Azure Infrastructure: Exam 70-533 - Design and Implement Azure App Service Apps
Now we're getting into the meat of the exam, this is expected to be 10-15% of what will be tested.
Azure App Service Web Apps
Main reference documentation.
App Service Plans can host web, logic, api and mobile apps.
- ASP.NET
- ASP.NET Core
- Java
- Node
- Python
- PHP
App Service (shared tenant)
Analagous to a server farm, Azure looks after the underlying infrastructure however.
Available Plans
- Free and Shared : Cannot scale out, CPU quota. Development only
- Basic, Standard, Premium and Premium V2Charged per per hour per VM instance)
Note: App Service Plans themselves can be changed up or down depending on requirements
You can move apps between plans to gain greater isolation.
Authentication and Authorization
User claims, token store and logging and tracing (when enabled) are all looked after by the app service.
A picture is worth a thousand words
Identity Providers
- Azure Active Directory
- Microsoft Account
Authentication flow
- Server flow (web apps)
- Client flow (native apps, requires provider sdk)
Authorization
- Off (allow all)
- Log in with (allow only authenticated)
- Allow anonymous (allow all, validate authenticated)
For role specific authorization you can inspect user claims
IP Addresses
Inbound
- Dynamic
- Changes if recreated in a different resource group
- Changes if you delete and recreate the last app
- Delete an SSL binding (renew a certificate)
- Static - requires an SSL binding even if you don't need it. (Use self signed cert. in that case)
Outbound
- Change on pricing tier changes
- Dynamic. To find them use
az webapp show --resource-group <group_name> --name <app_name> --query outboundIpAddresses --output tsv
Hybrid connections
Allows you to connect to on-premises or other external networks via Azure Service Bus. To set up you need
- Name
- Hostname
- Port
- Service bus namespace
Traffic Manager Integration
Important - traffic manager works at the DNS level. It is not a proxy or gateway
- Requires standard or premium app service plans
- Load balance methods
- Priority
- Weighted
- Performance
- Geographic
Configure Traffic Manager and App Service
- Deploy multiple apps to load balance across
- Create profile and choose method
- Configure vanity domain to point to
yourdomain.trafficmanager.net
via CNAME. note that apex/root domains cannot be CNAME so use a redirect for bare domains to www
Diagnostics
- Heath checkups is an interactive wizard
- Tile shortcuts to take directly to a detailed report (last 24 hours)
- Application insights for code level issues
App Service Environment (single tenant)
Creates an environment for which you can deploy up to 100 App Service Plan instances. 1 plan with 100 instances through to 100 plans with 1 instance. Each instance 1, 2 or 4 CPU. Cost is flat fee plus consumption.
External ASE
<domain>.p.azurewebsites.net
- Comes with external IP address
- Requires a subnet of at least /28 (which only allows scaling of 4). Recommend /25
Internal ASE
- Custom domain name can't overlap with ASE domain name
- Can't use IP based SSL or order certificate through Azure
- Must manage DNS
- Managing an internal ISE through portal requires the browser to have connectivity to the subnet the ASE is in.
Important - must work through the How To Guides on the documentation site - start with app settings
You got a 38.33% upvote from @proffit courtesy of @piquet!
Send at least 0.01 SBD/STEEM to get upvote , Send 1 SBD/STEEM to get upvote + resteem
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by Piquet from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows. Please find us at the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.
If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP.
Be sure to leave at least 50SP undelegated on your account.
I don;t want the world to see me.. I don't think they would understand.