WEBVTT 0:00:02.880000 --> 0:00:07.300000 When you deploy a workload into Azure, you're typically going to deploy 0:00:07.300000 --> 0:00:10.980000 that either at the infrastructure level, meaning that you're using a virtual 0:00:10.980000 --> 0:00:15.640000 machine or at the platform level, meaning you're not using a virtual machine. 0:00:15.640000 --> 0:00:19.380000 Typically, if you're deploying a workload into Azure, and that typically 0:00:19.380000 --> 0:00:22.220000 might be a little bit of a broad statement, you're probably deploying 0:00:22.220000 --> 0:00:25.400000 it as an app service and most likely as a web app. 0:00:25.400000 --> 0:00:29.660000 So as a long-winded way of saying that what we're looking at in this video, 0:00:29.660000 --> 0:00:32.580000 is managing a web app. 0:00:32.580000 --> 0:00:36.540000 We're going to talk about the configuration of a web app. 0:00:36.540000 --> 0:00:40.460000 We'll talk about the platform configuration for a web app. 0:00:40.460000 --> 0:00:45.360000 We'll look at web app networking, also web app development support. 0:00:45.360000 --> 0:00:48.680000 And then finally, we're going to take a look at managing a web app. 0:00:48.680000 --> 0:00:52.400000 So let's go ahead and let's jump into this. 0:00:52.400000 --> 0:00:58.040000 Now, I'm going to go under the assumption that you are familiar with what 0:00:58.040000 --> 0:01:03.120000 a web app is. If you are watching this video, you're watching it through 0:01:03.120000 --> 0:01:04.680000 a web application. 0:01:04.680000 --> 0:01:07.720000 I'm not going to say whether or not that's hosted as an Azure web app. 0:01:07.720000 --> 0:01:10.680000 Well, it's not unfortunately, but I lost that battle. 0:01:10.680000 --> 0:01:12.180000 Anyway, it's not important. 0:01:12.180000 --> 0:01:18.360000 What is important is that it's just some kind of web program, web application, 0:01:18.360000 --> 0:01:20.540000 website, e-commerce site. 0:01:20.540000 --> 0:01:21.880000 All those are web apps. 0:01:21.880000 --> 0:01:26.900000 And rather than worrying about building a virtual machine and deploying 0:01:26.900000 --> 0:01:32.400000 the server on top of that, whether it's IIS or Apache or Genex or whatever, 0:01:32.400000 --> 0:01:36.540000 you're just saying, okay, look, I want to let Microsoft manage all that. 0:01:36.540000 --> 0:01:38.520000 And I just want to take my code and deploy it somewhere. 0:01:38.520000 --> 0:01:39.540000 So that code runs. 0:01:39.540000 --> 0:01:41.700000 Fantastic, that's what I want. 0:01:41.700000 --> 0:01:43.400000 And that's what a web app is. 0:01:43.400000 --> 0:01:45.960000 Now, when you deploy the web app, you're not worrying about the underlying 0:01:45.960000 --> 0:01:47.080000 virtual machine. 0:01:47.080000 --> 0:01:53.760000 You're not worrying about the host environment, whether it's IIS or Linux 0:01:53.760000 --> 0:02:00.500000 based host. But you do need to be able to, and you can, absolutely can, 0:02:00.500000 --> 0:02:05.080000 manage the settings for the web app itself, not the virtual machine, because 0:02:05.080000 --> 0:02:06.660000 you're not doing that. 0:02:06.660000 --> 0:02:07.600000 And so what do you have? 0:02:07.600000 --> 0:02:10.400000 First of all, first thing you need to know, when you are working with 0:02:10.400000 --> 0:02:15.280000 web app configuration, your configuration options are going to be to some 0:02:15.280000 --> 0:02:19.340000 extent depending on whether or not your own windows or Linux. 0:02:19.340000 --> 0:02:23.160000 So my options and windows are a little bit different than Linux, and I'll 0:02:23.160000 --> 0:02:27.620000 explain one place in particular where that's important, and where you'll 0:02:27.620000 --> 0:02:28.780000 definitely see that. 0:02:28.780000 --> 0:02:32.080000 Now, another key element, and we will look at this and we'll break this 0:02:32.080000 --> 0:02:35.980000 down a bit in the demonstration, is application settings. 0:02:35.980000 --> 0:02:37.640000 And these are going to be settings. 0:02:37.640000 --> 0:02:43.480000 These could be things like connection strings or secrets that you've got 0:02:43.480000 --> 0:02:47.960000 that need to be used by the application, and they're set up in the overall 0:02:47.960000 --> 0:02:51.220000 configuration. And the cool thing with that is, you can do things like 0:02:51.220000 --> 0:02:52.220000 environment variables. 0:02:52.220000 --> 0:02:55.380000 So if you know your application is looking for specific environment variables, 0:02:55.380000 --> 0:02:57.900000 you can set those up in the application settings. 0:02:57.900000 --> 0:03:00.220000 There are also a number of general settings. 0:03:00.220000 --> 0:03:02.980000 One key general setting is the stack. 0:03:02.980000 --> 0:03:04.580000 What is the application stack? 0:03:04.580000 --> 0:03:08.000000 You're running .NET Core, you're running Python, or you're running .NET, 0:03:08.000000 --> 0:03:11.640000 Node.js, or a number of other options. 0:03:11.640000 --> 0:03:15.180000 Now, those options are, to some extent, controlled by whether or not you 0:03:15.180000 --> 0:03:18.720000 are running on Windows or Linux. 0:03:18.720000 --> 0:03:20.840000 Other things, you have FTP state. 0:03:20.840000 --> 0:03:23.560000 So what are the different options for FTP that you want to allow? 0:03:23.560000 --> 0:03:26.360000 Do you want to allow FTP access? 0:03:26.360000 --> 0:03:31.620000 So you might have a system, you may have a continuous delivery system 0:03:31.620000 --> 0:03:36.240000 that relies on FTP to deliver content to your web app, so you would need 0:03:36.240000 --> 0:03:41.020000 to set that up. Or maybe you're using a tool that uses FTP to deploy content. 0:03:41.020000 --> 0:03:42.080000 You'd have to set that up. 0:03:42.080000 --> 0:03:44.480000 What HTTP version do you want to use? 0:03:44.480000 --> 0:03:47.900000 Or do you want to allow for HTTP to? 0:03:47.900000 --> 0:03:52.620000 Web sockets. That is a protocol that is for connection-based communications. 0:03:52.620000 --> 0:03:56.240000 Easiest thing to think about with Web sockets, if you've ever used a Web 0:03:56.240000 --> 0:04:01.880000 -based chat, that is probably using the Web socket protocol. 0:04:01.880000 --> 0:04:03.880000 And you can turn that on or not. 0:04:03.880000 --> 0:04:06.580000 Always on is very cool. 0:04:06.580000 --> 0:04:11.060000 What that does is it makes sure that your application stays in memory. 0:04:11.060000 --> 0:04:15.780000 That's particularly important for .NET and .NET core applications, because 0:04:15.780000 --> 0:04:18.500000 after a while they can drop out of memory. 0:04:18.500000 --> 0:04:21.360000 And so what this does, it's really sophisticated. 0:04:21.360000 --> 0:04:26.900000 It pings it. It just sends out a get request to the application, just 0:04:26.900000 --> 0:04:28.980000 so the application stays in memory. 0:04:28.980000 --> 0:04:31.640000 I use it all the time because another thing it does is it gives you a 0:04:31.640000 --> 0:04:33.320000 quick start effectively. 0:04:33.320000 --> 0:04:36.160000 Right? Typically, if I've got an application, the first time somebody 0:04:36.160000 --> 0:04:38.220000 goes to the application, it's going to have to load. 0:04:38.220000 --> 0:04:41.400000 But if I've got always on as soon as I deploy it, it's going to ping it. 0:04:41.400000 --> 0:04:45.300000 It's going to bring it up, making the perceived performance of the application, 0:04:45.300000 --> 0:04:48.600000 and perceived by me and for me a little bit better. 0:04:48.600000 --> 0:04:52.760000 ARR infinity that uses cookie-based infinity so that if I've got multiple 0:04:52.760000 --> 0:04:58.260000 instances of my web app running, I can set up ARR infinity so that if 0:04:58.260000 --> 0:05:01.600000 somebody establishes a session against one instance, as long as that instance 0:05:01.600000 --> 0:05:05.340000 is up and running, they will continue to go against that instance. 0:05:05.340000 --> 0:05:07.340000 I can also set up client certificates. 0:05:07.340000 --> 0:05:11.940000 So if I want to use certificate-based authentication into my web app, 0:05:11.940000 --> 0:05:16.900000 this is separate from having a web app that supports SSL TLS, then I can 0:05:16.900000 --> 0:05:21.580000 set up client-based certificates and define how that's going to work. 0:05:21.580000 --> 0:05:24.900000 So those are the general web app configuration. 0:05:24.900000 --> 0:05:29.920000 I also have actual platform authentication. 0:05:29.920000 --> 0:05:33.420000 Right? So these are really outside of your web app itself. 0:05:33.420000 --> 0:05:34.880000 What authentication? 0:05:34.880000 --> 0:05:36.540000 And it actually, it's pretty cool. 0:05:36.540000 --> 0:05:41.940000 It's got its own authentication overlay that you can run. 0:05:41.940000 --> 0:05:45.120000 It sets up an authentication sandbox for your application. 0:05:45.120000 --> 0:05:49.340000 So even if your application doesn't have authentication built into it, 0:05:49.340000 --> 0:05:52.360000 you could use this to force someone to at least authenticate. 0:05:52.360000 --> 0:05:53.980000 And then it's kind of neat the way it works. 0:05:53.980000 --> 0:05:57.480000 It generates environment variables that could be used then within your 0:05:57.480000 --> 0:05:58.560000 application. Cool stuff. 0:05:58.560000 --> 0:06:01.440000 Hey, I'll try the scope of this, but I think it's kind of cool to see. 0:06:01.440000 --> 0:06:07.640000 Identity. If your application is going to access resources in Azure, you 0:06:07.640000 --> 0:06:10.900000 will probably want to set up what is called a managed identity. 0:06:10.900000 --> 0:06:13.260000 I absolutely love these things. 0:06:13.260000 --> 0:06:14.460000 They're relatively new. 0:06:14.460000 --> 0:06:18.080000 Relatively, I've been doing this for a very long time, a couple of years. 0:06:18.080000 --> 0:06:22.220000 And what it allows you to do is to have effectively a managed service 0:06:22.220000 --> 0:06:24.240000 principle. Really what it comes down to. 0:06:24.240000 --> 0:06:25.680000 They don't use the word service principle. 0:06:25.680000 --> 0:06:26.900000 That's what it is. 0:06:26.900000 --> 0:06:31.520000 And when I provision a web app that I say I want to manage identity, it's 0:06:31.520000 --> 0:06:32.920000 going to create the service principle. 0:06:32.920000 --> 0:06:35.420000 I can then give that service principle right. 0:06:35.420000 --> 0:06:40.880000 So let's say, for example, that my web app is using a storage account. 0:06:40.880000 --> 0:06:45.380000 Well, I can configure the web app to use Azure AD authentication for the 0:06:45.380000 --> 0:06:46.120000 storage account. 0:06:46.120000 --> 0:06:48.640000 I can do the same thing with SQL Server. 0:06:48.640000 --> 0:06:53.240000 And then have it use its managed identity to get to said storage account 0:06:53.240000 --> 0:06:55.300000 or to said SQL Server. 0:06:55.300000 --> 0:06:59.040000 I can also, and this is actually my preferred way of doing it because 0:06:59.040000 --> 0:07:02.340000 it requires zero change in your code base. 0:07:02.340000 --> 0:07:08.580000 If I've got settings, if I've got connection strings or just application 0:07:08.580000 --> 0:07:11.620000 settings, and they have sensitive data. 0:07:11.620000 --> 0:07:14.440000 So let's say, for example, I've got a storage account, I've got a connection 0:07:14.440000 --> 0:07:16.600000 string to the storage account. 0:07:16.600000 --> 0:07:19.280000 And I don't want to store that just in the settings. 0:07:19.280000 --> 0:07:24.920000 What I can do if my application has an identity, I can, in fact, use a 0:07:24.920000 --> 0:07:29.500000 key vault, put my sensitive information in the key vault, give my web 0:07:29.500000 --> 0:07:34.800000 app's identity access to the key vault, and there's syntax I can use in 0:07:34.800000 --> 0:07:39.520000 the configuration for app settings that will look it up in key vault. 0:07:39.520000 --> 0:07:42.980000 So in other words, I can put that sensitive data in key vault, have it 0:07:42.980000 --> 0:07:46.780000 secured, right, but not have to change the code in my web app at all, 0:07:46.780000 --> 0:07:50.120000 as long as it's using application settings or environment variables, very, 0:07:50.120000 --> 0:07:51.360000 very cool stuff. 0:07:51.360000 --> 0:07:56.340000 So big fan of identity, and you can have custom domains, right? 0:07:56.340000 --> 0:08:00.720000 So you create your web app that's going to be on a standardized domain 0:08:00.720000 --> 0:08:05.380000 name, right? But let's say you want, you know, iany-demo.com to point 0:08:05.380000 --> 0:08:06.320000 to your web app. 0:08:06.320000 --> 0:08:08.120000 You can register those domains. 0:08:08.120000 --> 0:08:13.700000 You can also set up TLS SSL requirements, and at the platform level, I 0:08:13.700000 --> 0:08:18.960000 can scale. I can set how many instances I want running my web apps that 0:08:18.960000 --> 0:08:24.680000 are on that particular instance of, what's called an app service plan, 0:08:24.680000 --> 0:08:28.000000 right? I can also set up Autoscale, so I can automatically scale up and 0:08:28.000000 --> 0:08:32.020000 scale down based on usage conditions of my web app. 0:08:32.020000 --> 0:08:34.560000 So lots of options there. 0:08:34.560000 --> 0:08:45.200000 Okay, now another topic related to managing web apps, and this over the 0:08:45.200000 --> 0:08:48.340000 last few years, and that is web app networking. 0:08:48.340000 --> 0:08:49.720000 Let's, let's draw this out. 0:08:49.720000 --> 0:08:53.360000 Let's say that I've got a web app. 0:08:53.360000 --> 0:08:59.240000 Okay, so here's my web app, I'm going to label it WA for web app, right, 0:08:59.240000 --> 0:09:05.080000 but I also have a virtual network. 0:09:05.080000 --> 0:09:16.960000 And in the virtual network, I've got some servers, and maybe I have connectivity 0:09:16.960000 --> 0:09:19.080000 over and on-prem. 0:09:19.080000 --> 0:09:23.100000 Okay, now there's a couple things that I might need to do. 0:09:23.100000 --> 0:09:31.800000 For example, my web app may need to access something on the virtual network, 0:09:31.800000 --> 0:09:36.680000 right? I may have a service here running on the virtual network that my 0:09:36.680000 --> 0:09:39.600000 web app needs to access. 0:09:39.600000 --> 0:09:46.340000 Likewise, I may have a server in my vNet that is, let's say, running, 0:09:46.340000 --> 0:09:53.940000 you know, internal, maybe this is my intranet, say, iNet for intranet, 0:09:53.940000 --> 0:09:57.900000 right? And I've got users connecting to the internet, or the intranet, 0:09:57.900000 --> 0:10:01.880000 excuse me, and it needs to access that web app. 0:10:01.880000 --> 0:10:04.040000 Well, how would I go about doing that? 0:10:04.040000 --> 0:10:09.860000 Well, it used to be, if I wanted to do that, my internal access in the 0:10:09.860000 --> 0:10:13.240000 web app would have to go against its public endpoint, even though it's 0:10:13.240000 --> 0:10:16.480000 all in access, or all in Azure, not in access. 0:10:16.480000 --> 0:10:22.100000 Okay, and I could set up a local network connection between the web app 0:10:22.100000 --> 0:10:28.040000 and a vNet, but I would have to use a, instead of an app service plan, 0:10:28.040000 --> 0:10:31.420000 I'd have to use an app service environment, which is more expensive, or 0:10:31.420000 --> 0:10:39.200000 I would have to set up a VPN gateway and configure my web app to go against 0:10:39.200000 --> 0:10:43.340000 that VPN gateway as a point of sight connection. 0:10:43.340000 --> 0:10:46.180000 Now, however, I don't have to do that. 0:10:46.180000 --> 0:10:51.340000 Now I've got vNet integration for my web app, meaning that I can set up 0:10:51.340000 --> 0:10:55.440000 my web app connected to a vNet, and it will have direct access to that 0:10:55.440000 --> 0:11:01.860000 vNet, right? And likewise, I can restrict access to the web app so that 0:11:01.860000 --> 0:11:05.960000 the web apps only getting access from, say, a vNet. 0:11:05.960000 --> 0:11:10.440000 It will still typically point to the public IP address, but it won't go 0:11:10.440000 --> 0:11:14.760000 out over the public internet, and the web app will be locked down. 0:11:14.760000 --> 0:11:17.860000 Okay, so what that means is that, and I'm going to show you these points, 0:11:17.860000 --> 0:11:19.880000 because this can be a little bit confusing. 0:11:19.880000 --> 0:11:24.400000 They've got networking done right now for the Azure web apps. 0:11:24.400000 --> 0:11:27.520000 Not that it was wrong per se before, but it was a lot more complicated 0:11:27.520000 --> 0:11:31.360000 than it is now. Now I can say I want this web app to be integrated with 0:11:31.360000 --> 0:11:34.400000 a virtual network, make it available, right? 0:11:34.400000 --> 0:11:40.200000 And I can also restrict access to my web app to specific virtual networks. 0:11:40.200000 --> 0:11:43.540000 Very good. That virtual network restriction is actually what's called 0:11:43.540000 --> 0:11:45.140000 a service endpoint. 0:11:45.140000 --> 0:11:48.360000 However, what's really kind of interesting is the interface for the web 0:11:48.360000 --> 0:11:52.300000 app is a little different for setting up that service endpoint than it 0:11:52.300000 --> 0:11:54.400000 is for other resources. 0:11:54.400000 --> 0:11:57.700000 But I'll show you that, because I think it's worth seeing. 0:11:57.700000 --> 0:12:00.580000 All right, so those are your web app networking. 0:12:00.580000 --> 0:12:04.980000 Again, the takeaway is if you've got a web app that needs to access resources 0:12:04.980000 --> 0:12:07.980000 that are in a virtual network, you can set that up directly. 0:12:07.980000 --> 0:12:11.560000 One thing I will note on that, I forgot to say a moment ago, if you are 0:12:11.560000 --> 0:12:16.540000 using vNet integration, direct integration only works in the same region. 0:12:16.540000 --> 0:12:20.320000 If I want to integrate with a vNet that's in a different region, I can 0:12:20.320000 --> 0:12:24.200000 still do that, but I have to go back to the old approach of setting up 0:12:24.200000 --> 0:12:30.100000 a VPN gateway on that remote virtual network. 0:12:30.100000 --> 0:12:35.600000 All right, now let's talk about web app development support. 0:12:35.600000 --> 0:12:42.840000 There are a number of built-in features of the Azure web app that support 0:12:42.840000 --> 0:12:47.780000 development. And I've used really all three of these. 0:12:47.780000 --> 0:12:53.540000 Okay, and for anything production, I would use them every time. 0:12:53.540000 --> 0:12:56.860000 Okay, the first thing is deployment slots, right? 0:12:56.860000 --> 0:13:01.300000 And what deployment slots do, if you think about your web app, right? 0:13:01.300000 --> 0:13:04.620000 So here's my web app, and I've got a developer, the developer's writing 0:13:04.620000 --> 0:13:05.420000 some code, right? 0:13:05.420000 --> 0:13:10.500000 And so here's my developer. 0:13:10.500000 --> 0:13:15.940000 Hey, that developer's writing some code, code's amazing, developer's ready 0:13:15.940000 --> 0:13:18.700000 to send that code over to the web app, right? 0:13:18.700000 --> 0:13:20.240000 And so here's my web app. 0:13:20.240000 --> 0:13:23.620000 Well, that's cool, except for the fact that the web app, let's say, already 0:13:23.620000 --> 0:13:25.860000 has some code running in it. 0:13:25.860000 --> 0:13:30.240000 And if I were to take the code that the developer has written and deploy 0:13:30.240000 --> 0:13:34.600000 it directly into that code at the web app, what's going to happen is that 0:13:34.600000 --> 0:13:36.640000 web app is going to be inaccessible, right? 0:13:36.640000 --> 0:13:38.340000 Because the code's being updated. 0:13:38.340000 --> 0:13:40.560000 It's going to be brought down forever long that it takes, plus probably 0:13:40.560000 --> 0:13:41.820000 want to test that. 0:13:41.820000 --> 0:13:47.640000 So instead of deploying directly to the, what we call production slot, 0:13:47.640000 --> 0:13:49.560000 I can set up what's called a deployment slot. 0:13:49.560000 --> 0:13:55.120000 So maybe I created deployment slot, and fairly typical, I call it staging. 0:13:55.120000 --> 0:13:59.560000 Okay, so this staging deployment slot, and instead of deploying directly 0:13:59.560000 --> 0:14:04.600000 to the production endpoint, I deploy it to the staging endpoint. 0:14:04.600000 --> 0:14:07.660000 And then when I do that, I actually have a lot of options. 0:14:07.660000 --> 0:14:11.320000 One thing I can do, so I have kind of the original code sitting in the 0:14:11.320000 --> 0:14:12.420000 production slot. 0:14:12.420000 --> 0:14:14.980000 I've got this staging slot now. 0:14:14.980000 --> 0:14:22.720000 And one thing I can do kind of jump in head is I can divvy up my request. 0:14:22.720000 --> 0:14:27.420000 So when requests come in to the, by default, when they come into the production 0:14:27.420000 --> 0:14:29.680000 endpoint, they're just going to go to the production endpoint. 0:14:29.680000 --> 0:14:32.800000 But I can automatically divert a certain percentage. 0:14:32.800000 --> 0:14:37.820000 Let's say I want to divert 10% of the traffic. 0:14:37.820000 --> 0:14:42.320000 So 10% of my users think that they're going against the actual production 0:14:42.320000 --> 0:14:44.740000 web app, but I've got them going against the staging. 0:14:44.740000 --> 0:14:47.320000 So I'm using them as my Canary testers, right? 0:14:47.320000 --> 0:14:49.760000 So in other words, if something's wrong, I'm going to get a lot of trouble 0:14:49.760000 --> 0:14:53.280000 tickets from 10% of the people that I say, oops, didn't mean to do that 0:14:53.280000 --> 0:14:56.960000 and switch them back to the production slot. 0:14:56.960000 --> 0:15:00.640000 I can also run a simple swap. 0:15:00.640000 --> 0:15:05.440000 Now swap, when I swap a staging slot for a production slot or even a staging 0:15:05.440000 --> 0:15:10.100000 slot for another staging slot, it's not zero downtime. 0:15:10.100000 --> 0:15:14.680000 And it's a little bit misleading because if you read the documentation, 0:15:14.680000 --> 0:15:18.600000 sometimes the documentation makes it look like it's zero downtime, but 0:15:18.600000 --> 0:15:19.800000 it's not quite zero downtime. 0:15:19.800000 --> 0:15:23.880000 Because what's happening is all the metadata that was pointing to the 0:15:23.880000 --> 0:15:27.740000 production slot is not pointing to your staging slot, right? 0:15:27.740000 --> 0:15:30.580000 So that will redirect all your users over there, but it's not instant. 0:15:30.580000 --> 0:15:34.540000 It's usually pretty fast, a few seconds, but I wouldn't want to do it 0:15:34.540000 --> 0:15:36.180000 at peak use, right? 0:15:36.180000 --> 0:15:38.700000 I'm trying to still do it off hours if you can. 0:15:38.700000 --> 0:15:40.180000 Lower use, that's fine. 0:15:40.180000 --> 0:15:45.220000 The other thing you could do is you could just rather than do a swap, 0:15:45.220000 --> 0:15:50.800000 initially bump your numbers up to 100 % of traffic moving over to staging 0:15:50.800000 --> 0:15:56.840000 and then redeploy into your production and swap X. 0:15:56.840000 --> 0:16:02.120000 So lots of options there, but you can do it with very low downtime. 0:16:02.120000 --> 0:16:07.240000 That's one of the huge advantages of being able to use deployment slots. 0:16:07.240000 --> 0:16:12.560000 In addition to that, there's rich DevOps integration for web apps. 0:16:12.560000 --> 0:16:20.140000 Not surprisingly, you've got very clean push integration from Azure DevOps. 0:16:20.140000 --> 0:16:25.260000 Azure DevOps, which is now in its third or fourth iteration of names, 0:16:25.260000 --> 0:16:31.260000 is Microsoft's cloud-based DevOps environment for doing things like code 0:16:31.260000 --> 0:16:38.540000 management and project management and continuous integration and continuous 0:16:38.540000 --> 0:16:41.640000 deployment. There's other tools out there. 0:16:41.640000 --> 0:16:45.640000 Your web app can actually pull directly from GitHub and Bitbucket and 0:16:45.640000 --> 0:16:47.360000 even a local Git. 0:16:47.360000 --> 0:16:49.500000 You can integrate Jenkins. 0:16:49.500000 --> 0:16:51.260000 You can integrate containers. 0:16:51.260000 --> 0:16:53.500000 Container integration is really awesome. 0:16:53.500000 --> 0:16:56.580000 I can set that up, for example, with Azure Container Registry. 0:16:56.580000 --> 0:17:00.400000 So whenever I push a new image into Azure Container Registry, I could 0:17:00.400000 --> 0:17:03.920000 have that push all the way out automatically to a web app. 0:17:03.920000 --> 0:17:09.040000 So there are a number of deployment or development support options that 0:17:09.040000 --> 0:17:11.540000 are built in to the Azure web app. 0:17:11.540000 --> 0:17:16.600000 This is one of those things where a lot of people still use virtual machines 0:17:16.600000 --> 0:17:20.740000 in Azure to host web applications, which I get it. 0:17:20.740000 --> 0:17:24.460000 It's an easy migration from on-prem, because maybe that's what you're 0:17:24.460000 --> 0:17:25.560000 running on-prem. 0:17:25.560000 --> 0:17:31.520000 There's so many development advantages to using a web app that, unless 0:17:31.520000 --> 0:17:34.980000 I've got some customization at the OS level, I'm always going to look 0:17:34.980000 --> 0:17:41.760000 at deploying my web-based loads to an app service to a web app. 0:17:41.760000 --> 0:17:45.660000 Now, what I want to do is demonstrate, just I'm just going to go through 0:17:45.660000 --> 0:17:46.760000 here pretty quickly. 0:17:46.760000 --> 0:17:54.700000 I've got an existing web app and I'm talking about it. 0:17:54.700000 --> 0:17:58.900000 I'm really pretty much just going to run through the management. 0:17:58.900000 --> 0:18:03.500000 Now, one thing that I do want to point out, and I kind of talked about 0:18:03.500000 --> 0:18:08.140000 this, but I didn't make it super explicit, when you've got a web app, 0:18:08.140000 --> 0:18:19.840000 that web app is running inside an app service plan. 0:18:19.840000 --> 0:18:25.020000 I'm going to just say ASP, and it's not active server pages, that's an 0:18:25.020000 --> 0:18:28.620000 application service plan. 0:18:28.620000 --> 0:18:34.320000 The application service plan is going to define things like the tier, 0:18:34.320000 --> 0:18:38.020000 the number of instances that are running behind it. 0:18:38.020000 --> 0:18:40.240000 They're really VMs, but we don't call them VMs, we call them instances 0:18:40.240000 --> 0:18:44.840000 here. How many of them, what size they are, how they're scaling. 0:18:44.840000 --> 0:18:48.340000 That's all actually handled at the application service plan. 0:18:48.340000 --> 0:18:52.680000 The connectivity is handled at the application service plan, but then 0:18:52.680000 --> 0:18:54.780000 the other things are handled within the web app. 0:18:54.780000 --> 0:18:58.120000 Now, I'll try to be explicit as I go through this, but I do want to let 0:18:58.120000 --> 0:19:02.900000 you know that one of the advantages probably not the right word, but one 0:19:02.900000 --> 0:19:06.680000 of the nice things about the portal is that it kind of integrates all 0:19:06.680000 --> 0:19:09.000000 this into one management interface. 0:19:09.000000 --> 0:19:11.640000 So, let's go ahead without further ado. 0:19:11.640000 --> 0:19:14.740000 Let's take a look at this. 0:19:14.740000 --> 0:19:18.540000 All right, I've got a web app, it's already up and running, and this is 0:19:18.540000 --> 0:19:21.240000 kind of my standard demo web app. 0:19:21.240000 --> 0:19:26.240000 I can even show you what it does not massively important, but there we 0:19:26.240000 --> 0:19:30.980000 go. It's just a web app, it can ping itself, and run a network load. 0:19:30.980000 --> 0:19:35.860000 I've got some queuing, just kind of playing around with that, and other 0:19:35.860000 --> 0:19:38.980000 things, let's get database access. 0:19:38.980000 --> 0:19:42.020000 Really, none of that is terribly important. 0:19:42.020000 --> 0:19:44.480000 Other than the fact that I will tell you that I've got the connection 0:19:44.480000 --> 0:19:48.900000 string for the queue, and a connection string for a database and Azure 0:19:48.900000 --> 0:19:51.720000 SQL database in my settings. 0:19:51.720000 --> 0:19:54.320000 And I don't actually have them optimized because I don't have them connected 0:19:54.320000 --> 0:19:59.400000 to my key vault, which I usually do, but I thought that would just be 0:19:59.400000 --> 0:20:03.240000 a bit much. All right, I'm going to just go through the settings. 0:20:03.240000 --> 0:20:06.680000 Now, the top settings here are pretty standard, so I'm not going to go 0:20:06.680000 --> 0:20:08.920000 through those, activity log etc. 0:20:08.920000 --> 0:20:11.340000 I want to start with deployment slots. 0:20:11.340000 --> 0:20:15.560000 Okay, and right now there's one deployment slot production. 0:20:15.560000 --> 0:20:19.020000 You can see that it's got 100% of the traffic. 0:20:19.020000 --> 0:20:25.920000 Okay, I can add another slot, and I'm actually going to call this staging. 0:20:25.920000 --> 0:20:31.600000 And I have the choice of cloning the settings from the production slot 0:20:31.600000 --> 0:20:35.300000 or not. I'm going to go ahead and clone the settings, and I'm going to 0:20:35.300000 --> 0:20:41.440000 add. And what that's going to do is generate another slot that I can deploy 0:20:41.440000 --> 0:20:46.400000 to. Now, this slot is going to act like a completely separate web app. 0:20:46.400000 --> 0:20:47.720000 They're tied together. 0:20:47.720000 --> 0:20:53.700000 They're actually running on the same boxes, but for really management 0:20:53.700000 --> 0:20:55.740000 purposes, I'm going to manage them separately. 0:20:55.740000 --> 0:21:00.420000 But then what I can do, right, once they're both up and running, now I 0:21:00.420000 --> 0:21:05.140000 could start to, you know, say, you know what, I want that to be 20% of 0:21:05.140000 --> 0:21:08.660000 the traffic. I want to automatically redirect it there, which I don't 0:21:08.660000 --> 0:21:12.160000 want to do. Okay, I'm going to go and save those settings. 0:21:12.160000 --> 0:21:15.900000 Okay, but this has its own URL. 0:21:15.900000 --> 0:21:23.760000 So right now, I've got this URL, I need az104.azurewebsites.net. 0:21:23.760000 --> 0:21:26.900000 This staging slot, I can access it. 0:21:26.900000 --> 0:21:33.140000 When I access it, I'm going to go to I need az104 dash in the name of 0:21:33.140000 --> 0:21:36.200000 the slot staging.azurewebsites .net. 0:21:36.200000 --> 0:21:39.740000 Now, this is giving me this really generic page because I have not deployed 0:21:39.740000 --> 0:21:41.640000 code to this slot. 0:21:41.640000 --> 0:21:46.420000 I've deployed code to the production slot, but not this slot. 0:21:46.420000 --> 0:21:49.240000 The other thing that's pretty cool, if I look at this right now, I'm in 0:21:49.240000 --> 0:21:54.360000 the interface for this slot, but the management of the slot is really 0:21:54.360000 --> 0:21:59.640000 exactly the same as the management of the production slot. 0:21:59.640000 --> 0:22:05.600000 So anything I can do in the production slot, I can do in an additional 0:22:05.600000 --> 0:22:06.980000 deployment slot. 0:22:06.980000 --> 0:22:12.060000 Now the deployment center, which should be fine. 0:22:12.060000 --> 0:22:15.920000 If I go to the deployment center, this is going to let me set up, whether 0:22:15.920000 --> 0:22:19.100000 it's from Azure Repos. 0:22:19.100000 --> 0:22:20.900000 I've got that already set up. 0:22:20.900000 --> 0:22:26.180000 I can set up GitHub, connect to that, connect to Bitbucket, or connect 0:22:26.180000 --> 0:22:29.560000 to a local repo. 0:22:29.560000 --> 0:22:41.120000 These can all be set up for the external get or even FTP. 0:22:41.120000 --> 0:22:42.460000 All of that can be set up. 0:22:42.460000 --> 0:22:49.760000 If I go to FTP, go to the dashboard, that's going to give me an FTP s 0:22:49.760000 --> 0:22:54.520000 endpoint and the credentials for connecting to that endpoint. 0:22:54.520000 --> 0:22:59.780000 So again, if I've got a tool to choose an FTP for deployment, I can integrate 0:22:59.780000 --> 0:23:09.340000 it that way. Now configuration, I have a number of configuration settings. 0:23:09.340000 --> 0:23:12.420000 A lot of these are for application insights. 0:23:12.420000 --> 0:23:15.200000 I also have a couple of additional settings, DB connection and storage 0:23:15.200000 --> 0:23:18.240000 connection. They could go, those two could go under connection strings, 0:23:18.240000 --> 0:23:22.640000 but the way I manage them makes more sense to have them just as settings. 0:23:22.640000 --> 0:23:26.580000 These are just standard application settings. 0:23:26.580000 --> 0:23:29.480000 I can add new application settings. 0:23:29.480000 --> 0:23:31.020000 I can edit these. 0:23:31.020000 --> 0:23:34.540000 I can show the values, which I'm not going to do, but I could. 0:23:34.540000 --> 0:23:37.280000 I can also go beyond application settings. 0:23:37.280000 --> 0:23:38.480000 I go to general settings. 0:23:38.480000 --> 0:23:40.320000 These are the things I was talking about. 0:23:40.320000 --> 0:23:43.160000 Here are the different stacks. 0:23:43.160000 --> 0:23:48.440000 These stacks are based on the fact that I am on a Windows machine. 0:23:48.440000 --> 0:23:50.080000 I can tell that because I have .NET. 0:23:50.080000 --> 0:23:54.400000 If you were hosting this in a Linux environment, you would have a different 0:23:54.400000 --> 0:23:56.900000 set of stacks. That would be overlap. 0:23:56.900000 --> 0:24:01.900000 All right, I've got the .NET framework version, platform settings, this 0:24:01.900000 --> 0:24:06.160000 32 bit managed pipelines integrated. 0:24:06.160000 --> 0:24:08.900000 That's a .NET thing. 0:24:08.900000 --> 0:24:12.500000 FTP. Right now I'm allowing all FTP. 0:24:12.500000 --> 0:24:15.640000 I could say that I only want to allow FTPS. 0:24:15.640000 --> 0:24:18.560000 All right, HTTP version 1.1 or 2. 0:24:18.560000 --> 0:24:22.780000 I can turn on always on, which I will. 0:24:22.780000 --> 0:24:26.160000 AARR affinity, excuse me. 0:24:26.160000 --> 0:24:29.380000 I'm actually going to turn that off because, well, I don't need it, but 0:24:29.380000 --> 0:24:33.220000 also that gives me better scaling and load balancing. 0:24:33.220000 --> 0:24:36.600000 Never turn on remote debugging, simple as that. 0:24:36.600000 --> 0:24:40.800000 I have the choice of requiring incoming certificates or not. 0:24:40.800000 --> 0:24:45.280000 I made a change, a couple changes, so I can save those changes. 0:24:45.280000 --> 0:24:49.320000 It's going to update the general settings. 0:24:49.320000 --> 0:24:52.200000 Then the other things I have, I've got default documents. 0:24:52.200000 --> 0:24:55.980000 This is pretty standard web server things. 0:24:55.980000 --> 0:25:01.260000 For .NET, I can add handlers and virtual application directories, which 0:25:01.260000 --> 0:25:02.780000 I'm not going to do. 0:25:02.780000 --> 0:25:06.580000 Authentication authorization, I can force app service authentication and 0:25:06.580000 --> 0:25:09.840000 define what I want to use for that. 0:25:09.840000 --> 0:25:12.700000 Number of options there. 0:25:12.700000 --> 0:25:16.320000 Application insights, I have that in another video, so we're not going 0:25:16.320000 --> 0:25:18.040000 to go into that. 0:25:18.040000 --> 0:25:21.860000 Identity, if I want to use managed identity, I simply turn that on and 0:25:21.860000 --> 0:25:27.100000 save it, and that's going to generate an identity. 0:25:27.100000 --> 0:25:29.700000 For this web app. 0:25:29.700000 --> 0:25:34.280000 There we go. I now have an identity for the web app. 0:25:34.280000 --> 0:25:40.560000 I could then go and grant this web app access to different Azure resources. 0:25:40.560000 --> 0:25:42.220000 I can control backups. 0:25:42.220000 --> 0:25:46.200000 I don't think I listed that, but you can back up the web app. 0:25:46.200000 --> 0:25:49.500000 I never back up my web apps because I never store anything on them. 0:25:49.500000 --> 0:25:52.700000 I can just deploy them very easily, but you could do that. 0:25:52.700000 --> 0:25:56.280000 If I've got custom domains, I can add the custom domains here. 0:25:56.280000 --> 0:26:06.160000 Again, if you don't want to go to a .azurewebsites.net now when you do 0:26:06.160000 --> 0:26:11.020000 add a custom domain, it has to verify that. 0:26:11.020000 --> 0:26:15.180000 What you do is you would add a custom domain entry, but you would already 0:26:15.180000 --> 0:26:20.500000 have a DNS CNAME record that is pointing to an existing accepted domain 0:26:20.500000 --> 0:26:25.140000 for this web app. 0:26:25.140000 --> 0:26:27.960000 You can now, oh, you should not be able to do this. 0:26:27.960000 --> 0:26:31.420000 You can actually purchase a domain directly through here, but you don't 0:26:31.420000 --> 0:26:37.660000 have to. TLS SSL, by default, it's using HTTPS only and by default, the 0:26:37.660000 --> 0:26:41.120000 minimum TLS version is 1.2. 0:26:41.120000 --> 0:26:46.040000 If you're using custom DNS and you don't have a certificate for it, then 0:26:46.040000 --> 0:26:46.860000 you turn that off. 0:26:46.860000 --> 0:26:51.840000 If you do have a certificate for custom DNS, you can actually add a certificate 0:26:51.840000 --> 0:26:55.140000 and add binding to that certificate. 0:26:55.140000 --> 0:26:57.580000 I'm going to get back to networking. 0:26:57.580000 --> 0:27:01.180000 Scaling, I can change the application service plan right now. 0:27:01.180000 --> 0:27:02.760000 I'm on an S1 plan. 0:27:02.760000 --> 0:27:05.480000 It's going to tell you what it does and how much it costs. 0:27:05.480000 --> 0:27:11.380000 I could scale, for example, to a premium plan and it's going to tell you 0:27:11.380000 --> 0:27:12.780000 how much that costs. 0:27:12.780000 --> 0:27:14.760000 I can go dev test. 0:27:14.760000 --> 0:27:17.400000 I've got free. I've got shared. 0:27:17.400000 --> 0:27:21.060000 I've got basic. A couple other basics. 0:27:21.060000 --> 0:27:27.440000 I have other production and you cannot switch over to isolated. 0:27:27.440000 --> 0:27:29.240000 You have to create it as isolated. 0:27:29.240000 --> 0:27:33.060000 You create what's called an application service environment. 0:27:33.060000 --> 0:27:36.180000 All right. Just about done, I swear. 0:27:36.180000 --> 0:27:39.900000 Scale out. So you can scale pretty easily. 0:27:39.900000 --> 0:27:41.240000 I want to scale this out. 0:27:41.240000 --> 0:27:43.060000 I want multiple instances. 0:27:43.060000 --> 0:27:46.420000 In this case, because I'm running this as standard, I can go up to 10 0:27:46.420000 --> 0:27:49.740000 instances. I'm not going to do that. 0:27:49.740000 --> 0:27:57.760000 Or you can set up auto scale. 0:27:57.760000 --> 0:28:00.580000 So I could not least is networking. 0:28:00.580000 --> 0:28:05.900000 Going here to networking and first of all, I've got VNet integration. 0:28:05.900000 --> 0:28:07.500000 Click here to configure. 0:28:07.500000 --> 0:28:08.660000 Say, you know what? 0:28:08.660000 --> 0:28:13.480000 I want this to be associated with a specific virtual network. 0:28:13.480000 --> 0:28:17.400000 I could pick the virtual network. 0:28:17.400000 --> 0:28:22.960000 And I don't have any available subnets. 0:28:22.960000 --> 0:28:27.520000 So I could create a new subnet. 0:28:27.520000 --> 0:28:29.540000 Call it Web App. 0:28:29.540000 --> 0:28:41.580000 Let's see. I've got already trying to. 0:28:41.580000 --> 0:28:48.580000 All right. Let's see. 0:28:48.580000 --> 0:28:51.200000 Okay. Let's just use that one. 0:28:51.200000 --> 0:28:59.020000 There we go. Oh, I can't set this one because it gave me the virtual network 0:28:59.020000 --> 0:29:03.360000 address block being the same as the subnet blocks. 0:29:03.360000 --> 0:29:04.420000 I can't really set this up right now. 0:29:04.420000 --> 0:29:08.820000 But if I could, I would set that up and that's going to connect this to 0:29:08.820000 --> 0:29:14.300000 that VNet. So then my Web App can access resources in the virtual network 0:29:14.300000 --> 0:29:16.980000 via their private IP address. 0:29:16.980000 --> 0:29:19.840000 But I'm going to do that. 0:29:19.840000 --> 0:29:21.920000 I'm not going to do VNet integration. 0:29:21.920000 --> 0:29:23.900000 I can also go to access restrictions. 0:29:23.900000 --> 0:29:27.000000 That's going to let me restrict who can access the Web App itself. 0:29:27.000000 --> 0:29:29.240000 So this goes the other direction. 0:29:29.240000 --> 0:29:33.360000 And I can add a rule, for example, right now it says everybody's allowed. 0:29:33.360000 --> 0:29:35.320000 But I can add a rule. 0:29:35.320000 --> 0:29:46.080000 VNet access. I'm going to set this to be a priority of 10. 0:29:46.080000 --> 0:29:49.300000 And description, not going to do that. 0:29:49.300000 --> 0:29:53.700000 Type IPV4, excuse me, I want type virtual network. 0:29:53.700000 --> 0:29:56.480000 It's going to let me select a virtual network. 0:29:56.480000 --> 0:30:00.660000 So here's a virtual network I created in an earlier deployment. 0:30:00.660000 --> 0:30:05.620000 Add that rule. And once that rule is in, what that means, now notice what 0:30:05.620000 --> 0:30:08.040000 happens is that allow all goes away. 0:30:08.040000 --> 0:30:13.060000 And so now the only thing that can access this is that virtual network. 0:30:13.060000 --> 0:30:16.880000 Okay. And sometimes it takes a little while for this to come up. 0:30:16.880000 --> 0:30:18.160000 Sometimes it works quickly. 0:30:18.160000 --> 0:30:23.220000 There we go. As soon as I do that, it gives me a 403 error, right? 0:30:23.220000 --> 0:30:28.420000 Because I can no longer access that Web App because I'm not calling it 0:30:28.420000 --> 0:30:30.440000 from that virtual network. 0:30:30.440000 --> 0:30:34.920000 So those are in kind of a winding tour. 0:30:34.920000 --> 0:30:41.660000 The options you have for managing an Azure Web App and it's hosting application