App Services - amitbhilagude/userfullinks GitHub Wiki
1. App Services Types
a. Webapp
i. Replacement of azure website
b. API app
i. Similar features as Web app
ii. Additional configuration for CORS
iii. Deployment without code change
iv. Swagger for API testing
c. Mobile app
i. Replacement of mobile services
ii. Similar features as Web app and Mobile app
iii. Quick start for mobile development
iv. Client and server Sdk for offline mobile sync and notifications hub.
Need more exploration on this topic.
d. Function App
i. Azure function
ii. Event driven trigger
1) Https
2) Blob or cosmos db event
3) Webhooks
4) Service bus trigger etc.
2. App Services Infrastructure
a. VMs per instance is created
b. Auto scale option for instance
c. Creates two drives c: and d:
i. C: used for temp storage
ii. D: used for solutions deployment , underlying storage is Blob
3. Deployment options
a. Multi tenant -Shared
b. ASE in vNet - Isolated network
c. Azure stack with on-prem app deployment
4. Supports 80/443 ports only
a. Inbound request goes to front end server
b. Outbound request goes from worker process
5. Plan
a. Free, basic, standard, premium, Isolated
6. Steps to create app service
a. Create app service plan
b. Provision app service
7. Multi Tennant- shared
a. Inbound traffic through public ip
b. App services to azure services db connection
i. Enable option allow azure services
c. App services to on-prem server
i. Use of hybrid connection feature - Azure service bus relay
ii. Need to install Hybrid connection manager
iii. Uses 443/TLS 1.2, no firewall open port required
d. App Services to other Azure services in Vnet
i. Point to Site VPN
ii. Site to site VPN from Azure Vnet to on-Prem
iii. Doesn't support express route if it is not in same region
8. App Service Environment( ASE)
a. Features
i. Isolated network
ii. Massive scale
iii. Integration options
1) Site to Site
2) Expresseroute
b. Virtual IP Types
i. External ASE( public IP address)
1) Use of NSG to filter traffic
ii. ILB ASE ( No public access)
1) We can still allow public traffic with WAF(Application gateway)
c. Version in Azure
i. ASEv1
ii. ASev2
iii. ASEV3(Public preview)
d. This also provides additional security by allowing you to deploy Azure Firewall, Application Security Groups, NSGs, Application Gateway, Web Application Firewall, and Azure Front Door
9. Deployment Options (deployment center options in ASE)
a. Directly from Visual studio with contribute access
b. Publish profile
c. FTPs
i. Secure over FTP
ii. Create credentials and get ftp url in deployment center
iii. Push files through File zilla tool
d. Github integration
e. Azure CLI
f. Kudu with Zip package upload
g. CI-CD Azure devops
10. Scale in and scale out
a. Scale in - increase cpu or memory- vertical scaling
b. Scale out- increase instance count - horizontal scaling
c. Autoscale- based on metrics and rules
11. Azure CDN
a. Edge server in region, end points and origin server
b. CDN providers( Each has different features)
i. Microsoft
ii. Verizone etc.
iii. Akmai
12. Deployment SLots
13. Networking
1. vNet Integration: Securely access resources from vNet
2. Hybrid Connection: Site to Point connection. Access resources from On-Prem which is Hybrid manager installed
3. Azure Front Door with WAF
4. Azure CDN
5. IP restrictions
14. Azure App Service Virtual Networking Features
1. App Service endpoint is publicly available and you can use IP restriction here.
2. App Service Virtual networking feature is used only to make outbound calls from your app into your virtual network. The virtual network integration feature has two variations:
1. Regional virtual network integration
1. When you connect to virtual networks in the same region, you must have a dedicated subnet in the virtual network you're integrating with.
2. Gateway-required virtual network integration
1. When you connect directly to virtual networks in other regions or to a classic virtual network in the same region, you need an Azure Virtual Network gateway created in the target virtual network.