App Services Intro

Congratulations on continuing the path to learn Azure Courses!

Welcome to Azure App services.

With Azure App service, Azure provides a new level of backend integration for
mobile and web services.

In this course, you will be introduced to different types of azure app services,
key features, continuous deployment, deployment slots, app scaling, and app
management such as monitoring and securing of apps (mostly focuses on web apps).

Happy Learning!

Azure Web Site Hosting

Azure offers several ways to host web sites such as;

Azure App Service - for Web Apps and Services

Service Fabric - for Micro services based Apps
Cloud Services - for Multi tier Apps
Virtual Machines - for Line of Business(LOB) and Legacy Applications
Azure App Service Web apps (web Apps) is the best choice for most web apps ,which
you will learn deeply in this course.

Azure App Service Overview

Azure App Service Overview
Azure App Service is a fully managed PaaS (Platform as a Service) offering which
integrates Microsoft Azure Websites, Mobile Services into a single service by
adding new capabilities that enable integration with cloud systems and on-premises.

Different types of Applications available from app Service are:

Web Apps - used for hosting web applications and websites

Mobile Apps - used for hosting mobile app back ends

API Apps - used for hosting the RESTful APIs

Logic Apps - used for business process automation, system integration

Azure App Service Plans

App Service plans represents the physical resources included for hosting
applications. App service plan represents:

Region (West US, Central Asia, etc..)

Scale count (one, two, three instances, etc.)

Instance size (Small, Medium, Large)

SKU (Basic, Standard, Premium, etc..)

All azure app services such as web apps, API apps, function apps, and mobile apps
run in an app service plan.
Web Apps
Web app is a compute resource which can be on a shared or dedicated VM that azure
offers for website hosting.

Key App Service Features

Multiple languages and frameworks: App service provides support for different
languages such as python, ASP.NET, Node.js, Java, PHP.

DevOps optimization: Set up CI and CD with different tools and enables typical
DevOps life cycle.

Global scale with high availability: Automatically or manually scales up or out and
ensures the hosting of your application globally.

Connections to SaaS platforms and on-premises data: Access on-premises data using
hybrid connections

Application templates: Allows you to install open source softwares such as

wordpress, drupal, joomla, etc from the azure market place.

Visual Studio integration: Dedicated tools in Visual Studio streamline the work of
creating, deploying, and debugging.

Web Apps Capabilities

Web Apps Capabilities
It can run and scale apps on Windows or Linux VMs.

Web Apps adds the Power of Microsoft Azure, such as security, load balancing,
autoscaling, and automated management.

It takes the capabilities of DevOps, such as continuous deployment, package

management, staging environments, custom domain, and SSL certificates.

The above picture contrasts the traditional hosting and azure web app hosting.

Mobile Apps
Mobile apps in app service offers globally available and highly scalable mobile
application development platform for system integrators and enterprise developers.

Key App Service Features

Auto Scaling - Enables to handle customers load with automatically or manually
scaling up or out.

Staging Environments - Run multiple versions of environment such as to perform A/B

testing, test in production and do in-place staging of a new backend.

Continuous Deployment - can integrate with common SCM systems, allowing you to
automatically deploy a new version of your backend by pushing to a branch of your
SCM system.

Virtual Networking - can connect to on-premises resources using virtual network,

ExpressRoute or hybrid connections.

Isolated / Dedicated Environments - can be run in a fully isolated and dedicated

enviroment for securely running Azure App Service apps at high scale.

Mobile App Capabilities

Mobile App Capabilities
With Mobile Apps you can able to:

Build native and cross platform apps: You can take the advantage of App services
using native SDKs irrespective of your android, iOS, windows apps.

Connect to your enterprise systems: Mobile Apps enables to connect with your
enterprise on-premises or cloud resources.

Build offline-ready apps with data sync: Enables to work offline and ensures to
sync data when connectivity is present.

API Apps
API apps makes it easier to host, develop, and consume APIs in the cloud and on-
premises. With these we get simple access control, hybrid connectivity, and
seamless integration with Logic Apps.

Key App Service Features

Bring your existing API as-is

Easy consumption

Simple access control

Visual Studio integration

Integration with Logic Apps

Logic Apps
Logic Apps
Logic Apps enables a way to simplify and implement scalable integrations and
workflows in the cloud. It provides a visual designer to model and automate your
process as a series of steps known as a workflow.

Logic Apps
Key App Service Features
Saves time in designing complex processes using the design tools.

Optimizes workflows and patterns which would be easy in implementing the code.

Easy to start quickly from templates.

Customizes your logic app with your own custom APIs, and codes.

Build off a API Management, Azure Functions, and Azure Service Bus with first-class
integration support.

Azure Functions
Azure functions enables to execute code on-demand without the provision or manage
infrastructure explicitly. As it is a serverless compute service users need not to
be worried about the servers, virtual machines and scaling.

Key App Service Features

Manages apps instead of infrastructure

Optimizes for business logic

Allows to create functions in your own way

Azure Management Tools

The different types of tools through which the users can manage their apps are:

Azure command line interface

Azure PowerShell

Rest APIs

Azure Portal

Web App Deployment

The different deployment options that App services supports are:

FTP or FTPS: Use your favorite FTP enabled tool to move your files to Azure such as
filezilla, which is just a file upload process where user is responsible for the
version control and file structure management.

Kudu: Use the deployment engine in App Service to push your code to Kudu directly
from any repository (Git/Mercurial or OneDrive/Dropbox).

Web Deploy: Deploy code to App Service directly from your favorite tools such as
Visual Studio.

Each options are having its own characteristics hence carefully understand the
requirements while selecting the deployment type.

Web App Deployment

After successfully deploying your web app, a link will be generated or or you
download your publishing profile through which you can access your application.

A typical web app link looks like :

http://$webappname.azurewebsites.net
$webappname is your web app name.

It generates different endpoints basing your type of deployment such as FTP, Kudu
etc.. , you can access them at resource page > properties.

Web App Deployment Using FTP

The video explains how to deploy a web app using FTP tool (FileZilla). You can use
any FTP tools instead to upload your application.

Play

03:31
-03:56
Mute

Settings
Enter fullscreen
Play
If you have trouble playing this video, please click here for help.
No transcript is available for this video.

Deploy Web App Using Kudu

Hope you're familiar with web deploy using visual studio which you learned in Azure
Essential Continuum.

kudu is a hidden or background service site included by azure web app. It is the
engine behind source control based deployments into Azure App Service.

Kudu is useful for viewing deployment logs, capturing memory dumps, looking at
configuration parameters and many more. You can access Kudu service in azure portal
by navigating to your web app resource dashboard > Advanced Tools > Click on go.

Through Kudu you can retrieve diagnostic dump, view running processes, add site
extensions, list service data endpoints (REST APIs).

Deploy Web App Using Kudu

Watch this video to understand the Azure App deployment using Kudu.

Play

07:42
-11:22
Mute

Settings
Enter fullscreen
Play
If you have trouble playing this video, please click here for help.
No transcript is available for this video.

Continuous Deployment
Continuous Deployment
Continuous deployment works well for the projects where several contributions are
being integrated. Azure portal sets up an easy way for continuous deployment from
various sources such as BitBucket, Visual studio and GitHub.

You can enable and disable at any time it; navigate to your resource page and
choose Deployment center under Deployment section > choose source (Github,
VSTS,Onedrive etc..).

Deployment Slots
Deployment slots are actually live web apps with their own host names, hosted on
the same application server as your main app, which keeps the production slot.

In App service you can deploy your apps to separate deployment slots instead of
deploying in default production slot. This type of implementation includes several
advantages such as:

Allows validating web app changes in a staging deployment slot before swapping it
with the production slot.

Web app content and configuration elements can be swapped between two deployment
slots, including the production slot.

Cannot scale the intermediate slot, as the only slot that can be scaled is the
production slot.

Deployment Slots Usecase

Deployment Slots Usecase
Lets assume, one of your clients requires a modification in one of your product
that they are using.

The simplest way to deliver the requirement is to setup 2 deployment slots Staging
and Production ( you can create more) and push the final application changes to
staging for final testing.

If your Unit Tests gets succeeded, you can just swap your Staging slot to
Production and make it accessible to the client.

Adding Deployment Slot

To enable the deployment slots your app must be running on standard or premium
tier.

Navigate to your app deployment resource and choose the deployment slots option.

Click Add slot to get the deployment slots added.

Give the name of the slot.

When the first time you add the slot you will get only two options such as clone
configuration from the default slot in production and not at all.

Note: You can deploy to the slot from different branch or repository.

Adding Deployment Slots

Adding Deployment Slots
The deployment slots page for the app service in azure portal is represented in the
gif.

Which Settings are Swapped

When you clone configuration from another deployment slot, the cloned configuration
can be enabled for editing. The following list is the settings that gets changed
when you swap slots.

Settings that are swapped:

General settings, app settings, connection strings, handler mappings, monitoring
and diagnostic settings.

Settings that are not swapped:

custom domain names, publishing end points, scale settings, SSL certificates and
bindings.

Swap Deployments
Swap Deployments
Consider a situation where you left a bug unfixed in your final deliverable and did
not notice while running your unit tests, consequently your client sees the bug and
reports you immediately. If you're using Azure Deployment Slots, you can use the
previous deliverable by re-swap from Production to again Staging without stopping
your clients business for bug fix.

Steps to enable swap in azure portal:

After the successful deployment of your app, navigate to the resource window in
portal.

Choose swap option and select the source and destination slots.

For the above use case; the source deployment slot will be staging and destination
deployment slot would be production.

Enabling Continuous Deployment

Continuous deployment helps you more in your staging slot from code changes. See
the below video for enabling it from azure portal.

Play

08:49
-14:13
Mute

Settings
Enter fullscreen
Play
If you have trouble playing this video, please click here for help.
No transcript is available for this video.

App Scaling Overview

One of the major benefits of using the Azure cloud is Scalability. It ensures that
your web site is always available and responsive as per your business demands.

Following are the scaling options that helps increase your app performance :
Vertical Scaling: Scales up and down hardware.

Horizontal Scaling: Scales out and in resources.

Geo-Scaling

How to Scale Out and Scale Up

The video explains how to scale out, in and scale up, down of your app service in
Azure portal from apps service menu blade.

Play

02:59
-05:20
Mute

Settings
Enter fullscreen
Play
If you have trouble playing this video, please click here for help.
No transcript is available for this video.

Auto Scaling
Auto Scaling
Auto Scaling is an another way to increase your app performance, which scales your
apps basing on metrics.

The different metrics you can able scale are: CPUPercentage, MemoryPercentage,
DiskQueueLength etc..

Note : In the above picture the auto scaling is enabled based on CPU Percentage.
You can set up the scaling of instances and instances target based on a condition
on CPU Percentage.

Demo: Auto Scaling Configuring

This video implements auto-scaling by enabling schedule and performance rules based
on the metrics usage.

Play

13:50
-17:37
Mute

Settings
Enter fullscreen
Play
If you have trouble playing this video, please click here for help.
No transcript is available for this video.

Geo- Scaling
Geo- Scaling
Geo-Scaling adds geographical regions to your applications through out the world
and enables vertical and horizontal scaling independently.

This type of scaling has several benefits such as:

It gets closer to your customers who are using your applications in different
regions across the world.

Locating your app in different regions improves more availability and continued
service will be associated.

App Service Environments

App Service Environments is an App service feature which offers an isolated and
dedicated environment for running your app services apps in a secure manner.

This capability enables hosting your linux web apps, windows web apps, mobile
apps,functions and docker containers and helps to achieve massive scaling upto 50
instances as default.

App service environments are suitable for high scale, high memory utilized, and
secured network access applications, where customers can have multiple ASEs in
multiple azure regions or within a single azure region.

Note: ASEs are deployed to a virtual network where it is isolated to run only a
single customers application.

Scaling App Service Environments

App service environment is a fully dedicated infrastructure composed of front ends
and workers.

HTTP, HTTPS termination and load balancing of app service within an ASE are looked
by front end, which will be automatically added when the app service plans in ASE
are scaled out.

Workers are roles which hosts customer apps. These are available in three sizes:
one vCPU/3.5 GB RAM, two vCPU/7 GB RAM, and four vCPU/14 GB

An ASE can hosts range from 100 instances in a single app service plan to 100
single instance app service plans.

Scaling ASE
This video explains how to configure the ASE scaling in azure portal.

If you have trouble playing this video, please click here for help.
No transcript is available for this video.

Azure App Service Security Levels

Azure app service has two levels of security viz.,

Infrastructure and Platform Security

Application Security
1) Infrastructure and platform security:
App service manages the VMs, network connections, storage, web frameworks,
management, and integration features. These are secured and go through many
security checks on compliance. This security check ensures:

Your App Service apps are isolated from both the Internet and from the other
customer's Azure resources.

Communication of secrets between your App Service app and other Azure resources in
a resource group stays within Azure which are encrypted.

Communication between your external resources and App Service apps such as
PowerShell, CLI, REST APIs, and hybrid connections, are encrypted.

Azure App Service Security Levels

2) Application Security :
You need to develop, deploy, and manage your application code and content in a
secure way which should be looked after by you. Else, your application is
vulnerable to threats such as:

SQL Injection: Attack which inserts malicious code into strings that are further
passed to a SQL server instance for parsing execution.

Session Hijacking: May cause active hijacking (attacker directly gets involved with
the target) and passive hijacking (attacker just monitors the traffic).

Cross Site Scripting: Runs the malicious script on the user's computer by embedding
script tags in URLs.

Application Level Man In the Middle: Attacker reroutes the communication between
two users without the user's knowledge.

App Service Authentication

App Service Authentication
App Service Authentication is a trust relationship feature, which requires an
identity provider for the user to get validated.

In order to access services provided by google, facebook, twitter etc, the users
are required to sign in to their end point to get authenticated. Similarly, app
services directs all unauthenticated users to the endpoints of your azure
applications for sign-in.

Authentication Providers
Authentication Providers
There are several authentication options available for enabling authentication of
you app service . You can authenticate with

Azure Active Directory

Facebook

Google

Twitter

Microsoft Account

Authentication and Authorization Features

This video shows a demo on how to add authentication for an app service.

Play

06:48
-11:41
Mute

Settings
Enter fullscreen
Play
If you have trouble playing this video, please click here for help.
No transcript is available for this video.

App Service Isolation

One of the major customer's concerns on application is, how they can isolate their
environment for a better security practice.

This is possible by setting up the VPN gateway. It requires you to configure a

virtual network where the application lives in and the virtual network set up a
gateway.

Point to Site VPN and App service environment (explained in scaling app service
topic) are two such features that sets up your applications in isolation ensuring
high-level security.

Point to Site VPN connection offers you to create a connection from a virtual
network to an individual client computer. It is appropriate when you try to connect
to your VNet from remote locations like home, conference room etc..

App Service Isolation

This video shows how to Integrate VNet in your app service application for the
isolation in azure portal.

If you have trouble playing this video, please click here for help.
No transcript is available for this video.

Monitoring and Troubleshoot Overview

Azure offers many monitoring options for your applications to get them tracked.

In this module, you will get to know about different monitoring and troubleshoot
options provided by azure such as:

Resource health
Monitoring process explorer
Tracking application failure history
Diagnostics as a service
Monitoring HTTP traffic
Monitoring poor app performance
Monitoring CPU and Memory Usage.

Resource Health
Resource Health
Azure resource health service aims to reduce the customers time to spend in
troubleshooting, by enabling its capability of exposing the health of individual
resources.

Azure resource health offers a customized dashboard to display your resources

health and it also recommends actions you should take to troubleshoot problems.

You can access to resource health by navigating to your resource page > support +
troubleshooting > resource health.

Health Statuses
Health Statuses
Azure resource health service displays several health statuses for your resources
such as:

Available: Represents the service hasn't detected any events that affect the health
of the resource. In the picture, you could see the Availablestatus for your
service.

Unavailable: Represents the service has detected some event that is affecting the
on-going platform resource health. It changes to Available once the service runs as
expected.

Unknown: Indicates that resource health hasn't received any information about the
resource for more than 15 minutes.

Degraded: Indicates your resource has a loss in performance, although it is

available for usage.

Monitoring Process Explorer

Monitoring Process Explorer
Process Explorer function in azure displays all the websites hosted by azure and
helps to get into details about each process to identify the modules or handles
that are affecting the performance of the application.

Process Explorer also lets you kill a specific process that is causing the
performance issue for your application.

Application Failure History

Azure app service diagnoses various scenarios of your applications to identify
where it fails. It indicates whether it is a cloud provider issue or is a
deployment error or increase in traffic. It diagnoses the root cause of the problem
by examining through logs and calling support for help.

It is a self service root cause analysis function which is a first layer of

investigation. It mainly focuses on three core data points:

Availability

Requests/Failures

Deployments.

Diagnostics as a Service
Diagnostics as a Service is an advanced troubleshooting function that examines
variety of data points such as HTTP logs, Event logs, process memory dumps etc..

To get your application diagnoser:

Navigate to your resource page.

On the azure blade choose resource health under support + troubleshooting

Select Troubleshoot tool under what actions you can take section.

Choose my application is running slowly and under that select data collection and
analyses tool

You will be directed to your application diagnoser page which contains diagnosers
for your instances.

Monitoring HTTP requests

Monitor your HTTP requests, failures at resource health > Troubleshoot tool > My
app is returning HTTP 5xx errors > Live HTTP traffic chart
If you have trouble playing this video, please click here for help.
No transcript is available for this video.

Monitoring CPU and Memory

You can monitor the CPU and memory usage of your application by navigating to
resource health > Troubleshoot tool > My app is performing slowly > CPU/Memory

If you have trouble playing this video, please click here for help.
No transcript is available for this video.

Advanced Application Restart

Advanced application restart lets you restart individual instances of your
application once you identify with any particular instance not working as expected.

You need to specify the time in seconds that indicates the restart sleep timer. If
you are restarting multiple instances at the same time, the instances restart after
restart sleep time interval. It is not same as restarting your web apps.

To enable it: navigate to resource page > resource health > Troubleshoot tool > My
app is performing slowly > Advanced Application restart.

Hands-on scenario
The developers at your company are experiencing latency and timeouts with their web
application running on On-premises infrastructure. To overcome this, the company
wants to deploy their custom application in the cloud. As a solution architect, you
need to find a solution to this problem by automatically scaling the underlying
infrastructure to prevent future service interruptions. Use Azure App Services and
configure the required services with the following parameters in the Azure cloud.
i) App Services: Runtime Stack: .NET Core 3.1(LTS), OS: Windows, Region: East US,
Sku and Size: F1 Shared infrastructure, 1 GB memory.

Notes:

Use the credentials given in the hands-on to log in to the Azure Portal, create a
new resource group and use the same resource group for all resources. The
Username/Password/Services Name can be as per your choice, after completing the
hands-on, delete all the resources created.

Course Summary
Congratulations! You have come to the end of this course.

By now, you must have got a good understanding about deploying and managing Azure
App services.

All the concepts will be understood only if you do the hands-on.

Keep Learning!!!!!