Azure Infrastructure: Exam 70-533 - Design and Implement Azure App Service Apps

in #technology7 years ago

Now we're getting into the meat of the exam, this is expected to be 10-15% of what will be tested.

image.png

Azure App Service Web Apps

Main reference documentation.
App Service Plans can host web, logic, api and mobile apps.

  • ASP.NET
  • ASP.NET Core
  • Java
  • Node
  • Python
  • PHP

App Service (shared tenant)

Analagous to a server farm, Azure looks after the underlying infrastructure however.

Available Plans

  • Free and Shared : Cannot scale out, CPU quota. Development only
  • Basic, Standard, Premium and Premium V2Charged per per hour per VM instance)

Note: App Service Plans themselves can be changed up or down depending on requirements

You can move apps between plans to gain greater isolation.

Authentication and Authorization

User claims, token store and logging and tracing (when enabled) are all looked after by the app service.
image.png
A picture is worth a thousand words

Identity Providers

  • Azure Active Directory
  • Microsoft Account
  • Facebook
  • Google
  • Twitter

Authentication flow

  • Server flow (web apps)
  • Client flow (native apps, requires provider sdk)

Authorization

  • Off (allow all)
  • Log in with (allow only authenticated)
  • Allow anonymous (allow all, validate authenticated)

For role specific authorization you can inspect user claims

IP Addresses

Inbound

  • Dynamic
    • Changes if recreated in a different resource group
    • Changes if you delete and recreate the last app
    • Delete an SSL binding (renew a certificate)
  • Static - requires an SSL binding even if you don't need it. (Use self signed cert. in that case)

Outbound

  • Change on pricing tier changes
  • Dynamic. To find them use
az webapp show --resource-group <group_name> --name <app_name> --query outboundIpAddresses --output tsv

Hybrid connections

Allows you to connect to on-premises or other external networks via Azure Service Bus. To set up you need

  • Name
  • Hostname
  • Port
  • Service bus namespace

Traffic Manager Integration

Important - traffic manager works at the DNS level. It is not a proxy or gateway

  • Requires standard or premium app service plans
  • Load balance methods
    • Priority
    • Weighted
    • Performance
    • Geographic

Configure Traffic Manager and App Service

  1. Deploy multiple apps to load balance across
  2. Create profile and choose method
  3. Configure vanity domain to point to yourdomain.trafficmanager.net via CNAME. note that apex/root domains cannot be CNAME so use a redirect for bare domains to www

Diagnostics

  • Heath checkups is an interactive wizard
  • Tile shortcuts to take directly to a detailed report (last 24 hours)
  • Application insights for code level issues

App Service Environment (single tenant)

Creates an environment for which you can deploy up to 100 App Service Plan instances. 1 plan with 100 instances through to 100 plans with 1 instance. Each instance 1, 2 or 4 CPU. Cost is flat fee plus consumption.

External ASE

  • <domain>.p.azurewebsites.net
  • Comes with external IP address
  • Requires a subnet of at least /28 (which only allows scaling of 4). Recommend /25

Internal ASE

  • Custom domain name can't overlap with ASE domain name
  • Can't use IP based SSL or order certificate through Azure
  • Must manage DNS
  • Managing an internal ISE through portal requires the browser to have connectivity to the subnet the ASE is in.

Important - must work through the How To Guides on the documentation site - start with app settings

Sort:  

You got a 38.33% upvote from @proffit courtesy of @piquet!
Send at least 0.01 SBD/STEEM to get upvote , Send 1 SBD/STEEM to get upvote + resteem

Congratulations! This post has been upvoted from the communal account, @minnowsupport, by Piquet from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows. Please find us at the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.

If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP.
Be sure to leave at least 50SP undelegated on your account.

I don;t want the world to see me.. I don't think they would understand.