Microsoft Azure Integration and Security exam AZ-101 – Resources Part 2 – Implement and manage application services

Implement and manage application services (20-25%)

***WARNING***
AZ-100, AZ-101 and AZ-102 are all ceasing in favour of the AZ-103 single exam. See the link to the new exam syllabus – here
***WARNING***

My background as an IT professional is infrastructure. With that in mind, the intention in this post is to help others with a similar background evolve their understanding of the PaaS or Serverless computing services in Azure.

I’ll start with a comparison of Azure Functions and Logic Apps from codit.eu

“A popular comparison states that Azure Functions is code being triggered by an event, whereas Logic Apps is a workflow triggered by an event. This is reflected in the developer experience. Azure Functions are completely written in code, with currently supports JavaScript, C#, F#, Node.js, Python, PHP, batch, bash and PowerShell. In Logic Apps, workflows are created with an easy-to-use visual designer, combined with a simple workflow definition language in the code view. Each developer has of course his/her personal preference. Logic Apps is much simpler to use, but this can sometimes cause limitations in complex scenarios. Azure Functions gives a lot more flexibility and responsibility to the developer.”

Azure Logic Apps took its inspiration from the on-premises tool “BizTalk Server”. Up until this point of my career, I’ve never known what BizTalk Server was intended for. Logic Apps operates in a similar iPaaS (Integration Platform as a Service) market space as Dell Boomi and Mulesoft. How well the Microsoft serverless applications perform compared to others, I can’t judge. All said, Logic Apps is Microsoft’s offering in the iPaaS market. If you listen to Steef-Jan Wiggers, he reckons it’s doing alright.

If Logic Apps as described above by codit.eu abstract the code away from  Function Apps by using a visual designer, Microsoft Flow takes that one step further and provides Software as a Service on top of Logic Apps. Flow operates in similar product space to ITTT, but with the ability to leverage Microsoft’s On-Premises Data Gateway.

Bringing it back to the exam subject matter, to allow your Azure Serverless applications to communicate with each other and pass data around, you can make use of the Azure messaging services; Azure Event Grid, Service Bus, and Event Hubs.  

Another comprehensive article about when to use Azure Functions or Logic Apps is available on DZone.

Here’s Sahil Malik’s Pluralsight course on Serverless Computing in Azure;

https://app.pluralsight.com/library/courses/microsoft-azure-serverless-computing-configuring/table-of-contents

Before we dive into the exam objectives, I’ve switched round the order that I approach them because it made more sense. Creating Azure Functions before the App Service Plan doesn’t feel like the right way round.
In the exam the learning matter is listed;

  • Configure serverless computing
  • Manage App Service Plan
  • Manage App Services.

To facilitate a more natural progression, I’ve listed the objectives;

  • Manage App Service Plan
  • Configure serverless computing
  • Manage App services

Manage App Service Plan

Here’s Neil Morrisey’s great course on Managing Azure App Service plans;

https://app.pluralsight.com/library/courses/microsoft-azure-app-service-plan-managing/table-of-contents

Azure Functions run inside/on top of App Service Plans (as do many other App Services).
App Service Plans are collections of Virtual Machines which are abstracted away from you creating a Platform as a Service (PaaS).
The plan tier determines the resources available and billing constructs associated with those resources, so you can get on and drop your app or code into Azure.
Azure Logic Apps do not run in App Service Plans and are billed on a consumption model which is based on connectors and integration accounts.

A guiding factor in these App Service Plans is the ACU or Azure Compute Units. You should choose the right plan for you with sufficient compute units and features to achieve your outcome. For exam objectives the S1 tier is the cheapest tier because of the later feature requirements covered in “Manage App Services”.

May include but not limited to:

Configure application for scaling;

Scaling up (larger VM) versus scaling out (more of the same VMs) is the choice you need to make for scaling, for your scenario.

https://docs.microsoft.com/en-us/azure/app-service/web-sites-scale

Enable monitoring and diagnostics;

https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/app-service-web-app/app-monitoring

https://docs.microsoft.com/en-us/azure/app-service/web-sites-enable-diagnostic-log

Configure App Service plans;

https://docs.microsoft.com/en-us/azure/app-service/azure-web-sites-web-hosting-plans-in-depth-overview

Configure serverless computing

May include but not limited to:

Manage a Logic App resource;

Stephen Thomas’ courses on Logic Apps could be really helpful

https://app.pluralsight.com/library/courses/azure-logic-apps-getting-started/table-of-contents

https://app.pluralsight.com/library/courses/azure-logic-apps-fundamentals/description

Logic Apps are defined in JSON using the Workflow definition language.

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-workflow-definition-language

Maybe use this Logic App as a demo to get you warmed up on what the hell a Logic App is!

https://docs.microsoft.com/en-us/azure/logic-apps/tutorial-build-schedule-recurring-logic-app-workflow

Then you have both a VS Code and Visual Studio guide for managing the Logic App. This seems like a poor choice to me as Logic Apps lends itself less towards the “developer experience” and more towards a graphical workflow.

https://docs.microsoft.com/en-us/azure/logic-apps/quickstart-create-logic-apps-visual-studio-code

https://docs.microsoft.com/en-us/azure/logic-apps/manage-logic-apps-with-visual-studio

Manage Azure Function App settings;

https://docs.microsoft.com/en-us/azure/azure-functions/functions-how-to-use-azure-function-app-settings

There’s only one mention of Function Apps in these objectives, but do not underestimate the requirement for understanding them. Here’s an old but great use case of Function Apps by Troy Hunt.

Function Apps are created from the Azure Portal, by choosing either “Create a Resource” or “App Services” and choosing “Serverless Function App”. You can’t visit the Function App blade and add a Function App from the blade, strangely

To move data in and out of your Function App using FTP or FTPS, within your Function App, from the Function App blade, navigate through;

Platform Features | Deployment Center | FTP | Dashboard

You are then presented with your FTPS endpoint, app credentials and user credentials for moving content to/from the Function App using FTPS with a client like WinSCP.

Manage Event Grid;

An overview of Azure messaging services; Event Grid, Service Bus and Event Hub here; https://docs.microsoft.com/en-us/azure/event-grid/overview

Event Grid pricing, like Logic App pricing, is based on a consumption model.
For Event Grid, the first 100,000 operations per month are free.

There are five concepts in Event Grid that get you going, with the bold items being the Event Grid services you configure in Azure.

Events – What happened.
Event sources – Where the event took place.
Event Topics – The endpoint where publishers send events.
Event subscriptions – The endpoint or built-in mechanism to route events, sometimes to more than one handler. Subscriptions are also used by handlers to intelligently filter incoming events.
Event handlers – The app or service reacting to the event.

Manage Service Bus;

Azure Service Bus is another consumption based pricing model. There are certain volumes of use which are included in the base price, and then tiers of charges thereafter.

https://docs.microsoft.com/en-us/azure/service-bus-messaging/service-bus-messaging-overview

Manage App services

Again, Neil Morrisey has a great course, this time on Managing App Services

https://app.pluralsight.com/library/courses/microsoft-azure-app-services-managing/table-of-contents

May include but not limited to:

Assign SSL certificates;

SSL Certs are charged per year, per domain. For four times the cost, you can choose a wildcard certificate.

For me, assigning an SSL cert makes the most sense if you’ve configured a custom domain. Please Microsoft, can you develop your services take advantage of LetsEncrypt? It feels like rent extraction of a captive audience that certificates cost money in the Azure portal. Delivering HTTPS everywhere is a solved problem. Please?!

https://docs.microsoft.com/en-us/azure/app-service/web-sites-purchase-ssl-web-site

Configure application settings;

There’s absolutely no guidance about which settings are pertitinent to the exam, but knowing things like Java is mutually exclusive to the other frameworks, 64bit is only available in the paid tiers, and knowing how to configure the default document settings, seems important.

https://docs.microsoft.com/en-us/azure/app-service/web-sites-configure

Configure deployment slots;

Deployment slots are about to change (January 2019) but for now, continue to use whatever is not preview for the context of the exam.

https://docs.microsoft.com/en-us/azure/app-service/web-sites-staged-publishing

Configure Azure content delivery network (CDN) integration;

Azure CDN is a consumption or usage pricing model.

Azure CDN feels not entirely dissimilar operationally to how DNS works with its TTL, caching and clearing of cache/purging.

A CDN profile is a collection of endpoints within the same pricing tier.
An endpoint is a name within <endpointname>.azureedge.net that caches your resources.

https://docs.microsoft.com/en-us/azure/cdn/cdn-add-to-web-app

https://azure.microsoft.com/en-gb/blog/enabling-azure-cdn-from-azure-web-app-and-storage-portal-extension/

Manage App Service protection;

Benjamin Culbertson’s course on protecting your Azure App service here;

https://www.pluralsight.com/courses/microsoft-azure-app-service-protection-managing

You can protect access to your Web Apps very easily by choosing Azure Active Directory as your identity source. Google, FB etc, don’t look tough either as they are all choices in the turnkey Authentication/Authorisation service blade.

https://docs.microsoft.com/en-us/azure/app-service/app-service-mobile-how-to-configure-active-directory-authentication

https://docs.microsoft.com/en-us/azure/security/security-paas-applications-using-app-services

Backing up your app requires you to choose where and when. The where is which storage account to backup to and the when is either manually at your leisure or via a schedule.

https://docs.microsoft.com/en-us/azure/app-service/web-sites-backup

Manage roles for an App service;

https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles

Create and manage App Service Environment

It’s weird this objective comes under “Manage App Services”. I can’t think why it isn’t under the first subject in this post “Manage App Service Plan”.
Anyway. App Service Environments (ASEs) are for when things get serious. You could be subject to governance that determines that you must run your workload in an isolated environment with worker VMs that are in no way shared with other Azure customers. ASEs can have Virtual IPs that are Internal or External. The language is that “Isolated” App Service Plans and ASEs are the same thing. Currently if I choose an App Service Plan and select Isolated as the pricing tier, I’m told that’s not supported. I’ve tried multiple regions and OSs but can’t select Isolated.
My take is that you get the outcome intended for the Isolated App Service Plan tier from going through the ASE blade and choosing the External Virtual IP.

ASEs, like VPN Gateways and Application Gateways require their own subnet. Having spent the time authoring these AZ-10x posts, it now seems critical that one understands upfront that there’s quite a few scenarios where single use subnets are required for Azure services. Don’t make your Azure VNet a /24 address space!

https://docs.microsoft.com/en-us/azure/app-service/environment/intro

One thought on “Microsoft Azure Integration and Security exam AZ-101 – Resources Part 2 – Implement and manage application services”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s