basics: project details, administrator account and inbound port rules.
  • Disks: OS disk and data disks.
  • Networking: virtual networks and load balancers.
  • Management: enable auto-shutdown and backup details.
  • Advanced: configure agents, scripts or VM extensions.
  • Monitoring
  • Tags

3.1.6 Connect to VM's

VM Connection options

There are several ways to connect to your VM's. SSH and RDP protocols or Azure Bastion.

Azure Bastion

Azure Bastion is a fully managed PaaS service. At security level Azure Bastion is the most secure way to connect to your VM's compared to SSH or RDP. Using SSH or RDP requires you to open ports 22 or 3389 while Azure Bastion protects you from open these ports to the public internet and lets you connect to your VM's through the Azure Portal.

3.2 VM Availability

3.2.1 Plan for maintenance and downtime

Maintenance planning

  • Unplanned hardware maintenance: Azure predicts that the hardware is about to fail. Azure uses Live Migration to migrate VM's from the failing hardware to a health phyiscal machine. It pauses the VM for a short time, performance might be reduced after the event.
  • Unexpected downtime: unexpected failure of the physical infrastructure of your VM. Local network failures, local disk failures or rack level failures. During this event, Azure will heal or migrate your VM to a health physical machine in the same datacenter. During this process VM's experienceqs downtime (during reboot) and sometimes loss of the temporary drive.
  • Planned maintenance: periodic updates by Microsoft to improve reliability, performance and security of the physical infrastructure that your VM's run on.

3.2.2 Availability sets

Characteristics Availability sets

  • All VM's must have the identical set of functionalities.
  • All VM's have the same software installed.
  • All VM's run across physical servers, compute racks, storage units and network switches. In case of a failure, only certain VM's are affected and your application stays up and running and can continue to be available to your customers.
  • Create a VM and an availability set at the same time.
  • Build availability sets using Azure Portal, ARM templates, scripting or API tools.
  • Microsoft provides SLA's for Azure VM's and availability sets.

Availability sets general principles

  • Redundancy: place mulriple VM's in your availability set.
  • Seperation of application tiers: avoid single point of failure.
  • Load balancing: high availability and network performance. Load Balancers distribute incoming traffic across working instances, defined in your load-balanced availability set.
  • Managed disks: use Azure managed disks for block-level storage.

3.2.3 Update domains and fault domains

Update Domain characteristics

Update Domain: a group of nodes that are upgraded together during the process of a service upgrade (or rollout). Azure performs incremental or rolling upgrades across a deployment.

  • Contains a set of VM's and associated physical hardware that can be updated and rebooted at the same time.
  • During planned maintenance only 1 update domain is rebooted at a time.
  • Default there are 5 update domains.
  • Configure maximum 20 update domains.

Fault domain characteristics

Fault Domain: a group of nodes that represent a physical unit of failure. (same physical rack)

  • Share a single point of failure, common set of hardware (same server rack with power and network switches)
  • 2 Fault domains work together to protect agains hardware failures, network outages, power interruptions or software updates.

3.2.4 Availability zones

Availability Zones characteristics

Availability Zone: a high-availability offering that protects your applications and data from datacenter failures. An Azure Region in combination of a fault domain with a update domain.

  • Unique physical location in an Azure Region
  • Each zone have 1 or more datacenters with independent power, cooling and networking.
  • For resiliency purposes, minimum 3 seperate zones.
  • Seperation of availability zones protects applications and data agains datacenter failures.
  • Zone-redundant services replicate your applications and data to protect agains single point of failure.

Zonal services

Azure Zonal services pin each resource to a specific zone.

  • Azure VM's
  • Azure managed disks
  • Standard IP addresses

Zone-redundant services

Azure services that are zone-redundant, Azure replicates automatically across all zones.

  • Azure Storage that is zone-redundant
  • Azure SQL Database

3.2.5 Vertical and horizontal scaling

Scalability

Scalability allows throughput for a virtual machine in proportion to the availability of the associated hardware resources. A scalable VM can handle increases in requests without adversely affecting response time and throughput.

Vertical scaling

Vertical scaling or scaling up or scaling down, means increasing or decreasing a VM size when the workload increases or decreases.

Horizontal scaling

Horizontal scaling or scaling out and scaling in means increasing or decreasing the number of VM instances to support changing workload.

3.2.6 Azure VM Scale Sets (VMSS) implementation

VM Scale sets

An Azure Compute resource that you can use to deploy and manage a set of identical virtual machines. Configure all your VM's in the same way, is true autoscaling. Virtual Machine Scale Sets automatically increases the number of your virtual machine instances as application demand increases, and reduces the number of machine instances as demand decreases.

Characteristics of VM Scale Sets (VMSS)

  • Created from same base operating system image and configuration.
  • Support Azure Load Balancer for layer4 traffic distribution and Azure Application Gateway for layer7 traffic distribution and SSL termination.
  • Run multiple instances of your application. If 1 instance has an issue, customers experience minimal interruption to access your application.
  • Implements autoscaling when workload of your application changes.
  • Maximum 1000 VM instances, 600 VM instances if you use custom VM images.

3.2.7 Create VMSS

Configuration

  • Orchestration mode
  • Image
  • VM Architecture
  • Run with Azure Spot discount
  • Size
  • Enable scaling beyond 100 instances (advanced setting)
  • Spreading algorithm (advanced setting)

3.2.8 Implement autoscale

Autoscaling

Automatically increase or decrease the number of VM instances that run your application. Your configuration will dynamically scale your configuration to meet changing workload. This is also called elasticity.

  • Automatic adjusted capacity
  • Scale out
  • Scale in
  • Scheduled events
  • Reduce management overhead

3.2.9 Autoscale configuration

  • Scaling policy: minimum and maximum number of VM's.
  • Scale out: CPU threshold, duration in minutes, number of VM's to increase by.
  • Scale in: Scale in CPU threshold, number of VM's to decrease by.

3.3 Azure App Service plans

3.3.1 Implementation Azure App Service plans

Azure App Service Plan

An App Service Plan defines a set of compute resources for a web application to run.

  • A set of compute resources is created for the plan in the specified region.
  • Every application that you place in your plan will run on the resources you have defined in your plan.
  • 3 Defined settings: Region, number of VM instances and size of VM instances.
  • Continue adding new applications to the plan as long as you have enough resources.

How do applications run and scale in App Service plans

The Azure App Service plan is the scale unite of App Service applications. Depending on the pricing tier, your application run and scale in a different manner.

  • Free or Shared Tier: applications receive CPU minutes on a shared VM instance, applications can't scale out.
  • Basic, Standard Premium or Isolated Tier: applications run on all VM instances in the App Service plan. Multiple applications share the same VM instances and all deployment slots run on the same VM instance.

3.3.2 Pricing of Azure App Service plan

Free and Shared Tier

Base Tiers that run on the same Azure VM as other applications. Intended more for development and testing purposes. Free and shared plans are metered on a per application basis. There is no SLA provided for this tier.

Basic Tier

Designed for applications that have lower traffic requirements and don't need advanced auto scaling and traffic management features. Pricing depends on the size and number of instances.

Standard Tier

Designed for running production workloads. The auto scale feature is included in this tier. Pricing depends on the size and number of instances.

Premium Tier

Designed to provide enhanced performance for production applications. This tier supports higher scale via increased instance count while still providing the advanced capabilities of the Standard Tier.

Isolated Tier

Designed to run mission critical workloads that are required to run in a virtual network. This tier runs applications in a private and dedicated environment (App Service environment), with a maximum of 100 instances (more is possible but on request).

3.3.3 Scaling up and scaling out Azure App Service

Scaling up method

Scale up method increase the amount of CPU, memory and disk space.

Scaling out method

Scale out method increases the number of VM instance that run your application. You can scale out to maximum 30 instances, depending on your App Service plan pricing tier.

Auto scale method

Auto scale is based on predefined rules and schedules to automatically increase or decrease your instances. App Service plan can be scaled up and down at anytime.

Azure App Service scaling

  • Manually adjust plan tiers: start your plan at lower pricing tier and scale up if you acquire more App Service features.
  • Auto scale to support users and reduce costs.
  • No redeployment.
  • Scaling for other Azure Services.

3.3.4 Auto scale configuration of Azure App Service

Auto Scale

Auto scale allows you to have the right amount of resources running to handle the load on your application. You specify the minimum and maximum number of instances to run by a set of rules and conditions. Number of VM instances are automatically adjusted based on your rules. Auto scale setting is read by the auto scale engine to check whether to scale in or out. (grouped into profiles) Auto scale rules include a trigger and a scale action.

  • Metric-based rules: automatically scale depending on a certain metric, f.e CPU threshold.
  • Time-based rules (scheduled-based): time patterns in your load can be used to auto scale during high and low workload on your applications.

Configuration of automatic scaling

  • Minimum instance count
  • Maximum instance count
  • Adequate scale margin: difference between minimum and maximum instance count
  • Scale rule combinations: scale in and scale out combination
  • Metric statistic
  • Default instance count
  • Auto scale notifications

3.4 Azure App Service

3.4.1 Implementation Azure App Service

Azure App Service

Azure App Service brings everything together to create websites mobile backends and web APIs for any platform or device.

Benefits of App Service

  • Multiple languages and frameworks
  • DevOps optimization
  • Global scale with high availability
  • Connections to SaaS platforms and on-premises data
  • Security and compliance
  • Application templates
  • Visual Studio integration
  • API and mobile features
  • Serverless code

3.4.2 Create an application with App Service

Configuration settings of App Service

  • Name: unique app name, you can use custom domain name.
  • Publish: host your app as code or as Docker Container.
  • Runtime Stack: uses a software stack to run your app, including language and SDK versions.
  • Operating system: Windows or Linux.
  • Region: Location for your apps.
  • App Service Plan: App needs to be associated with App Service Plan to enable available resources.

Post-creation settings

  • Always on: keep your app loaded, even when there is no traffic.
  • ARR affinity (Application Request Routing): app client routed to the same instance for the life of the session.
  • Connection strings: encrypted at rest and transmitted over an encrypted channel.

3.4.3 Continuous integration and continuous deployment

Continuous integration and continuous deployment (CI/CD)

Out-of-the-box continuous integration and deployment with Azure DevOps, GitHub, BitBucket, FTP or a local Git repository on your development machine.

Continuous Deployment (CD)

  • Automated deployment (CI): Azure DevOps, GitHub and BitBucket
  • Manual deployment: Git, CLI, Visual Studio, FTP/S

3.4.4 Creating Deployment slots

Characteristics of Deployment slots

  • Deployment slots are live apps that have their own hostnames.
  • Deployment slots are available in Standard, Premium and Isolated App Service pricing tiers.
  • Standard, Premium and Isolated tiers offer other deployment slots.
  • App content and configuration elements can be swapped between 2 deployment slots (also production slot).

Benefits of deployment slots

  • Validation
  • Reductions in downtime
  • Restoring to last known good site
  • Consider auto swap

3.4.5 Adding deployment slots

Creating deployment slots

  • New deployment slots can be empty or cloned.
  • 3 Categories: slot-specific app settings and connection strings, continuous deployment settings and Azure App Service authentication settings.
  • Clone configuration is editable.

Swapped settings vs slot-specific settings

Swapped settings Slot-specific settings
General settings (framework version, 32/64 bit, web sockets Custom domain names
App settings Non-public certificates and TLS/SSL settings
Connection strings Scale settings
Handler mappings Always On
Public certificates IP restrictions
WebJobs content WebJobs schedulers
Hybrid connections Diagnostic settings
Service endpoints Cross-origin resource sharing (CORS)
Azure Content Delivery Network Virtual network integration
Path mapping Managed identities
Settings ending with suffix _EXTENSION_VERSION

3.4.6 Security of Azure Service App

Secure your App Service app

App Service provide security including federation, encryption, JSON web tokes (JWT) management, grant types, etc...

  • Authentication and authorization security module runs in the same environment as your application code.
  • Security module is configured by using app settings.
  • When security module is enabled, every incoming HTTP request passes through the module before handled by your application code.
  • Security module tasks: authenticate users, validate store and refresh tokens, manage authenticated session and inject identity information into request headers.

Benefits of App Security

  • Allow Anonymous requests (no action)
  • Allow only authenticated requests
  • Logging and tracing

3.4.7 Creating Custom domain names

Custom domain names for production apps

Default when creating a web app, Azure will create an URL for your web application as companyname.azurewebsites.net. For production web applications this might be a weird URL to use, so creating a custom domain name for production web applications might be better for your users.

Configuration of custom domain names

  • Reserve your domain name.
  • Create DNS records to map the domain to your Azure Web App: A (Address) or CNAME (Canonical Name) record.
  • Enable the custom domain.

3.4.8 Backup and restore your App Service

Backup and restore

Easily create backups manually or on a schedule in Azure App Service. You then can restore your app or site from a snapshot to a previous state, overwriting content or restoring to another app or site.

Features of Backup and Restore

  • Standard or Premium tier App Service plan required.
  • Azure storage account and container in same subscription as the app.
  • Can backup: app configuration settings, file content and any database connected to your app.
  • Backup consist of a Zip file (backup data of your app) and a XML file (manifest of Zip file).
  • Configure backups manually or on schedule.
  • Default is full backups.
  • Partial backups supported, Exclude certain files or folders.
  • Restoring partial backups work the same way as full backups.
  • Maximum 10 GB app and database content.
  • Backups visible on Containers page of storage account.

Considerations

  • Full Backups.
  • Partial backups.
  • Browse backup files.
  • Firewall on back-up destination: storage account as destination cannot be used when firewall on storage account is enabled.

3.4.9 Azure Application Insights

Azure Application Insights

A feature of Azure Monitor that lets you monitor your live applications. Designed to help you continuously improve the performance and usability of your apps.

Applications Insights monitoring

  • Request rates, response times and failure rates.
  • Dependency rates, respose time and failure rates.
  • Exceptions.
  • Page views and load performance.
  • User and sessison counts.
  • Performance counters.
  • Host diagnostics.
  • Diagnostic trace logs.
  • Custom events and metrics.

3.5 Azure Container Instances

3.5.1 Containers vs VMs

Containers

Containers are a PaaS solution. They virtualize the OS, which allows you to focus on the development of your applications.

Virtual Machines

Virtual Machines are a IaaS solutions. They virtualize hardware.

Containers vs VMs

Comparison Containers Virtual Machines
Isolation Lightweight host between host and other containers. No strong security Complete isolation between other VMs. Strong security
OS User mode portion of OS, just use services you need Complete OS + kernel (CPU, memory and storage)
Deployment Deploy instance via Docker, multiple deployments via AKS Deploy instance via HyperV, multiple deployments via PowerShell
Persistent storage Azure Disks or Azure Files VHD or SMF File share
Fault Tolerance Recreated by orchestrator if cluster node fails VMs failover to other server in the cluster

3.5.2 Azure Container Instances

Azure Containers Instances

Azure Container Instances (ACI) offers the fastest and simplest way to run a container in Azure, without having to manage any virtual machines and without having to adopt a higher-level service.

  • Fast startup times
  • Public IP connectivity and DNS names
  • Custom sizes
  • Persistent storage
  • Linux and Windows containers
  • Coscheduled groups
  • Virtual networks deployment

3.5.3 Implementation of container groups

Container groups

A collection of containers that get scheduled on the same host machine. The containers in a container group share a lifecycle, resources, local network, and storage volumes.

  • Container group = pod in Kubernetes. 1to1 mapping, a pod can contain multiple containers.
  • Allocates resources to a multi-container group. (CPU, memory and GPU).
  • ARM templates (other Azure service resources) and YAML files (deploy only container instances) for deployment.
  • Share external facing IP address, 1 or more ports and DNS label with FQDN. External client access, port mapping not supported and deleted groups (IP address and FQSN released).

Configuration of container groups

  • Container group on single host machine, and DNS name label.
  • Container group exposes single public IP with 1 port.
  • 1 Container listens on port 80, the other on port 1433.
  • 2 Azure files file shares and file shares are locally.

Multi-container groups

  • Web app updates
  • Log data collection
  • App monitoring
  • Front-end and back-end support

3.5.4 Docker Platform

Docker

A platform that enables developers to host applications within a container. A container in Docker is essentially a standalone package that contains everything needed to execute a piece of software.

  • Container: execution of a single application, process, or service.
  • Container image: package with all the dependencies and information required to create a container.
  • Build: creating a container image based on the information and context provided by the Docker-file.
  • Pull: downloading a Docker container image from a container registry.
  • Push: uploading a Docker container image to a container registry.

Docker Hub

A large global repository of container images from developers, for open source projects and independent software vendors.

Docker Hosts

Machines that run Docker and allow you to run your applications as containers.

Characteristics of Docker and containers

  • Docker available for Windows and Linux.
  • Container package includes application executable code, runtime environment (.NET Core), system tools and settings.
  • Docker-file is text file with instructions how to build a Docker image (batch script).
  • Containerized run the same locally and in the cloud.
  • Develop locally in Docker Container, share code with Quality Assurance for testing and deploy code to production in Azure.

3.6 VM Management with Azure CLI

3.6.1 Azure CLI

The Azure CLI is Microsoft's cross-platform command-line tool for managing Azure resources. It's available for macOS, Linux, and Windows, or in the browser using Azure Cloud Shell. The Azure CLI can help you manage Azure resources such as virtual machines and disks from the command line or in scripts.

3.7 Windows VM creation in Azure

3.7.1 Creating Windows VMs in Azure

Windows VMs

Azure VMs are an on-demand, scalable cloud computing resources. They include processors, memory, storage and network resources. They are a IaaS solution in Azure.

Creating Azure VM

Deploy an Azure VM in several ways:

  • Via Azure Portal.
  • Via a script using Azure CLI, Azure PowerShell or Azure CloudShell.
  • Via ARM templates using JSON or Bicep.

Resources used in a Windows VM

  • CPU & memory
  • Azure Storage account
  • Virtual disks
  • Virtual network
  • Network interface
  • Public IP --> a public IP is not needed for every VM

VM image choices

An image is a template that's used to create a VM. These templates include an OS and other software, such as development tools or web-hosting environments.

VM Sizes

VM sizes are grouped into categories, starting with the B-series for basic testing and running up to the H-series for massive computing tasks.

Size category Sizes
General use computing / web B, DSv3, Dv3, DSv2, Dv2
Heavy computational tasks FSv2, Fs, F
Large memory use Esv3, Ev3, M, GS, G, DSv2, Dv2
Data storage and processing Ls
Heavy graphics rendering or video editing NV, NC, NCv2, NCv3, ND
High-performance computing (HPC) H

Storage

Traditional HDD or modern SSD.

Map storage to disks

  • OS Disk: "C:" drive with a maximum of 2 TB.
  • Temporary disk: "D:" drive and temporary storage, ideal for Windows paging file.

Unmanaged vs Managed disks

  • Unmanaged disks: you're responsible for the storage accounts that are used to hold the VHDs corresponding to your VM disks.
  • Managed disks: the newer (and recommended) disk-storage model. They solve the complexity of unmanaged disks by putting the burden of managing the storage accounts onto Azure. This increases reliability, better security, gives snapshot support and backup support.

Network communication

VMs communicate with external resources using a virtual network (Vnet). A Vnet represents a private network in a single region on which your resources communicate.

Plan your network

Plan your network requirements up front for all the components in your architecture and create the Vnet structure you'll need separately, and then create the VMs and place them into the already-created Vnets.

3.7.2 Use RDP to connect to Windows Azure VMs

Remote Desktop Protocol

Remote Desktop (RDP) provides remote connectivity to the UI of Windows-based computers. RDP lets you sign in to a remote physical or virtual Windows computer and control that computer as if you were seated at the console. RDP utilizes port 3389 to connect to your VM.

Connecting to an Azure VM

Connecting to a VM in Azure using RDP is a simple process. In the Azure portal, you'll go to the properties of your VM, and at the top, click Connect. This will show you the IP addresses assigned to the VM and give you the option to download a preconfigured.rdp file that Windows then opens in the RDP client. You can choose to connect over the public IP address of the VM in the RDP file. Instead, if you're connecting over VPN or ExpressRoute, you can select the internal IP address. You can also select the port number for the connection.

Other connection options

Besides RDP you can also use SSH to connect to your VMs. SSH utilizes port 22 to connect to your VM. This is a security risk though. Both RDP and SSH requires you to open ports to establish the connection. These ports can be hacked. A better way to connect to your VM is using Azure Bastion.

3.7.3 Configuration of Azure VM Network settings

Opening Ports in Azure VMs

By default, new VMs are locked down. Apps can make outgoing requests, but the only inbound traffic allowed is from the virtual network (for example, other resources on the same local network), and from Azure's Load Balancer (probe checks).

There are 2 steps to adjust the configuration:

  • Create a Network Security Group (NSG)
  • Create an inbound rule allowing traffic to certain ports.

Network Security Groups

Network Security Groups (NSGs) are the main tool you use to enforce and control network traffic rules at the networking level. NSGs are an optional security layer that provides a software firewall by filtering inbound and outbound traffic on the VNet. Associated with a network interface card, subnet or both.

Rules in Network Security Groups

NSGs use rules to allow or deny traffic moving through the network. Each rule identifies the source and destination address (or range), protocol, port (or range), direction (inbound or outbound), a numeric priority, and whether to allow or deny the traffic that matches the rule.

3.8 Web app hosting with Azure App Service

3.8.1 Creating Web Applications using the Azure Portal

Azure App Service

A fully managed web application hosting platform. This platform as a service (PaaS) offered by Azure allows you to focus on designing and building your app while Azure takes care of the infrastructure to run and scale your applications.

Deployment slots

You can easily add deployment slots to an App Service web app. You can create a staging deployment slot where you can push your code to test on Azure. Once you're happy with your code, you can easily swap the staging deployment slot with the production slot.

Continuous integration / Continuous deployment (CI/CD)

Use integration and deployment solutions like Azure DevOps, GitHub, BitBucket, FTP or local Git repo.

Integrated Visual Studio publishing and FTP publishing

Benefit from the tight integration with Visual Studio to publish your web app to Azure via Web Deploy technology. App Service also supports FTP-based publishing for more traditional workflows.

Operating systems

After choosing a runtime stack, the toggle will indicate whether or not you have a choice of operating system. If your target runtime stack is available on both operating systems, select the one that you use to develop and test your application.

If your application is packaged as a Docker image, choose the operating system on which your image is designed to run.

App Service plans

An App Service plan is a set of virtual server resources that run App Service apps. A plan's size (sometimes referred to as its SKU or pricing tier) determines the performance characteristics of the virtual servers that run the apps assigned to the plan, as well as the App Service features to which those apps have access. Every App Service web app you create must be assigned to a single App Service plan that runs it.

A single App Service plan can host multiple App Service web apps. In most cases, the number of apps you can run on a single plan is limited by the apps' performance characteristics and the plan's resource limitations.

App Service plans App Service's unit of billing. The size of each App Service plan in your subscription, in addition to the bandwidth resources the apps deployed to those plans use, determines the price you pay. The number of web apps deployed to your App Service plans has no effect on your bill.

3.8.2 Prepare web application code

Bootstrap a web application

Prepare the code you want to deploy. The dotnet command-line tool that's part of the .NET SDK allows you to directly create the code for a new web application. In particular, you can use the dotnet new command to generate a new application from a template:

dotnet new mvc --name <YourAppName>

Adding your code to source control

Put the code into a source-control repository such as Git.

3.8.3 Deploy code to App Service

Automated deployment / Continuous integration

A process used to push out new features and bug fixes in a fast and repetitive pattern with minimal impact on end users.

  • Azure DevOps
  • GitHub
  • Bitbucket
  • OneDrive
  • Dropbox

Manual deployment

Manual push your code to Azure...

  • Git
  • az webapp up
  • ZIP deploy
  • WAR deploy
  • Visual Studio
  • FTP/S