Change is the essential process of all existence. | ||
| --Mr. Spock, Star Trek | ||
This chapter defines the details and capabilities of an Azure App Service. The chapter then explores the basics of the four building blocks of an App Service: the web app, mobile app, API app, and logic apps.
We will then introduce our sample solution for a fictional company named Sunny Electrical Manufacturing.
In this chapter you learn the following topics:
- What is an Azure App Service?
- Why you should consider developing applications using App Service
- What are Azure Resource Groups and how should we use them?
- What is an App Service Plan?
- An introduction to our hypothetical company
An Azure App Service is a new composite PaaS service for developing web apps (websites and web applications), logic apps (data orchestration components), API apps (web services), and mobile apps (mobile backend services) all under the one service. Previously, these services were being offered as individual Azure services.
The table here describes the cross pollination between the old Azure services and the new App Service:
|
New name |
Old name |
Functionality |
|
Web apps |
Azure websites |
The new name for Azure websites.
The Web Hosting Plan now termed App Service Plans.
|
|
Mobile apps |
Azure mobile services |
A new app type that integrates previous mobiles services functionally.
Can now integrate with on-premise and SaaS systems, WebJobs, and includes scaling options.
|
|
Enterprise Integration Pack |
Azure BizTalk services |
Allows users to perform enterprise application integration with App Service app types.
Allows users to perform B2B integration scenarios with App Service App types.
|
|
API apps |
New app type |
Allows you to build and consume APIs in the cloud. |
|
Logic apps |
New app type |
Allows you to automate business processes. |
This integration of the services allows you to build enterprise systems and applications quickly and easily. The provided features and frameworks of Azure App Service allows an easier integration with on-premises or cloud applications using the built-in connectors and APIs. If you are an integration developer or architect, then logic apps, Azure functions, and API apps will be the key componets provided with Azure App Services.
Azure hosts your apps on a managed platform (virtual machines) that takes care of application deployment and management. You also have the choice of a shared VM resources or a dedicated VM, depending on your work load requirements and the selected pricing tier. There is also an Azure App Service Environment (ASE): https://docs.microsoft.com/en-us/azure/app-service-web/app-service-app-service-environment-intro . This is a premium Azure App Service (refer: https://azure.microsoft.com/en-us/services/app-service/ ) hosting environment that is dedicated, fully isolated, and highly scalable environment to run all your apps using virtual networks and security groups.
Also, unifying these artifacts into a single service allows for a simpler development experience by combining all these services into one solution. You may develop your solution in any of the common development languages, and target any platform and any device as before when developing for Azure websites. Developers now can deploy their code using methods such as GitHub and BitBucket, which allows you to deploy from any editor or any client that supports these repositories.
App Service also adds some new features that include logic/workflow apps and built-in connectors for the popular SaaS and on-premise applications, including Office 365, Salesforce, Facebook, Twitter, and Dynamics just to name a few, and is still growing. For a list of managed connectors, see this link: http://aka.ms/logicapps-availableapi .
The App Service can be broken down into the following application types described here. We will discuss these application types in detail in later chapters:
- Web apps: This is 100% compatible with previously supported Azure websites and is used to host websites and web applications.
- Mobile apps: This is the old Azure mobile service for building backend services plus a lot more features, including autoload balance, autoscale, Geo disaster recovery, virtual networks, and hybrid connections just to name a few. All the features that are bundled with web apps are now available in Mobile apps.
- Logic Apps: This is a new service offering business process automation and workflow using the web visual designer or Visual Studio for rapid creation or declaratively using a JSON file managed in source control. There are many templates available to help you get started building workflows to access your on-premises resources or popular SaaS applications.
- API apps: This develops and hosts REST-style web services using templates or the built-in APIs for the many popular SaaS applications.
- Web jobs: This provides the capability to execute background tasks either continuously, on demand, or scheduled. Previously, it was only available under Azure websites, now it is available for web apps and mobile apps.
- Functions: These are simple scripts created in any of the common languages or executable files that run on top of web apps similar to web jobs. Functions can be triggered by any number of events, such as blob storage, service bus, and HTTP requests.
App Service pricing is simpler now; the pricing has been changed so that you are no longer paying for two separate services. Previously, if you used a website and a mobile service, you were charged for two separate services. With the new pricing model, you can change the service tier at any time.
App Service allows a developer to focus on developing business requirements and not worry about compliance, operational overhead, and integration with other popular services. It allows a developer to target just about any platform or device, including Windows, iOS, and Android, with very little change to the source code.
As a developer, you can use existing services and APIs advertised in the Azure Marketplace as building blocks to build modern enterprise solutions quickly and simply, or you can contribute your own APIs for public or private use.
The agile software development methodology is supported using the features of continuous publishing and deployment slots that are available for a subset of App Service.
Security and resource contentions are the biggest concerns when hosting solutions in any cloud environment. Using App Service Environment, it provides a fully isolated and dedicated environment for your App Service. Security boundaries between your apps and backend services are possible using virtual networks and network security groups between different App Service Environment (ASE) that are in the same virtual network.
The key features and capabilities available as part of the Azure App Service framework are described here:
- Multiple languages and framework support: This provides first-class support for the following development languages: ASP.Net, Node.js, PHP, Python, Ruby, and Java. If you are an existing developer using one of these languages the development experience will become very familiar.
- Service discovery: The APIs you create can now be easily discoverable using metadata in Swagger 2.0 format. Swagger is machine-readable and language-agnostic. Using Swashbuckle available from Nuget: https://www.nuget.org/packages/Swashbuckle , it will dynamically generate the Swagger metadata and the Swagger UI page.
- DevOps: Using the new DevOps tools available for App Service allows for easier application life cycle management and agile methodologies. With the standard and premium App Service pricing models, you have the ability to publish to a staging deployment slot for any UAT testing before swapping to the production slot. Using repositories, such as GitHub, BitBucket, and Visual Studio Team Services (VSTS), you can set up continuous deployment for projects that involve frequent contributions. With Azure Command-line Interface (Azure CLI) installed on your local workstation, you can use open source shell-based command sets to manage resources in Azure. Perform A/B testing (a term for a randomized experiment with two variants as defined by Wikipedia https://en.wikipedia.org/wiki/A/B_testing ). Using traffic-routing, you can direct a percentage of the live traffic to one or more deployment slots to provide real user traffic and interaction characteristics.
- High availability: App Service can use Microsoft's global data centers to provide high availability by replicating your App Service globally. Your apps can also be scaled to increase performance and throughput by increasing the number of cores and memory. This is referred to as scaling up or down. The number of instances can also be increased or decreased depending on the pricing tier. This is referred to as scaling out or in.
- Connectors: This allows your application to connect to other systems using APIs. These are grouped into several categories known as Core Connectors (Azure Service Bus, Bing, and Office 365), Enterprise Integration connectors (SAP, Oracle, Seibel, and so on), SaaS services (Salesforce, Concur, Demandware, and so on), and Internet services (Facebook, Twitter, and so on). Connectors are also available for hybrid connectivity between your on-premises resources, which are behind a corporate firewall, and those hosted in the Cloud.
- Security: There are basically two levels of security model: Infrastructure/platform, and Application security. Infrastructure/platform is handled by Azure conforming to industry standards and guidelines. However, at the application level, it is your responsibility. Options include using Azure Active Directory without having to add any authentication logic into your Web App or API App. Otherwise, use the built-in features of App Service that support OAuth 2.0 and OpenID Connect. Microsoft has also partnered with Tinfoil Security https://www.tinfoilsecurity.com/ , which provides web penetration and vulnerability scanning.
- Industry compliancy: App Service is PCI DSS-compliant. This standard validates the processing or storing of payment card information is perform uncleared in a secure environment. More information is available at https://azure.microsoft.com/en-us/support/trust-center.
- Application Templates: These are templates available in the Azure Marketplace at: https://azure.microsoft.com/en-us/marketplace to speed up development by using these as building blocks.
- Azure Resource Manager: These are community-contributed templates to provision your applications using a declarative syntax written in JSON format. If your solution is fairly complex requiring multiple resources, you can use ARM to construct chain templates together to handle the deployments from a single-click deployment scenario.
- Visual Studio integration: The latest version of the Azure SDK for Visual Studio provides a rich set of development tools to develop cloud-based solutions using the new built-in templates. Deploying to Azure and debugging applications are seamless now that you can connect directly to your Azure subscription from within Visual Studio.
Developing complex Azure solutions normally consists of many resources, such as databases, storage artifacts, websites, and APIs. Managing the application life cycle, access control, and billing for these resources can be challenging at times.
Using resource groups which is only available in the Azure portal provides the capability to group the artefacts into a logical group. This gives you a much clearer picture of all the components that make up your solution and the ability to view the consumption and spending of the individual resources in a grouped manner.
Typically, you would group the resources according to your own requirements; this may be by region, capacity, business process, or administration, for example. All resources in the same group should share the same life cycle to deploy, update, or delete all together. If there is a need to manage the life cycle of a resource differently from the rest, then it should be placed in another resource group of its own.
Resources in a resource group can reside in different regions, but a resource cannot be shared across more than one resource group.
For our sample solution that we will be creating throughout this book, we have created three resource groups shown later, one for the business processing, another for predictive IoT monitoring and one for the product database.
You can move most resources from one group to another. See this link here for more information on which resources can be moved around: https://azure.microsoft.com/en-us/documentation/articles/resource-group-move-resources/ .
There is no recovery option available to recover the resources that have been deleted by the deletion of the resource group. Fortunately, Azure provides an option to lock critical resource groups and resources from accidental deletion. There are two lock options provided, CanNotDelete or ReadOnly, that an administrator can set through the portal. The CanNotDelete lock provides the capability to add or modify an existing resource but cannot delete, whereas the ReadOnly lock sets the permission to the resource as the reader role only. Be careful when applying ReadOnly locks as some operations require additional actions, for example, listing the access keys for a storage account.
See this link here for more information: https://azure.microsoft.com/en-us/documentation/articles/resource-group-lock-resources/ .
