Azure App Service

Management

September, 2023
Agenda

• Key concept
• Azure App Service and Azure App Service plan
• Deployment
• Configuring Azure App Service
• Monitoring and diagnostic
• Azure Traffic Manager
• Azure Load balancer
• Azure Application Gateway
• Terraform modules
• Dynamic block Terraform

CONFIDENTIAL 2
• KEY CONCEPT

CONFIDENTIAL 3
Key concept

• Azure App Service enables you to build and host web apps,
mobile back ends, and RESTful APIs in the programming language
of your choice without managing infrastructure

• It offers auto-scaling and high availability, supports both

Windows and Linux, and enables automated deployments from
GitHub, Azure DevOps, or any Git repo

• SLA - 99.95%

CONFIDENTIAL 4
Key concept

For DevOps For Developers

• integration with DevOps Service • multiple languages and

• staging environments frameworks
• custom domain and SSL • API and mobile features
certificates • serverless code
• PaaS • PaaS
• security and compliance • documentation
• global scale with high availability
• Linux, Windows and Docker
support

CONFIDENTIAL 5
• APP SERVICE AND APP SERVICE PLAN

CONFIDENTIAL 6
App service and app service plan

App Services:
• Windows Server VM + IIS Web app Logical app
• Linux VM + Tomcat
• Web apps, API apps, Mobile apps,
Logical apps, Function apps hosted on
the App Service Plan
Mobile app API app
• Load balanced

PaaS services:
• VMs abstracted by the platform and
run/updated by Azure
• VMs: the App Service Plan – what you
pay for

CONFIDENTIAL 7
 App service and app service plan

Each App Service plan defines:

Web app Logical app
• Region (West US, East US, etc.)
App service plan
• Number of VM instances
• Size of VM instances (Small, Medium,
Large)
• Pricing tier (Free, Shared, Basic,
= Mobile app API app

Standard, Premium, PremiumV2,

Isolated, Consumption)

PremiumV2

• Small (one CPU core, 3.5 GiB of memory)

• Medium (two CPU cores, 7 GiB of memory)
• Large (four CPU cores, 14 GiB of memory)

CONFIDENTIAL 8
App service and app service plan

Purpose?
App service plan: App service:
• scaling • application setting storage
• hosting • code execution
• DNS and SSL configuration
• capacity
• IIS web site management
App service plan • Virtual network integration (p2p)

App service

CONFIDENTIAL 9
Benefits of App Service plan pricing model

Standard Tier; 1 S3 (4 Core(s), 7 GB RAM,

50 GB Storage) x 730 Hours; Windows OS
Standard Tier; 1 S3 (4 Core(s), 7 GB RAM,
50 GB Storage) x 730 Hours; Windows OS 3
US$292.00 US$876.00

CONFIDENTIAL 10
 Azure Logic Apps

Azure Logic Apps is a cloud service that helps you automate and orchestrate tasks,
business processes, and workflows when you need to integrate apps, data, systems,
and services across enterprises or organizations.

• Connectors provide quick access from Azure

Logic Apps to events, data, and actions
across other apps, services, systems,
protocols, and platforms.

• Logic Apps provides built-in triggers and

actions so you can create schedule-based
workflows, help your logic apps
communicate with other apps and services,
control the workflow through your logic
apps, and manage or manipulate data.

CONFIDENTIAL 11
Azure Logic Apps

Visual designer, allows spend less time coding and more time composing workflows
that help automate complex business processes

CONFIDENTIAL 12
Azure Function App

Azure Functions is a solution for easily running small pieces of code, or

"functions" in the cloud.

• Choice of language - Write functions using your choice of C# or Javascript. Pay-

per-use pricing model - Pay only for the time spent running your code.
• Bring your own dependencies - Functions supports NuGet and NPM, so you can
use your favorite libraries.
• Integrated security - Protect HTTP-triggered functions with OAuth providers
such as Azure Active Directory, Facebook, Google, Twitter, and Microsoft
Account.
• Simplified integration - Easily leverage Azure services and software-as-a-
service (SaaS) offerings.
• Flexible development - Code your functions right in the portal or set up
continuous integration and deploy your code through GitHub, Azure DevOps
Services, and other supported development tools.
• Open-source - The Functions runtime is open-source and available on GitHub.

CONFIDENTIAL 13
• DEPLOYMENT

CONFIDENTIAL 14
Deployment options

Azure App Services include three main components of deploying to App Service:

- Deployment sources
A deployment source is the location of your application code. For production apps, the deployment
source is usually a repository hosted by version control software such as GitHub, BitBucket, or Azure
Repos.

- Build pipelines
A build pipeline reads your source code from the deployment source and executes a series of steps
(such as compiling code, minifying HTML and JavaScript, running tests, and packaging components)
to get the application in a runnable state.

- Deployment mechanisms
The deployment mechanism is the action used to put your built application into
the /home/site/wwwroot directory of your web app. The /wwwroot directory is a mounted storage
location shared by all instances of your web app.

CONFIDENTIAL 15
Deployment sources

Applications on Azure App Services can be deployed from:

- ZIP or WAR
- Use FTP
- Deploy continuously
- Use local Git
- Use Azure Pipelines
- Use GitHub Actions
- Run from package

CONFIDENTIAL 16
Deployment slots

Azure deployment slots

This is feature in Azure App Service. It helps us to deploy different versions on different slots
depending on our needs, to swap them, to route a specific percentage of user traffic to one or more
of our deployment slots etc.

CONFIDENTIAL 17
• CONFIGURING WEB APPS

CONFIDENTIAL 18
Configuring Azure App Services

Configure Application Settings:

- Use Azure Portal
Managing Application Settings for an Azure App Service Web App can be performed
using the Azure Portal. This provides an easy to use, graphical interface for configuring
the Application Settings for an application hosting in Azure App Service.

See more on link: https://learn.microsoft.com/en-us/azure/app-service/configure-common?tabs=portal

CONFIDENTIAL 19
Configuring Web Apps

Configure Application Settings:

- Use Azure CLI
There are times when command-line scripts or automation is needed to configure a Web
App hosted in Azure App Service. The Application Settings on the App Service App can
be configured from the Azure CLI using the az webapp config appsettings set command.

--settings
Space-separated appsettings in KEY=VALUE format. Use @{file} to load from a file.

See more on link: https://learn.microsoft.com/en-us/cli/azure/webapp/config/appsettings?view=azure-cli-latest

CONFIDENTIAL 20
Configuring Web Apps

Configure Application Settings:

- Use Terraform

See more on link:

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_web_app
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_web_app

CONFIDENTIAL 21
• MONITORING AND DIAGNOSTIC

CONFIDENTIAL 22
Monitoring and diagnostic

When you do run into issues with your web app, App Service diagnostics will point
out what’s wrong to guide you to the right information to more easily and quickly
troubleshoot and resolve the issue.

CONFIDENTIAL 23
Monitoring and diagnostic

Azure App Service provides built-in alerting functionality for web apps,
mobile back ends, and API apps in the Azure portal.

CONFIDENTIAL 24
Monitoring and diagnostic

Azure App Service provides built-in monitoring functionality for web apps, mobile
back ends, and API apps in the Azure portal.

CONFIDENTIAL 25
Kudo Panel

The Kudu Console is a tool that gives you both command line and file browser access to
your sites, all from the comfort of a web browser.
To access the Kudu Console, navigate to {yoursite}.scm.azurewebsites.net, and click
on Debug Console.

CONFIDENTIAL 26
AZURE TRAFFIC MANAGER

CONFIDENTIAL 27
Azure Traffic Manager

Azure Traffic Manager is a DNS-based traffic load balancer.

This service allows you to distribute traffic to your public facing applications across the
global Azure regions. Traffic Manager also provides your public endpoints with high
availability and quick responsiveness.

CONFIDENTIAL 28
AZURE LOAD BALANCER

CONFIDENTIAL 29
Azure Load Balancer

Azure Load Balancer operates at layer 4 of the Open Systems Interconnection (OSI)
model. It's the single point of contact for clients.
Load balancer distributes inbound flows that arrive at the load balancer's front end
to backend pool instances. These flows are according to configured load-
balancing rules and health probes.
The backend pool instances can be Azure Virtual Machines or instances in a Virtual
Machine Scale Set.

CONFIDENTIAL 30
Azure Load Balancer

A public load balancer can provide outbound connections for virtual machines (VMs)
inside your virtual network. These connections are accomplished by translating their private
IP addresses to public IP addresses. Public Load Balancers are used to load balance internet
traffic to your VMs.
An internal (or private) load balancer is used where private IPs are needed at the frontend
only. Internal load balancers are used to load balance traffic inside a virtual network. A load
balancer frontend can be accessed from an on-premises network in a hybrid scenario.

CONFIDENTIAL 31
AZURE APPLICATION GATEWAY

CONFIDENTIAL 32
Azure Application Gateway

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic
to your web applications.
Traditional load balancers operate at the transport layer (OSI layer 4 - TCP and UDP) and
route traffic based on source IP address and port, to a destination IP address and port.

CONFIDENTIAL 33
Azure Application Gateway
Azure Application Gateway features:

- Secure Sockets Layer (SSL/TLS) termination

Application gateway supports SSL/TLS termination at the gateway, after which traffic typically flows
unencrypted to the backend servers.
- Autoscaling
Application Gateway Standard_v2 supports autoscaling and can scale up or down based on
changing traffic load patterns.
- Zone redundancy
A Standard_v2 Application Gateway can span multiple Availability Zones, offering better fault
resiliency and removing the need to provision separate Application Gateways in each zone.
- Static VIP
The application gateway Standard_v2 SKU supports static VIP type exclusively.
- Web Application Firewall
Web Application Firewall (WAF) is a service that provides centralized protection of your web
applications from common exploits and vulnerabilities.
- Ingress Controller for AKS
Application Gateway Ingress Controller (AGIC) allows you to use Application Gateway as the ingress
for an Azure Kubernetes Service (AKS) cluster.
- URL-based routing
URL Path Based Routing allows you to route traffic to backend server pools based on URL Paths of
the request.

CONFIDENTIAL 34
Azure Application Gateway
Azure Application Gateway features:

- Multiple-site hosting
With Application Gateway, you can configure routing based on host name or domain name for
more than one web application on the same application gateway.
- Redirection
A common scenario for many web applications is to support automatic HTTP to HTTPS redirection
to ensure all communication between an application and its users occurs over an encrypted path.
- Session affinity
The cookie-based session affinity feature is useful when you want to keep a user session on the
same server.
- Web socket and HTTP/2 traffic
Application Gateway provides native support for the WebSocket and HTTP/2 protocols. There's no
user-configurable setting to selectively enable or disable WebSocket support.
- Connection draining
Connection draining helps you achieve graceful removal of backend pool members during planned
service updates or problems with backend health.
- Custom error pages
Application Gateway allows you to create custom error pages instead of displaying default error
pages.

CONFIDENTIAL 35
TERRAFORM MODULES

CONFIDENTIAL 36
Terraform modules
Terraform modules are self-contained pieces of infrastructure-as-code that abstract the
underlying complexity of infrastructure deployments.
They speed adoption and lower the barrier of entry for Terraform end users who consume
pre-built configuration. As a result, they should use coding best practices such as clear
organization and the DRY ("Don't Repeat Yourself") principle wherever possible.

CONFIDENTIAL 37
Terraform modules

main.tf will contain the main set of configuration for your

module.

variables.tf will contain the variable definitions for your

module. When your module is used by others, the variables
will be configured as arguments in the module block.

outputs.tf will contain the output definitions for your

module. Module outputs are made available to the
configuration using the module, so they are often used to
pass information about the parts of your infrastructure
defined by the module to other parts of your configuration.

*.tfvars since module input variables are set via arguments

to the module block in your configuration.
Calling Terraform command with configuration definition:
cd HW_solution
terraform plan -var-file='.\config\dev.tfvars'
terraform apply -var-file='.\config\dev.tfvars'

CONFIDENTIAL 38
DYNAMIC BLOCK TERRAFORM

CONFIDENTIAL 39
Dynamic Block Terraform

Dynamic blocks in Terraform are used to create multiple blocks of a certain type from a
complex data structure, such as a list or map. They provide a more flexible and efficient way
to manage resources, especially when dealing with a large number of similar resources or
configurations.

CONFIDENTIAL 40
Useful links

- Terraform on Azure
- Terraform modules
- Azure app service
- Azure App service plans
- Azure Load balancer
- Azure Traffic Manager
- Azure Application Gateway

CONFIDENTIAL 41
Thank you for attention

CONFIDENTIAL 42