Now we're getting into the meat of the exam, this is expected to be 10-15% of what will be tested.

Azure App Service Web Apps

Main reference documentation.
App Service Plans can host web, logic, api and mobile apps.

• ASP.NET
• ASP.NET Core
• Java
• Node
• Python
• PHP

App Service (shared tenant)

Analagous to a server farm, Azure looks after the underlying infrastructure however.

Available Plans

• Free and Shared : Cannot scale out, CPU quota. Development only
• Basic, Standard, Premium and Premium V2Charged per per hour per VM instance)

Note: App Service Plans themselves can be changed up or down depending on requirements

You can move apps between plans to gain greater isolation.

Authentication and Authorization

User claims, token store and logging and tracing (when enabled) are all looked after by the app service.

A picture is worth a thousand words

Identity Providers

• Azure Active Directory
• Microsoft Account
• Facebook
• Google
• Twitter

Authentication flow

• Server flow (web apps)
• Client flow (native apps, requires provider sdk)

Authorization

• Off (allow all)
• Log in with (allow only authenticated)
• Allow anonymous (allow all, validate authenticated)

For role specific authorization you can inspect user claims

IP Addresses

Inbound

• Dynamic
  • Changes if recreated in a different resource group
  • Changes if you delete and recreate the last app
  • Delete an SSL binding (renew a certificate)
• Static - requires an SSL binding even if you don't need it. (Use self signed cert. in that case)

Outbound

• Change on pricing tier changes
• Dynamic. To find them use

az webapp show --resource-group <group_name> --name <app_name> --query outboundIpAddresses --output tsv

Hybrid connections

Allows you to connect to on-premises or other external networks via Azure Service Bus. To set up you need

• Name
• Hostname
• Port
• Service bus namespace

Traffic Manager Integration

Important - traffic manager works at the DNS level. It is not a proxy or gateway

• Requires standard or premium app service plans
• Load balance methods
  • Priority
  • Weighted
  • Performance
  • Geographic

Configure Traffic Manager and App Service

1. Deploy multiple apps to load balance across
2. Create profile and choose method
3. Configure vanity domain to point to yourdomain.trafficmanager.net via CNAME. note that apex/root domains cannot be CNAME so use a redirect for bare domains to www

Diagnostics

• Heath checkups is an interactive wizard
• Tile shortcuts to take directly to a detailed report (last 24 hours)
• Application insights for code level issues

App Service Environment (single tenant)

Creates an environment for which you can deploy up to 100 App Service Plan instances. 1 plan with 100 instances through to 100 plans with 1 instance. Each instance 1, 2 or 4 CPU. Cost is flat fee plus consumption.

External ASE

• <domain>.p.azurewebsites.net
• Comes with external IP address
• Requires a subnet of at least /28 (which only allows scaling of 4). Recommend /25

Internal ASE

• Custom domain name can't overlap with ASE domain name
• Can't use IP based SSL or order certificate through Azure
• Must manage DNS
• Managing an internal ISE through portal requires the browser to have connectivity to the subnet the ASE is in.

Important - must work through the How To Guides on the documentation site - start with app settings