Introducing The Azure App Service Environments Series!

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everyone in this series of videos I'll be focusing on configuring Azure app service environments I'll be doing a lot of Demos in this series of videos so if you're looking for practical tutorials this is exactly what you need so let's get started and before moving forward I want you to understand few things about Azure app services in general as you can see on the screen when you create an app service you need to have an Azure app service plan an app service plan can contain multiple app services and when you create these app service plans you can specify the SKU or the pricing tier of these app service plans as you can see we have the basic and we have free ones as well we have basic standard and Premium app service plans and based on the app service plan that you have selected there's a maximum number of apps that you can deploy in an app service plan and now we have reminded ourselves what app service plans and app services are and how they're related let's look at app service environments with within an app service environment or an AC we can have multiple app service plans you can think of an app service environment as a very powerful dedicated server that only host your app service plans or your app services and with this you have dedicated memory CPU and networking for your applications so that you can host your applications more securely and now let's have a look at a side by-side comparison of these two Services regular services they are called multi-tenant apps now this is the key difference that I want you to keep in mind they are multi-tenant because if I go back to my previous Slide the server that hosts these app service plans the same server hosts app service plans from multiple organizations for example asp1 could be the one that you have hosted and asp2 could be from another random company but with app service environments this is not the case all the app service en environments all the app service plans and apps within that dedicated environment will be owned only by your organization and this is the key difference and all the other characteristics of these two Services revolve around that multi-tenant and dedicated nature of these two services and in addition to this key feature you can use app services for General app hosting and you can use app service environments in an environment where you have heavy compliance needs and you want the environment to be highly secure and highly scalable you should go for app service environments and with app Services as I told you earlier since we are hosting the applications from different companies in the same server we have shared network infrastructure with app service environments we have Network isolation and we have limited control with app Services you know what I mean if you already used app Services you can't do a proper Network integration as well but with app service environments you have more control of the underly infrastructure and finally L app services are much cheaper than app service environments and now let's have a look at a scenario where you need an Azure app service environment or an Azure app service now let's think of this scenario let's say you have an app that needs to be hosted on Cloud on Azure and you want only the on premises officers accessing that application now in that case what you can do is you can create a virtual Network and you can set up a sight to sight or an express route VPN connection between Azure and on premises and you can can host your application in the cloud with this VPN integration whatever you have within this virtual network is within your security parameter now as I told you earlier if we have the virtual machine that host the applications within your virtual Network and if that virtual machine if that hosts applications from other users that will be a compliance issue that will be a security problem and this is where app service environments come in with app service environments we can be sure that all the apps that are running there are owned by our organization so without any compliance issue we can do these kind of setups and now if you look at app service environments pricing that is also important as you can see I'm not getting a separate page for the pricing information of aure app service environments this is the only page that is available and If I scroll down these are the pricing tiers that available we have the free shared basic standard premium and isolated so app service environments are actually part of app services but it's a different pricing tier and if I scroll down we have the premium one and we have premium V3 and we have the isolated plans and these are the plans that you can use when creating app service environments this isolated plan that is similar to app service environment V2 and the isolated V2 service plan this is the plan that you should use if you want to create the new version of abs service environments and that is V3 and now if I scroll up and go into this app service environments V2 page app service environments V2 will be retired on August 2024 so you should migrate your existing environments to we3 there's one more thing that I want you to notice and that is the price of app service environments now if I scroll up and look at the premium V3 tier of regular app services and look at P1 V3 that has two CES and 8 GB of RAM and you have to pay let me just change this to monthly pricing and we have two CES and 8 GB of RAM we have to pay $240 us monthly and now if I scroll down to isolated environment we have the same spec here we have two CES and 8 GB of RAM and we have more storage here but you have to pay twice as much and as you can see even though the number of cores and the ram is the same we have we have to pay more to have more control over the environment and if we want to run application in a dedicated environment and now let me show you how to create your first app service environment I have a resource Group here I'm just going to click on this button we can use as your Ci or terraform or bicep to create the resources the First Resource I'll be creating using the Azure Portal app service environments as you can see I'm using App service environments we3 and we have we2 as well I'm just going to go in as you can see I have selected the resource Group and the instance details I have to name my app service environment I'm going to call it let's see whether that is available yes and this is an important setting here we have two options we can expose the AC hosted apps on the internet accessible IP address or we can keep it private and when I change this as you can see the the default URL changes the first one I'm going to create with an internal setting so that this won't be accessible in the public internet this will only be available within my virtual Network going to hosting and as you can see we have the physical Hardware isolation as well when I change this I have to pay more if you have compliance requirements to host your applications in a physically separate devices you should go with this option or you can go with this option I'm going to go with physical Hardware isolation disabled and one more important thing that I want you to notice is that when you change the Zone redundancy when you make it enabled we have we don't have this option right so that kind of makes sense because when you are deploying your application in a one separate dedicated server probably they haven't set up the Zone redundancy for that that could be very expensive all right so I'm going to keep this disabled and Zone redundancy disabled as well for this demo I'm going to go next and as you can see I have to select a virtual Network I'm going to call it wiet AC demo and I'm selecting the re region here I'm going to keep it as East us and one thing you might have noticed is that usually when we create Azure resources we specify the region here but in this case we are only specifying the region of the virtual Network so basically the app service environment will be deployed into the the region that the virtual network is in all right so I have created the virtual Network and now let's look at the subnets I'd have to created a subnet as as well and this will be a dedicated subnet let me call it AFC subnet all right since this is a delegated subnet we won't be able to add other resources into this subnet environment I'm not going to associate this subnet with any security groups yet I'm just going to keep all these configuration as default and this is also an important setting here we have the option to use an a PRI DNS private Zone automatically created for us and this I believe is a relatively new Option and uh I'm going to go with manual I will provide my own custom DNS resolution let me just um go ahead and create the app service environment this deployment can take hours to complete so until this is done let's have a look at the architecture of our demo today this is what we're going to implement we have already created the virtual Network the uh the subnet and also the app service environment as well so what we're going to do is we're going to deploy app Services into this app service environment actually first we'll have to create an app service plan and then I'll be deploying a virtual machine in a different subnet and I'm going to show you how you can access these apps in this virtual machine and these apps they're not public they're only accessible within the parameter of the virtual Network now let me go back to the deployment and see whether that is complete as you can see we have the app service environment in place if I go into that as you can see we have the uh um the state is ready we don't have any app service plans or apps created in this app service environment so let's create an app service plan or an app service in this app service environment for that let me go into this Marketplace and search for web app this is similar to regular app service creation process but the only interesting difference is that let me scroll down to region real quick and scroll up as you can see in addition to the regions we have our app service environment listed here so I can select that all right now I'm going to call this app one and the URL is going to be app oneac env. appservice environment. net this will be different if this app service environment was a public one I'm just going to keep all this configuration as it is I'm just going to select maybe net 8 this is the region and that is the the app service environment and this is the app service plan that will be created and that is okay and I'm going to go with the minimum isolated pricing tier that is available I'm going to go ahead and create this web app all right as you can see the application has been deployed and if I go into that and let's observe what we have here a little bit and if you look at the default domain and if I try to access it it can't be accessed from the public internet I have created the app one here now let me deploy app two as well all right as you can see I have deployed the app to as well and now I'm going to deploy the VM subnet and this virtual machine real quick I have just deployed this uh this virtual machine into the the virtual Network that also contains the app services and if I go into the subnets you can see we have the ASC subnet for app Services app service environments and we have the VM subnet for the uh virtual machine and now we have deployed all the components of architecture and if I log into this virtual machine and try to access these two app Services what would happen let's try it out now let me remote into this real quick all right now I'm in that virtual machine let me just go back to the uh the web app that we have deployed go to the service plan and scroll down and get to app one and and if I scroll down and as you can see this is the virtual IP address of this web app and that is 192 168 2504 and if I just try to access this in the virtual machine let's see what happens as you can see if you try to do that you might get this error now let me try to see if I just copy this domain Here and Now let let me see whether that works that also does not work let's try to open the windows terminal and then let's try to Ping this domain let's see whether this is accessible or not as you can see the virtual machine cannot find the app service if I just directly enter this it doesn't work now the solution for this is deploying a private DNS zone now let me show you how to do that as well I'm just going to go into the the same uh the uh the resource Group and then I'm going to create a private DNS Zone let me click create and I'm going to name this we can add a custom domain name here because this is not accessible to the public internet but what I'm going to do is I'm just going to use the this part here as the the domain name want going to paste it so this will be the private DNS Zone and I'm just going to revie and create this we have the private DNS Zone ready now if I go into the Ed browser and try to refresh it would it work it would not because we now have to associate this private DNS zone or link this private DNS Zone to our virtual Network I'm just going to add the link name here and I'm going to select the virtual Network and that is vet ASC demo and I'm going to enable auto registration as well since we have a virtual machine there it'll be automatically registered we have the link created the DNS private DNS zone is linked with this virtual Network and even now if I try this it won't work and now let me go into the virtual machine again and let's try to Ping this it still cannot find the IP address so now what I can do is I can just go into this page here we have to add DNS record records now I'm going to add this wild card record and this IP address of this app service environment and this is that IP address I'm going to copy that and then I'm going to go ahead and paste it here all right and then we need to add two record sets this is actually in the documentation and this is how we should do it we have added two DNS records and now if I go into the viral machine and try to Ping this as you can see actually what I should have done is a DNS lookup not a ping but it gets the job done as you can see this works and now if I try to refresh this it works one more thing that you might have noticed is that if I change this app one right now let's let's do a NS look up here this is the IP address that this resolves to if I change the app to app two I'm still saying the same IP addresses here and that is because the IP address that you're seeing here this is the IP address of the or the inbound IP address of the app service environment even though we have two apps deployed in the app service environment they won't be having separate IP addresses now let me show you what I mean here if I go into the app service environment and IP addresses as you can see this is the inbound IP address of this app service environment now if I go into each one of these apps and scroll down this is app one they both have the same IP address as you can see so this is why you cannot directly access the apps with IP addresses there's a load balance in front I'll be covering that in my upcoming videos we need to access the apps using the the domain name and it's this one and you can add custom domains as well and that also is a topic for another video and this is what I want to cover to give you an introduction to Azure app service environment and to show you a demo on how you can securely deploy an application internally in an virtual Network so this is it if you learned something new today don't forget to subscribe I will see you in my next video and thanks for watching
Info
Channel: Meet Kamal Today - Cloud Mastery
Views: 3,208
Rating: undefined out of 5
Keywords: App Service Environment tutorial, ASE configuration guide, Private endpoints in ASE, Azure SQL in App Service Environments, ASE with Azure DevOps, Hybrid connections in App Service Environments, Firewall setup for ASE outbound traffic, Azure web apps in App Service Environments, Mastering App Service Environments in Azure, app service environment azure, app service environment, environments app service, environments in azure app service, azure ase, azure app services
Id: AU1Owqo8emE
Channel Id: undefined
Length: 17min 16sec (1036 seconds)
Published: Tue Jan 09 2024
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.