1.1: Create Azure App Service web apps - Explore Azure App Service Flashcards

1
Q

Describe Azure App Service key components and value (4 points)

A
  • Built in auto-scaling - scale up/down or in/out
  • Out-of-the-box CI/CD
  • Deployment slots - ability to swap between slots
  • Native support for Linux hosting (for Node.js, Java, PHP, Python etc.)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe App Service Plans and the main settings you define for them

A

A set of compute resources for a web app (or web apps) to run on.

Azure Functions can run in an App Service plan (or a Consumption plan - where you control nothing)

Each App Service plan defines:
* Region (West US, East US, etc.)
* Number of VM instances
* Size of VM instances (Small, Medium, Large)
* Pricing tier (Free, Shared, Basic, Standard, Premium, PremiumV2, PremiumV3, Isolated)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe pricing tier (compute) categories

A

Shared compute (Free and Shared tiers) - Can’t scale out, shares resource pools with other customers apps.
Dedicated compute (All other tiers) - Can scale out, runs on dedicated VMs
Isolated (Isolated tier) - Max scale out options, runs dedicated Azure VMs on dedicated Azure Virtual Networks
Consumption - Auto-scales, only available to function apps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe how apps run and scale on Free and Shared tiers

A

An app receives CPU minutes on a shared VM instance and can’t scale out

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe how apps run and scale on VM instances for Basic, Standard, Premium, PremiumV2, PremiumV3, and Isolated tiers (4 points)

A
  • An app runs on all VM instances configured in an App Service plan
  • If multiple apps use the same plan they share VM instances
  • All deployment slots run on the same VM instances
  • Logs/Backups/WebJobs use CPU cycles from these VM instances
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What can you do when your app needs more capabilities?

A
  1. You could change the pricing tier.
  2. You could save money by putting apps into one App Service plan.
  3. Isolate your app into its own App Service Plan.

Isolate your app into a new App Service plan when:
* The app is resource-intensive.
* You want to scale the app independently from the other apps in the existing plan.
* The app needs resources in a different geographical region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe automated deployment options (3 points)

A
  • Azure DevOps
  • GitHub
  • Bitbucket
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Describe manual deployment options (4 points)

A
  • Git
  • CLI - az webapp up
  • Zip - curl
  • FTP/S
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Describe when to use deployment slots, what you do, and why you’d use them

A

When: Use deployment slots when deploying new production builds.

How: In Standard App Service Plan tier and better you can deploy to a staging environment (slot) and swap it with your prod slot.

Why: This warms the worker instances - eliminating downtime.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Why use built-in authentication for App Services or Azure Functions?

A

Saves you time and effort by providing out-of-the-box authentication with a federated identity provider.

  • No need to write it yourself - it’s built into the platform - requires no particular language, SDK, security expertise
  • You can integrate with multiple providers: AAD, Facebook, Google….
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Describe the default identity providers (5 points)

A
  • Microsoft Identity Platform (AAD)
  • Facebook
  • Google
  • Twitter
  • Any OpenID Connect provider
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Describe how authentication and authorisation modules work

A

The authentication and authorisation modules run in the same sandbox as your code.
When enabled every incoming HTTP/S request passes through these modules before being handled by your application

They:
* Authenticates users with the specified provider
* Validates, stores, and refreshes tokens
* Manages the authenticated session
* Injects identity information into request headers

The module runs separately from your code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Describe the ‘without provider SDK’ authentication flow (4 steps)

A
  1. Redirect client to /.auth/login/[provider]
  2. Provider redirects client to /.auth/login/[provider]/callback
  3. App service adds authenticated cookie to response
  4. Client includes authentication cookie in subsequent requests
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Describe the ‘with provider SDK’ authentication flow (4 steps)

A
  1. Client code signs user in with providers SDK
  2. Client posts token from provider to /.auth/login/ for validation.
  3. App Service returns its own authentication token
  4. Client code presents authentication token in X-ZUMO-AUTH header
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Describe authorisation behaviour options (what you can do when you receive a request that isn’t authenticated - 2 points)

A

Allow unauthenticated: Defers authorisation of unauthenticated traffic to your app code. Flexible and allows you to present multiple sign-on providers

Required authentication: Rejects unauthenticated traffic. Can redirect to one of the identity providers. If from a mobile app will return a 401/403

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Describe the two main deployment types (tenants) for Azure App Services and the hosts they use

A
  1. Multi-tenant public service hosts App Service plan
  2. Single-tenant App Service Environment (ASE) hosts Isolated SKU App Service plans - in your Azure virtual network
17
Q

Describe an App Service scale unit and it’s two main building blocks

Added for additional context - may not be on the actual exam

A

It’s a collection of servers that host an run your applications. It could have more than 1,000 servers.

The main building blocks of a scale unit are:
* Front-ends
* Workers

18
Q

Describe an App Service scale unit ‘front-end’

A

Front-ends handle HTTP and HTTPS requests - think of them as a load balancer, distributing requests to Workers

19
Q

Describe what an App Service scale unit ‘worker’ does and it’s two types

A

Workers run your application.

A shared worker can host applications from multiple customers.

Dedicated workers are guaranteed to run one or more applications from one customer.

20
Q

Describe App Service inbound features

A
  • App-assigned address
  • Access restrictions
  • Service endpoints
  • Private endpoints
21
Q

Describe App Service outbound features

A
  • Hybrid Connections
  • Gateway-required virtual network integration
  • Virtual network integration
22
Q

Describe App Service inbound and outbound feature restrictions

A

Features used to handle inbound requests can’t be used to handle outbound requests, and vice-versa.

23
Q

Describe the plans which host the two types of scale unit workers

A

The Free and Shared SKU plans host customer workloads on multi-tenant (multi-customer) workers.

The Basic and higher plans host customer workloads that are dedicated (single-tenant) to only one App Service plan.

24
Q

Describe why knowing outbound addresses for worker VMs is useful

A

Knowing these is useful when scaling - and instance numbers grow.

(Worker VMs are broken down by App Service plan.
Different types may use different outbound (or inbound) IP addresses.)

25
Q

What Azure CLI command would you use to deploy an app and what (4) actions does it perform?

A

The ‘az webapp up’ command makes it easy to create and update web apps. When executed it performs the following actions:

  1. Create a default resource group if one isn’t specified.
  2. Create a default app service plan.
  3. Create an app with the specified name.
  4. Zip deploy files from the current working directory to the web app.
26
Q

What is the typical sign-in endpoint format

A

/.auth/login/[providerName]

E.g.:

  • /.auth/login/twitter
  • /.auth/login/aad
27
Q

Describe 3 inbound feature use cases

A
  1. Support IP-based SSL needs for your app - App-assigned address
  2. Support unshared dedicated inbound address for your app - App-assigned address
  3. Restrict access to your app from a set of well-defined addresses - Access restrictions
28
Q

How can you find the App Service Plan outbound IP addresses?

A

You can see what IP addresses may get used in two ways:
1. Through Azure portal - App Service > Properties
2. Using Cloud Shell: Az webapp show … -query possibleOutboundIpAddresses