Cloud & Networking
Reader small image

You're reading from  Implementing DevOps with Microsoft Azure

Product typeBook
Published inApr 2017
Reading LevelIntermediate
PublisherPackt
ISBN-139781787127029
Edition1st Edition
Languages
C#
Tools
Azure
Concepts
DevOps
Right arrow
Author (1)
Mitesh Soni
Mitesh Soni
author image
Mitesh Soni

Mitesh Soni has 8 years of experience in managing software for GNU/Linux and other UNIX-like operating systems in production environment. He started working as a professional with DevOps from 2013 and has worked on several live projects related to DevOps. https://www.linkedin.com/in/alessiogarofalo
Read more about Mitesh Soni

Right arrow

Chapter 5. Azure App Service Environments

Most people overestimate what they can do in one year and underestimate what they can do in ten years.                                                                                                                                –Bill Gates

This chapter is a bit theoretical, but it covers a premium service of Microsoft Azure platform that can be used for specific use cases that Azure Web Apps may not be able to handle effectively. Other than that, it is important to know why we are covering Azure Web Apps and App Service Environment (ASE). The reason behind that is it is equally important to have an environment ready for package deployment. When we consider it in the context of Java, we need to deploy the WAR file in a different environment. Here, we are dealing with PaaS so we need not worry about installing a runtime environment, else we will also need to find ways to automate it.

This chapter not only covers how to create ASEs but also provides...

Overview of ASEs

An ASE provides a dedicated and isolated environment to run Azure App Service. ASE is a premium service offered in Microsoft Azure. It provides more instances to scale if Azure Web Apps is hosted in an ASE. In Azure Web Apps, we have a Networking section where we can integrate Azure Web Apps with Azure VNet. In ASE, we can host Azure Web Apps in the VNet itself. In other words, ASE can be created in the subnet of a VNet as they are deployed in a VNet created by the account owner.

The benefit of hosting Azure App Service or Azure Web Apps in the ASE is that we can configure security for Azure Web Apps the way we do it for Azure VNet. In simple terms, we can use Network Security Groups (NSGs) to make it more secure. We can create NSGs with inbound and outbound rules to control traffic to Azure Web Apps. Thus, we can create a hybrid cloud scenario where Azure Web Apps can communicate with on-premise resources over a secure connection.

It also provides more instances in scaling...

Creating and configuring ASEs

Let's create an ASE with following:

  • Front end pool with two P2 compute resources
  • Worker pool 1 with two P1 compute resources
  • Worker pool 2 with zero P2 compute resources
  • Worker pool 3 with zero P3 compute resources
  • Single IP address to be used for IP SSL
  • VNet with 512 addresses using an RFC 1918 private address space; subnet with 256 addresses

To create an ASE follow, these steps:

  1. In the left sidebar, find App Service Environments.

Note

If it is not available, then click on More services and filter App Service Environments. Click on the star icon to bring that link on the left sidebar.

  1. Click on +Add. Enter Name for the ASEs, select Subscription, and select Resource Group (we already created the eTutorialsWorld resource group) by clicking on Use existing:
  1. Click on Virtual Network and on Create New. Enter name for the Virtual Network and select a Location. Click on OK:

Once we have configured VNet with the proper location, we can go back to the pane where other details of...

Enforcing HTTP redirection to HTTPS on Azure Web Apps

By default, Azure App Service does not enforce HTTPS. We can enforce HTTPS redirection by configuring the rules in the web.config file. 

In our normal Azure Web Apps URL, add scm after the name of the Azure web application. It opens a Kudu editor:

Go to Debug console and navigate to the wwwroot directory in the Kudu editor. 

Create web.config by executing the touch web.config command in the console:

Click on the Edit icon of the file and we can add the following content to redirect HTTP to HTTPS:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <rewrite>
      <rules>
      <!-- BEGIN rule TAG FOR HTTPS REDIRECT -->
        <rule name="Force HTTPS" enabled="true">
          <match url="(.*)" ignoreCase="false" />
          <conditions>
            <add input="{HTTPS}" pattern="off" />
          </conditions>
            <action type="Redirect...

Filtering traffic by IP and dynamic IP restrictions

We may want to restrict access to Azure Web Apps. We can achieve this using the <ipSecurity> element. We can define which IP addresses can access Azure, and the action to take in case of a violation of  that rule:

<configuration>
  <system.webServer>
    <security>
      <ipSecurity allowUnlisted="true" denyAction="NotFound">
        <add allowed="true" ipAddress="xxx.xxx.xxx.xxx"      
         subnetMask="255.xxx.xxx.xxx"/>
      </ipSecurity>
    </security>
  </system.webServer>
</configuration>

Dynamic IP restrictions allow us to block access to Azure Web Apps based on different scenarios as follows:

  • To deny access by maximum concurrent requests
  • To deny access by maximum requests within the specified time period

To configure dynamic IP restriction, make the following changes to the web.config file:

<configuration>
  <system.webServer>
    <security>
      <dynamicIpSecurity...

Comparing ASE and non-ASE (Azure Web Apps) 

The following are some but not all the differences between ASE and non-ASE:

Summary

Security is not a tool, a technology, or a one-time job, but an ongoing process. In this chapter, we discussed how to create ASE that is more secure than non-ASE or a normal Azure App Service. App Service is a PaaS offering from Microsoft Azure. ASEs offer App Service in the VNet and hence we can configure NSG to make the environment more secure. 

In other words, we can configure inbound and outbound security rules for traffic that flows inwards and outwards.

So far, we have covered continuous development using the Eclipse IDE and its integration with source code repository in VSTS. We also discussed how to perform continuous integration, how to create Azure Web Apps in a non-ASE environment, and how to manage Azure Web Apps as well. 

We need to understand that in ASE and non-ASE scenarios, only the hosting environment differs. Azure Web Apps related tasks and operations are same.

Our next goal is to deploy a package file in an environment that we have created that is Azure Web Apps...

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 14 of 17
Next Chapter
You have been reading a chapter from
Implementing DevOps with Microsoft Azure
Published in: Apr 2017Publisher: PacktISBN-13: 9781787127029
© 2017 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Mitesh Soni

Mitesh Soni has 8 years of experience in managing software for GNU/Linux and other UNIX-like operating systems in production environment. He started working as a professional with DevOps from 2013 and has worked on several live projects related to DevOps. https://www.linkedin.com/in/alessiogarofalo
Read more about Mitesh Soni

Other recommended products

Related to this chapter

DevOps Bootcamp

DevOps Bootcamp

DevOps is a term used to refer to a set of practices that emphasize the collaboration and communication of both software developers and the IT operations team. The main goal of DevOps is to automate the software development process with proper processes that involve people to change the culture. This book will follow a bootcamp approach, which will teach you practical implementation of DevOps everyday.

BookMay 2017312 pages
Learning Azure Functions

Learning Azure Functions

Learning Azure Functions covers fundamental concepts and terminology of Cloud computing, Cloud service models, Cloud Deployment Models, what Functions mean, Serverless Architectures, Anatomy and Structure of a Function App, Triggers, and Bindings. It describes in detail how Visual Studio Team Service and Azure Functions can be utilized for Continuous Integration and Continuous Delivery based on successful execution.

BookSep 2017240 pages
Jenkins Essentials

Jenkins Essentials

In agile development practices, developers need to integrate their work frequently to fix bugs or to create a new feature or functionality. Jenkins is used specifically for Continuous Integration, helping to enforce the principles of agile development. This book focuses on the latest and stable release of Jenkins (2.5 and later), featuring the latest features such as Pipeline as Code, the new setup experience, and the improved UI. With the all-new Pipeline as Code you will be able to build simple or advanced pipeline easily and rapidly, hence improving your teams' productivity.

BookJun 2017280 pages
Learn Microsoft Azure

Learn Microsoft Azure

Microsoft Azure is a cloud computing platform that helps you build, deploy, and manage applications to overcome your business challenges. This book covers the commonly used Azure services and also explains how you effectively integrate and utilize them.

BookDec 2018354 pages
Hands-On Networking with Azure

Hands-On Networking with Azure

Customizing networks and controlling the traffic flow is becoming a must for all the modern solutions, even if these solutions exist on Azure, on-premises or a combination of both. In this book, you will learn all Azure networking solutions and spanning them across Azure and On-premises, and how to build a highly available environment by them.

BookMar 2018276 pages
Implementing Microsoft Azure Infrastructure Solutions: Exam Guide 70-533

Implementing Microsoft Azure Infrastructure Solutions: Exam Guide 70-533

This book focuses on skills and knowledge for provisioning and managing services in Microsoft Azure. This includes implementing infrastructure components such as virtual networks, virtual machines, containers, web and mobile apps, storage, planning and managing Azure AD and configuring Azure AD integration with on-premises Active Directory domains.

BookAug 2018516 pages
Jenkins 2.x Continuous Integration Cookbook

Jenkins 2.x Continuous Integration Cookbook

This book will focus on the most latest release of Jenkins that is 2.32, with the latest features such as pipeline as code, new setup experience, and improved UI. With all new pipeline as code you will be able to build simple or advanced pipeline easily and rapidly, hence improving your teams productivity.

BookOct 2017438 pages
Practical AWS Networking

Practical AWS Networking

Amazon Web Services has dominated the public cloud market by a huge margin and continues to be the first choice for many organizations. Networking has been an area of focus for all the leading cloud service providers. AWS has a suite of network-related products which help in performing network related task on AWS.

BookJan 2018258 pages
Azure Serverless Computing Cookbook

Azure Serverless Computing Cookbook

Microsoft provides a solution to easily run small segment of code in the Cloud with Azure Functions. Azure Functions provides solutions for processing data, integrating systems, and building simple APIs and microservices. This recipe-based guide will help you gain all the skills required to work with serverless code architecture, providing continuous delivery to your users.

BookAug 2017332 pages
Hands-On Cloud Administration in Azure

Hands-On Cloud Administration in Azure

Cloud offers new opportunities and more and more features every day. All services hosted in local Data Centers are now available in Azure. In this book, we’ll show you how to work in Azure and how to use Azure resources to your advantage.

BookOct 2018390 pages
DevOps with Windows Server 2016

DevOps with Windows Server 2016

BookMar 2017558 pages
Migrating Applications to the Cloud with Azure

Migrating Applications to the Cloud with Azure

The cloud is no longer just a buzzword, but a proven technology, and companies are moving there fast. One of the problems many teams face is how to move their legacy applications to the cloud. This book offers the perfect solution to strategize and plan your app modernization journey by taking advantage of the Azure ecosystem using the .NET and Java technologies.

BookDec 2019494 pages

Personalised recommendations for you

Based on your interests and search pattern

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.

BookAug 2023524 pages
Microsoft 365 Security, Compliance, and Identity Administration

Microsoft 365 Security, Compliance, and Identity Administration

The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.

BookAug 2023630 pages
Zero Trust Overview and Playbook Introduction

Zero Trust Overview and Playbook Introduction

Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.

BookOct 2023240 pages
The Self-Taught Cloud Computing Engineer

The Self-Taught Cloud Computing Engineer

This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.

BookSep 2023472 pages
Technology Operating Models for Cloud and Edge

Technology Operating Models for Cloud and Edge

This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.

BookAug 2023228 pages
Azure Architecture Explained

Azure Architecture Explained

Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.

BookSep 2023446 pages
Pentesting Active Directory and Windows-based Infrastructure

Pentesting Active Directory and Windows-based Infrastructure

This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.

BookNov 2023360 pages
Practical Ansible

Practical Ansible

In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.

BookSep 2023420 pages
Windows 11 for Enterprise Administrators

Windows 11 for Enterprise Administrators

Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.

BookOct 2023286 pages
The Linux DevOps Handbook

The Linux DevOps Handbook

This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.

BookNov 2023428 pages2

non-ASE

ASE

Virtual Network

Azure Web Apps are hosted in a multitenant environment. We can configure Azure Web Apps to integrate it with VNet.

ASEs are created in the VNet, so Azure Web Apps are hosted in Azure VNet.

Resource layers

There are instances that can be utilized directly in ASP.

In ASE, we have two layers: 

Front end pool: This is used for load balancing and SSL termination

Worker pools: There are three worker pools in ASE. Instances available in the worker pools are used in the creation of ASP, and then we can host Azure Web Apps in the ASP.

Support for NSGs

Azure App Service / Azure Web Apps is a PaaS and not hosted in VNet. Hence, we can't configure inbound and outbound rules. 

As ASE is in VNet, we can configure the subnet with NSG. Hence, we can configure inbound security rules and outbound security rules.

Instance size(s)

Only three types of instance can be used in Azure...