Hey friends, we've been covering the evolution of Azure App Service environment since its earliest days. It's used by medical, banking, insurance, retail, manufacturing, energy, and government customers to host their web applications more securely. V3 of the service is now available and Christina Compy is back once again to share what's new – today on Azure Friday. Hey friends, I'm Scott and it's Azure Friday we're back with Christina. Copy is going to give me an update on what's new with ASE. The Azure App Service environment version three. How are you? I'm doing great sky. How are you doing today? I'm living the dream and learning about Azure so it's a good day. So yeah, I'm here and happy to talk to you about the new ASE V3 that we just popped out the door. It's we've been working on this one for a couple years, so I use App Service. I've got a lot of them. I'm a huge fan of App Service, but I don't have an App Service Environment is that just because I just I'm not a big enough customer? I don't need that isolation? Well, it really depends on if you need like isolation for compliance reasons, security reasons. If you are running like a retail site, I would lean towards using an ASE over the multi-tenant. You can set all these things up in the multi tenant. You can combine all the networking and connectivity features to enable access but a single tenant system where all of your network security is external to your apps. You know all you have to do is deploy your web app inside the system. That's that's pretty killer. So yeah, this thing is being used by a lot of our top customers for hosting their enterprise workloads. What's the best way for me to know though, that it's like it's time for an ASE? 'cause what I'm what I'm doing isn't a toy, but I'm also not like, you know, Big Co. I'm not Big Company. It's a very good question, I think probably there's two criteria. One, the easy one is that do you need to scale beyond the limits of what we got in the multi-tenant service so the ASE does allow for a much larger scale, but that one is an easy one to consider. Doesn't affect too many customers. You need to run at that volume, but then the other one is, Are you worried about a security or compliance review if that actually enters your mind, you're going to be far better off being able to say that all of my networking security is external to my apps. That all I have to do is deploy my app inside this configured system and I automatically inherit the connectivity and the isolation that's inherent to it, and that's very powerful when you stand in front of those compliance reviews, you know being able to say, look, you know you control the entire network. At this point I didn't have to do anything on my web app and you can take a look to your heart's content compliance. People look at it, rubber stamp and move along. That's a pretty powerful thing. This really means that it's time to move from a condo to actually just buy the building. I want my own space. Yes, I will agree there. Yeah, you get your own yard as well, right? You could put up the fence around the whole building. Uhm, I think if you were to look at the ASE V2 and V1 model those were so expensive by comparison that you really didn't go to ASE unless you had something very large scale right. You needed to have. I used to equate it to using a tractor trailer to buy a loaf of bread to, you know, have one web app in an ASE V2, but if you look at ASE V3, the pricing is there's no Stamping. There's no extra surcharge. You're just paying too, you know, for your app Service plan, and that's pretty cool. So with that, there's really no reason why you wouldn't want to have any of your secure workloads running in an ASE V3. That is a really great point as well, because I think that this decision point for me and other companies that maybe medium sized companies. They might say, well the fee and then really this is more about requirements, and the fee is going to be very, very appropriate and very competitive. So and you'll be showing us a demo today. Yeah, I'll be showing a demo. One last little tweak on the price though, is that you can also get the reserved instance pricing on it. That's somewhat new in App Service, so. If you want to save yet more money, then you've got that as an option, and it's only worth calling out 'cause, hey, we haven't really done those sort of things before. They reserved instance was missing on the compute side. Very cool. Cool alright, so a demo time so we're going to do a quick demo on making an ASE V3 so I'm going to show you making an ASE V3 quickly in. By itself, standalone mode. Now when you provision in HB3, you can pick whether or not you wanted to have a private address for inbound traffic inside your virtual network or whether you want it to have a public address. For the most part, people use public addresses for things like, you know marketing sites or. Something basically along those lines where you don't need the network isolation security you're looking at the scale up, and for most part people pick the internal version. Then from a deployment option, we've got some new things that didn't exist before in ASE and definitely not in App Service, so we have the ability for you to deploy on a dedicated host group, so you would be able to pick a dedicated. Pick a dedicated deployment and it would end up on hardware that's used by you and only you. This is actually a requirement for some of our customers, like energy customers, government, customers who wanted to be secured all the way down to the physical hardware and so now we've got that as an option zone redundancy. This is actually been very popular since we launched ASE V3. And of course, this gives you the ability to deploy an availability zone model. So when you do that, your apps will be. A deployed minimum quantity of three, and so that there's one in each of the availability zones. And that's excellent. Now the rest of it's boilerplate. The normal stuff where you have the same in SV2 where you can say you want Azure private zones configured with your race, or whether or not you're going to manage DNS on your own. And of course deployment takes a little while, so rather than go through actually doing the complete deployment right now, will hop over to what it would take to deploy a web app inside an ASE V3. As for that, it's actually not too mind-blowing once you see it. Once the big detail is that. When you go to to pick a region, you pick one of your race V threes as your region. Ah, OK, that's really interesting. Hey, could I impose upon you to just hit control? Plus to make the font just a smidge larger? Oh sure, I'm so sorry. Thank you. OK, so interesting. So you pick the region. It's like you have your own region. It really is. You have your own, but you've bought the building. Yeah, it's your basic private region and it exists. You know, in a. In an actual Azure region. But yeah, this is your own personal private region. It's a single tenant system. You look at all the rest of the regions by themselves and there these are shared environments. Those are shared multitenant systems that you'll end up on with thousands of other customers, and while your workloads are secure and isolated, you know it's still if I pick East US 2, I'll land on a deployment with other customers, but if I have an ASE that's in East US, then that's only my ASE. There's no other tenants on it, and for people who worry that you can, can you do cross sub? Yeah yeah it's a single tenant is a tenant right? You can still use multiple subscriptions on your own ASE that you have access to. You know I I was giving a talk recently explaining the cloud to some early into career people and I commented that in the old days there was hosting and you could visit the hard drives you could like go to the warehouse. The big giant building and you could touch the computer and you know ASE is kind of the closest thing you can do to say that's. My rack right there in that building you can't really visit, but you can really rest assured that it is private and and really dedicated. Yeah, this is as dedicated as it gets. We can get you all the way down to the hardware now so. For cloud offering, that's pretty pretty isolated. There you get your own personal building. The other thing I wanted to throw out there is that folks probably all have questions because, you know, I'm only touching on the surface of things. The overview within Docs is a pretty good place to start. It's titled still HV three because it's new or trying to highlight the fact that you know this is the SP3 material and one of the interesting things to point out that's in this doc is the region differences. So availability zones is not yet worldwide. Right, it's in limited regions, and so ASE V3 is in a subset of the regions that support availability zones. So if you want to see those details on which regions you've got, we've got that in documentation. For details on how to create an ASE, we of course have that detailed and documentation and lastly, but definitely not least Lee, there's a web and are out there that we did this summer that goes into a lot of the details about ASE. Not only do you get you know a better isolation story with ASE V3, but you get a faster performance. You get faster scaling. You get, uh, actually, I've got a slide that goes over some of this. Material if you don't mind me popping that up here please quick. There we go so. We talked a little bit about it, but without going in details but with a Speed 3 there's no networking dependencies like we had in HV2 and HV1. In fact, out of all the Azure services, ASP three is now the most isolated. Out of every other service out there, there are no inbound and outbound dependencies inside your network to support the 8th. It's more isolated than a virtual machine because it in a VM you still have to call out for like a clock signal or updates or something. The only traffic within a speed three is your traffic inside your network, and that's so much easier for customers who want to throw in forced tunneling or a firewall device or. And NBA, that's so much easier now. You just do whatever you like and you're not going to break or harm the ASE. The case itself is also a lot cheaper. We got rid of the Stampede that existed in ASE V2 and there's now reserved instance pricing available on ASE V3. You only pay basically for your App Service plans, which is fantastic and it's. Pardon, say that's huge, I mean I just like that was honestly one of the things that stamp fee that initial fee. But then also you just pointed out reserve instances if you're going to be there for a year, you're going to save huge numbers if you just reserve, you know your space for the entire year you lease lease, or you're buying this building, well, I'm going to be in this building for the next year. I'm going to get great pricing. Yeah, if you did three year, it's 55% off the rate, so you can actually get it cheaper than premium V2 with 300 instance pricing. It's kind of like. Cool, we aren't losing money. No, we're not losing money but barely or you know it's tight up. One thing I wanted to just make sure that people understand because not everyone might be familiar with the terms and I want to make sure that I understand. I'm so like a region like WUS it could be like you know I'm in here in Oregon so I'll just say like you know Oregon could be a region somewhere at somewhere in the West US and as US1 and US 2 but availability zones are like spaces within a region, so it's like you're still in West US but you're far enough away from each other that something happening at one. Won't affect the other. Is that a correct analysis? That's a very good way to put it the way I like to describe it is that availability zones are essentially your data center buildings, so if you were worried about like something that wiped out an entire building and there's three zones in that region, there's two more data center buildings still supporting all of the workloads that were zone redundant or that were pinned inside those buildings, so there's already just to make sure people understand there's already a ton of redundancy. Within a given a zone and within a given data center building that exists today. However, if you had something wider spread that took out the entire data center, that would be where zone redundancy is very useful. And then of course the next level up from that would be geographic redundancy where you have replication inside two different regions. OK, cool, that's good. That's good a good reminder about how that stuff works. Thank you. You're very welcome. No, it's a good thing to call out because. After a while, one tends to forget that the terms are not necessarily commonly used externally, so well. Then we're always constantly trying to make these analogies, 'cause it's like, OK, I can hold this hard drive in my hand and now I'm giving up control. But then you're describing products that are going to give us more control and more isolation, so it's like, is there a computer out there that I own or not? And like you said with a SV3, this is the closest you can get to owning your own personal space of the cloud. Your own slice of the cloud? Yeah, it's about as dedicated as we can get in terms of an Azure service, so yeah. It's pretty awesome. Uhm, I wanna throw out some other stuff. That's about the performance of. Also because one of the feedback items. It's a gentle way of putting it is that scaling takes too long in a Suite 2 and V1. And we've been working really hard to make it a lot better, so if you were to use SP3 today. It scales roughly. The Windows plans are less than 20 minutes, and the Linux plans are now less than 15 minutes but rough in round the end of the year, so we should be getting that down to both of them being near 10 minutes to scale, which is a massive improvement of where things are and the reason things take any sort of minutes. Measurable times, because we're having to provision them when you ask for them, right? This isn't where we can have pre. Provisioned capacity available in case you need it. We you want to scale out we have to get up the VMS we have to connect everything, get the cirts uploaded, install the software and it we've done a fantastic job where the devs have. They get all the credit for making it go this fast. So yeah, it's pretty extraordinary. I still like I mentioned before we were chatting before we started recording that I feel like old person that shakes fist at cloud because the boss would say, you know get another rack and then they would go golfing on Friday and then we would spend all weekend trying to source. Hardware and provision hardware and image machines. This is before virtual machines and it would take days you know, or the entire. We'd all work the weekend. The cloud is extraordinary, so just the idea that we're going from even 10 minutes to 20 minutes or 20 minutes rather to 10. That that's amazing. You're you're sourcing hardware, virtually finding it, hooking it up, making sure that it's secure on its own private network, and dedicated to me. You're adding condos to my new building in minutes. That's pretty extraordinary. I agree it's also that job you noted. There's still somebody back there inside the cloud building still going there to provision the hardware over the weekend, but now we're all abstracted away from it. Yeah, it's extraordinary. Excellent. Well, this will be my last time to talk to you about ASE, probably. I've moved on to the 5G team. The Azure for operators folks, so next time if there is another next time for ASE then you'll probably be meeting with somebody else I'm afraid. Well, then hopefully we'll have you on to talk about Azure for operators at some point. I hope so that would be great. Alright, fantastic. I am learning all about the Azure App Service environment V3 S V3, big changes and exciting stuff. Thank you so much Christina. Compy for catching me up today. Thank you very much, Scott, for having me over. Hey, thanks for watching this episode of Azure Friday. Now I need you to like it. Comment on it, tell your friends, retweet it. Watch more Azure Friday.
