Azure Overview and App Service

Some general notes about the Azure cloud platform and services.

Regions – geographical area with one or many datacenters

Feature Availability – not all features available in every region

Geography – discrete market area with one or more regions

Availability Zones – physically separate locations within Region providing redundancy for that region

Availability Sets – using two or more availability zones to leverage redundancy. Can be used as Update Domain (UD) for maintenance events, which can be on same physical hardware. Also can use Fault Domain (FD) where the physical hardware is different

Resource Group – container of resources. Great for metering, billing, setting policies, qutoas and access control. Every resource must be in a resource group (1 to 1)

Azure Computer Service

Computing service in Azure. Provides disks, processors, memory, networking and operating systems. Can be used on-demand, reserved or spot.

Some computer services:

Azure VM
VM Scale Sets
App Services
Functions
Azure Container Instances
Azure Kubernetes Service

Azure Network Services

Cloud and on-premise infrastructure networking services. May be public or isolated. Some network services are:

Azure Virtual Network (VNet across regions, or within one region, may also do network peering). Supports isolation, segmentation and routing/filtering of traffic.
Azure Load Balancer – provide high availability by monitoring TCP/UDP level traffic. Supports port forwarding.
VPN Gateway – Virtual Network Gateway – encrypted traffic between Vnet and on-premise over internet.
Azure Application Gateway – web traffic load balancer at the IP layer. Supports firewall, redirection, session affinity.
Content Delivery Network (CDN) – distrbuted network for efficiently deliver content bask on local region to minimize latency.

Azure Storage Services

Supports structured, unstructured and semi structured data.

Blob Storage – unstructured data (video, log files, binary, etc)
Disk Storage – data disks SSD or HDD
File Storage – using SMB (Server Message Block protocol)
Archive Storage – archival storage can be done as Blob Storage (most cost affective)

Azure Database Services

Fully managed PaaS database services. These include:

Azure Cosmos DB – highly distributed, elastic, schema-less data storage.
Azure SQL Database – DaaS for Microsoft SQL Server
Azure Database Migration – fully managed service for migrations

Big Data Analytics

Azure SQL Data Warehouse – Enterprise Data Warehouse (EDW) leverages MPP to run complex queries. Supports petabytes of data. Use Transact-SQL (T-SQL) and MPP to do high performance analytics.

Azure HDInsight – open source analytics service for running thinks like Apache Spark, Apache Hadoop, Apache Kafka, Apache HBase, APache Storm, Machine LEarning SErvices. Can do ETL (extraction transformation loading)

Azure Data Lake Analytics – big data lake,

Azure Marketplace

Connect users to Microsoft partners and Independent Software Venders (ISVs) for solutions and services. Over 8000 listings.

Internet of Things

IoT Central – fully managed IoT SaaS to connect, monitor and manage IoT assets.

Azure IoT Hub – managed service for central message hub; bidirectional between IoT application and devices.

Azure Advisor

Provides recommendations on high availability, security, performance and cost. It analyzes deployed services and looks for ways to improve. Provides actionable recommendations. Proactive improvements to overall cloud usage.

Azure Pricing

Azure Subscriptions – authentication/authorization for products and services. Grouping. Azure account may have one or many subscriptions. Manages billing, access control.

Management Group – container for maanaging access, policies and compliance across one or many subscriptions.

Management groups: These are containers that help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group.

Subscriptions: A subscription groups together user accounts and the resources that have been created by those user accounts. For each subscription, there are limits or quotas on the amount of resources you can create and use. Organizations can use subscriptions to manage costs and the resources that are created by users, teams, or projects.

Resource groups: A resource group is a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed.

Resources: Resources are instances of services that you create, like virtual machines, storage, or SQL databases

Total Cost of Ownership (TCO) Calculator

Tool for comparing ownership costs on premise vs Azure. Takes into account several items such as storage, labor, hardware, software, electricity, virtualizxation, datacenter, networking, database, etc.

To minimize costs, can use the Azure Advisor which performs cost analysis. Set spending limits. And use Azure Reservations – significant discount by reserving resources and paying in advanced.

It’s true that available purchasing options for Azure products and services depend on the type of customer you are. Products and services in Azure are arranged by category, with various resources available for provisioning in each category. You select the Azure products and services that fit your requirements and your account is billed according to Azure’s pay-for-what-you-use model. How you are billed, and which products and services you can choose depends on your customer type. The three main Azure customer types are Enterprise, Web Direct, and Cloud Solution Providers (CSP).

As you increase availability, you also increase the cost and complexity of your solution.

Availability refers to the proportion of time that a system is functional and working. Maximizing availability requires implementing measures to prevent possible service failures. Devising preventative measures can be difficult and expensive, and often results in complex solutions. Most providers prefer to maximize the availability of their Azure solutions, by minimizing downtime.

But, it is important to carefully consider the time window against which you measure your application SLA performance targets. The smaller the time window, the tighter the tolerance. If you define your application SLA in terms of hourly or daily uptime, or availability, you might not always set achievable SLA performance targets.

Azure CLI

Create an Azure account. Under an account there are subscriptions. Under subscriptions we can add resources – such as an Azure virtual machine. A subscription can have multiple resources. An account can have multiple subscriptions.

Once an account and subscription have been created, we can download the Azure CLI to start working with Azure. Download and install the Azure CLI.

https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest

Afterwards open a command prompt and type the following command to confirm the cli has been successfully installed. You should see the “Azure” banner with a list of command options. We next need to setup the login. This done by typing the “az login” command and following the prompted instructions. You should be directed to your browser and a Microsoft login page. Once you login through the browser the cli with display a JSON containing your login information.

[solidfish:~]$ az

/\
/ \ _____ _ _ ___ _
/ /\ \ |_ / | | | \'__/ _\
/ ____ \ / /| |_| | | | __/
/_/ \_\/___|\__,_|_| \___|

Welcome to the cool new Azure CLI!

Use `az --version` to display the current version.
Here are the base commands:

account : Manage Azure subscription information.
acr : Manage private registries with Azure Container Registries.
acs : Manage Azure Container Services.
ad : Manage Azure Active Directory Graph entities needed for Role Based Access
Control.
advisor : Manage Azure Advisor.
aks : Manage Azure Kubernetes Services.
ams : Manage Azure Media Services resources.
appservice : Manage App Service plans.
backup : Manage Azure Backups.
batch : Manage Azure Batch.
batchai : Manage Batch AI resources.
billing : Manage Azure Billing.
bot : Manage Microsoft Bot Services.
cdn : Manage Azure Content Delivery Networks (CDNs).
cloud : Manage registered Azure clouds.
cognitiveservices : Manage Azure Cognitive Services accounts.
configure : Manage Azure CLI configuration. This command is interactive.
consumption : Manage consumption of Azure resources.
container : Manage Azure Container Instances.
cosmosdb : Manage Azure Cosmos DB database accounts.
deployment : Manage Azure Resource Manager deployments at subscription scope.
disk : Manage Azure Managed Disks.
dla : (PREVIEW) Manage Data Lake Analytics accounts, jobs, and catalogs.
dls : (PREVIEW) Manage Data Lake Store accounts and filesystems.
dms : Manage Azure Data Migration Service (DMS) instances.
eventgrid : Manage Azure Event Grid topics and subscriptions.
eventhubs : Manage Azure Event Hubs namespaces, eventhubs, consumergroups and geo
recovery configurations - Alias.
extension : Manage and update CLI extensions.
feature : Manage resource provider features.
feedback : Send feedback to the Azure CLI Team!
find : Find Azure CLI commands.
functionapp : Manage function apps.
group : Manage resource groups and template deployments.
hdinsight : Manage HDInsight clusters.
identity : Managed Service Identities.
image : Manage custom virtual machine images.
interactive : Start interactive mode. Installs the Interactive extension if not installed
already.
iot : Manage Internet of Things (IoT) assets.
iotcentral : Manage IoT Central assets.
keyvault : Manage KeyVault keys, secrets, and certificates.
lab : Manage Azure DevTest Labs.
lock : Manage Azure locks.
login : Log in to Azure.
logout : Log out to remove access to Azure subscriptions.
managedapp : Manage template solutions provided and maintained by Independent Software
Vendors (ISVs).
maps : Manage Azure Maps.
mariadb : Manage Azure Database for MariaDB servers.
monitor : Manage the Azure Monitor Service.
mysql : Manage Azure Database for MySQL servers.
network : Manage Azure Network resources.
policy : Manage resource policies.
postgres : Manage Azure Database for PostgreSQL servers.
provider : Manage resource providers.
redis : Manage dedicated Redis caches for your Azure applications.
relay : Manage Azure Relay Service namespaces, WCF relays, hybrid connections, and
rules.
reservations : Manage Azure Reservations.
resource : Manage Azure resources.
role : Manage user roles for access control with Azure Active Directory and service
principals.
search : Manage Azure Search services, admin keys and query keys.
servicebus : Manage Azure Service Bus namespaces, queues, topics, subscriptions, rules
and geo-disaster recovery configuration alias.
sf : Manage and administer Azure Service Fabric clusters.
sig : Manage shared image gallery.
signalr : Manage Azure SignalR Service.
snapshot : Manage point-in-time copies of managed disks, native blobs, or other
snapshots.
sql : Manage Azure SQL Databases and Data Warehouses.
storage : Manage Azure Cloud Storage resources.
tag : Manage resource tags.
vm : Manage Linux or Windows virtual machines.
vmss : Manage groupings of virtual machines in an Azure Virtual Machine Scale Set
(VMSS).
webapp : Manage web apps.
[solidfish:~]$ az login
WARNING: Note, we have launched a browser for you to login. For old experience with device code, use "az login --use-device-code"
WARNING: You have logged in. Now let us find all the subscriptions to which you have access...
[
{
"cloudName": "AzureCloud",
"id": "xxxxx-xxxxx-xxxx-xxxxxxxxxxx",
"isDefault": true,
"name": "Microsoft Azure Solidfish",
"state": "Enabled",
"tenantId": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx",
"user": {
"name": "johnlee@solidfish.com",
"type": "user"
}
}
]

Next we need to setup the subscription information on the cli. This can be done with the “az account set” command as shown below.

[solidfish:~]$ az account set -s "Microsoft Azure Solidfish"
[solidfish:~]$

To perform commands in interactive mode, we can run “az interactive”. This opens another prompt where we can now directly call Azure CLI commands.

Azure Regions

Azure has several regions with new ones coming online frequently. The regional map shown below is constantly changing as Azure grows and evolves.

Access Control IAM

There are a variety of ways of controlling access within Azure. For end users it is generally done using accounts and subscriptions as briefly mentioned before. For applications, we can setup a variety of service accounts or access keys to work with different services in Azure. There is also the Azure Key Vault which is a service for managing many of these types of access keys. I discuss some more of this in my other post regarding Azure Security.

https://solidfish.com/azure-security/

Azure App Service

Azure App Service is possibly the most important and/or popular Azure service. It is a service that has been in Azure since the beginning. This is a fully managed PAAS (platform as a service) where we can host our applications on Azure. These can be web apps, REST API, mobile apps or other logic based apps. App Service apps require a host (behind the scene it’s actually a VM) and that host can be Windows or Linux. If using traditional .net (class 4.x .net) then we would use the Windows based host. For apps based on python, Node.JS or .Net Core, we could use the Linux host.

Multiple apps can be hosted on a single App Service plan. App service plan defines the number of CPU, memory, storage and number slots. The plan defines how it can scale “out”. When we scale “up” we would be modifying the plan to something larger. (Example going from P2 plan to a P3 plan). When scaling “out” on a P2 plan it can support up to 20 instances of an app. Each plan has different settings on how it scales “out”.

When creating an App Service plan it requires a resource name (the plan is a resource), define the region, and set the pricing tier. The tiers are categorized by standard, premium, basic, free, etc. Also note that the different plans have different features such as Traffic Manager.

One way to think about this is that an App Service Plan is the virtual machine on which App Services run on. An App Service is the actual application running on top of an App Service Plan.

App Services can be created from the CLI or through the Azure Portal. Once created, we can deploy code into the App Service by publishing it through Visual Studio or through a git repository. This is configured in the App Service. The easiest way to configure this is in the Azure Portal. In the portal we go to the App Service and go into the Deployment section. There we see a deployment options. We can select remote git repos such as Team Services, GitHub or other sites. Also we can select a local git repo in which case the repo will be created within App Service. If we select this we need to create credentials for deploying into the new repo. Everything code is pushed into these repositories, App Service will notice the change (remote repositories have web hooks back into Azure) and will build and publish the changes automatically.

Once a “Local Git” is selected from above, we need to configure the deployment credentials. This can be done by clicking on the “Deployment Credentials” link on the Deployment Center page. We can create app credentials or user credentials. I created user credentials and it automatically updates the git url to include the user login as shown below.

We can see details of the git repository from the main Overview page of the App Service.

Credentials to git repositories are found in the “Deployment Credentials” section under App Service.

Deployment slots are used during deployment so we can swap different environments. For example we can slots for DEV, STAGING and PROD. During a production release, its very easy to swap the STAGING slot with the PROD slot – thereby making the STAGING deployed changes becoming production.

For .net based applications we can also use the appsettings.json configuration file to set variables for specific slots. These settings can also be configured inside Azure under the Application Settings page. This is a good place to configure things like connection strings. An example of this is covered in the article below for a sample application that was created in Azure App Service.

https://solidfish.com/azure-hosted-dotnet-web-application/

App Service Scaling

App Services can be scaled out or up (horizontal or vertical). These options can be found by doing a search for “scale” inside the App Service.

By scaling up we would be changing the server to something with more CPU or memory. By scaling out we would be adding addition App Service Plans and Azure would automatically add a load balancer up front. The addition of instances when doing scaling out can be configured manually or we can use auto scaling. With auto scaling, we would set certain rules that looks at metrics to determine when the scale out happens and when the scale in (reduction) happens. This helps save costs by only increasing instances only when the application is busy and scale it down when it is not being used.

Troubleshooting, Diagnostics and Debugging.

When an application is having problems some common ways to troubleshoot would be looking at the App Service metrics. Here we can get various utilization information for the application as well as the App Service Plan (the underlying hardware) for our App Service.

In the App Service Metrics we can view things such as requests and Http Queue Length. If a Queue Length were going up it would be a good indicator that our App Service Plan is being overwhelmed and may need to be scaled up or out.

There is also the App Service Alert feature which can send email, SMS or phone calls when certain alerts are triggered. Alerts can be triggered by metrics or events. Metrics include those things covered above such as CPU utilization, number of requests or length of queues. Events can be application triggered events such as exceptions or errors.

Application Insights is Azure’s diagnostic service that can be used to monitor App Service. This captures and stores telemetry data including full stack traces. It also captures information about the user (what browser, where they clicked, etc.) This feature needs to be enabled per application. It needs to be installed and configured on the application – which can be done through Visual Studio. Note that there are different pricing tiers for this feature, ranging from fee to paid.

There are also diagnostics logs that can be configured per App Service. The logging can be figured to what level logging to track, where to track and for how long to track them. Some the logs might be specific to IIS, which would be shown as such on the “Diagnostics Logs” page of the App Service.

Connecting to Cloud Databases

An Azure SQL Server is basically a container that can contain multiple databases. It may not be a single server, the infrastructure beneath it is abstracted. Each database will have its own logins and access control. The database names needs to be unique across Azure. Also, the database also needs to have the pricing tier configured and configure an elastic pool. Elastic pool also a dynamic scalability for the database.

The pricing for database is determined by database size and DTU (Data Transaction Unit). DTU is a combination of CPU, memory and IO. A database that is 20 DTU is twice as fast as a database at 10 DTU.

Generally – a website that has 25k visits per day where each visit has a few transactions – a 10 DTU database is sufficient to handle that load. This is a standard plan. There are premium plans capable of 125 DTU or more but these are for very intensive applications.

Once the database is created, we can configure some of the access settings. For example, we can set the Firewall settings where only Azure services running in the same subscription are allowed to connect into this database. We can configure IP addresses to allow other applications to access the database as well. We can put in alerts / alarms for getting notifications when the database is over utilized (for example if the average DTU is exceeding some set amount). There are also Geo-Replication features allowing us to replicate the database into other data centers. Each database can also be configured to have encryption at rest.

References

Azure App Service
https://azure.microsoft.com/en-us/services/app-service/?v=18.51

Developing on Azure by Scott Allen
https://app.pluralsight.com/library/courses/developing-dotnet-microsoft-azure-getting-started/