Now we're getting into the meat of the exam, this is expected to be 10-15% of what will be tested.
Azure App Service Web Apps
Main reference documentation.
App Service Plans can host web, logic, api and mobile apps.
- ASP.NET Core
App Service (shared tenant)
Analagous to a server farm, Azure looks after the underlying infrastructure however.
- Free and Shared : Cannot scale out, CPU quota. Development only
- Basic, Standard, Premium and Premium V2Charged per per hour per VM instance)
Note: App Service Plans themselves can be changed up or down depending on requirements
You can move apps between plans to gain greater isolation.
Authentication and Authorization
User claims, token store and logging and tracing (when enabled) are all looked after by the app service.
A picture is worth a thousand words
- Azure Active Directory
- Microsoft Account
- Server flow (web apps)
- Client flow (native apps, requires provider sdk)
- Off (allow all)
- Log in with (allow only authenticated)
- Allow anonymous (allow all, validate authenticated)
For role specific authorization you can inspect user claims
- Changes if recreated in a different resource group
- Changes if you delete and recreate the last app
- Delete an SSL binding (renew a certificate)
- Static - requires an SSL binding even if you don't need it. (Use self signed cert. in that case)
- Change on pricing tier changes
- Dynamic. To find them use
az webapp show --resource-group <group_name> --name <app_name> --query outboundIpAddresses --output tsv
Allows you to connect to on-premises or other external networks via Azure Service Bus. To set up you need
- Service bus namespace
Traffic Manager Integration
Important - traffic manager works at the DNS level. It is not a proxy or gateway
- Requires standard or premium app service plans
- Load balance methods
Configure Traffic Manager and App Service
- Deploy multiple apps to load balance across
- Create profile and choose method
- Configure vanity domain to point to
yourdomain.trafficmanager.netvia CNAME. note that apex/root domains cannot be CNAME so use a redirect for bare domains to www
- Heath checkups is an interactive wizard
- Tile shortcuts to take directly to a detailed report (last 24 hours)
- Application insights for code level issues
App Service Environment (single tenant)
Creates an environment for which you can deploy up to 100 App Service Plan instances. 1 plan with 100 instances through to 100 plans with 1 instance. Each instance 1, 2 or 4 CPU. Cost is flat fee plus consumption.
- Comes with external IP address
- Requires a subnet of at least /28 (which only allows scaling of 4). Recommend /25
- Custom domain name can't overlap with ASE domain name
- Can't use IP based SSL or order certificate through Azure
- Must manage DNS
- Managing an internal ISE through portal requires the browser to have connectivity to the subnet the ASE is in.