MICROSOFT AZURE
The New Azure App
Service Environment
Christina Compy
The Azure App Service Environment (ASE) is a Premium feature offering of the Azure App Service. It gives a single-tenant instance of the Azure App Service that runs right in your own Azure virtual network (VNet), providing network isolation and improved scaling capabilities. While the original feature gave customers what they were looking for in terms of network control and isolation, it was not as “Platform as a Service (PaaS) like” as the normal App Service. This caused confusion among customers, who had some trouble managing the system. With the newly relaunched ASE, how- ever, things now work the same as the multi-tenant App Service.
History
The Azure App Service is a multi-tenant application hosting service. If you want to run your HTTP listening applications in a PaaS service, the App Service is a very quick and easy way to go and has many developer-supporting features. You can do things like integrate with continuous integration (CI) systems, scale your apps out instantly with a flick of the mouse and much more. There are limits to the service, though, that blocked certain use cases.
The use cases that couldn’t be met in the multi-tenant App Service largely centered around scale and app isolation. While you can scale your apps easily in the multi-tenant App Service, there are limits based on the price plan. The greatest number of instances you can scale an app to in the multi-tenant App Service is 20.
With respect to isolation, there’s no way to lock down access to your apps in the multi-tenant App Service at a network level. The App Ser- vice has two features to access resources in other networks, Azure Virtual Network (VNet) Integration and Hybrid Connections, but has nothing that can lock apps down at a network level and no way to host completely Internet-isolated apps in the App Service. This means you couldn’t host a line-of-business (LOB) application that you wanted available only on a private IP address on the multi-tenant App Service.
To resolve the scaling and isolation limitations, we provided the Premium ASE feature in 2015. It’s an instance of the Azure App Service that runs in a customer’s VNet, running the same code as the multi-tenant App Service but with some changes to deploy- ment to use fewer resources.
With the first version of the ASE you could scale up to 50 instances and use larger dedicated workers. The ASE is capable of hosting Web apps, mobile apps, API apps and Functions. Because the ASE runs in a subnet in the customer’s VNet, the apps in the ASE have easy access to resources that are available in the VNet itself or across Express- Route or site-to-site VPN connections. Also, as shown in Figure 1, because the ASE is in the customer’s subnet, it can restrict access to its apps at a network level using network security groups (NSGs).
Among the benefits of this deployment model is a static IP address that can be used for both the inbound and outbound IP
This article discusses:
• Azure App Service and the App Service Environment (ASE) • Customer concerns with the first version of the ASE
• Improvements in the newly relaunched ASE Technologies discussed:
Microsoft Azure App Services and App Service Environment
28 msdn magazine