Create Azure App Service Web Apps Flashcards
What are the types of App Service apps?
Web Apps, API Apps, and Mobile Apps
What’s needed to run an App Service app?
An App Service Plan
What does an App Service Plan define?
A set of compute resources
Can you run more than one app using an App Service Plan?
Yes
Apart from apps, what else can be run using an App Service Plan?
Functions
What things does an App Service Plan define?
Region, Number of VM Instances, Size of VM Instances, Pricing Tier
What App Service Plan pricing tiers used resource pools shared with other customers?
Free and Shared
What App Service Plan pricing tiers use dedicated compute resources, but in non-dedicated virtual networks?
Basic, Standard, Premium, Premium V2, Premium V3
For what activities should you use the Free and Shared App Service tiers?
Development and Testing
What App Service tier would you use if you wanted to run apps on dedicated compute resource inside dedicated virtual networks?
Isolated
What type of apps are supported in the App Service Consumption tier?
Function Apps
How many VM instances are used in the Free and Shared App Service tiers?
One
On which VM instances does an app run in a service plan?
All of the instances
Can you have more than one app in a service plan?
Yes
On which VM instances does an app in a deployment slot run?
All of the instances
In an App Service Plan, where are diagnostic logging activities, backups and WebJobs run?
The same VM instances as the apps
What is the “scale unit” of an App Service app?
The App Service plan
If an App Service Plan is configured to run on five VM instances, on how many instances will each app in the plan run?
Each app will run on all five instances
If an App Service Plan autoscales due to the demands place on a single app, how does this affect the other apps using the plan?
All of the apps are scaled out in the same way
How could you improve the performance of a single App?
You could run the app in its own App Service Plan
When should you isolate an app into its own App Service Plan?
When: the app is resource intensive, needs to be scaled differently to other apps, it needs resources located in a different geographical region
What types of deployment models does App Service support?
Automated and Manual
Does Azure support automated deployment directly from GitHub?
Yes
What common repository offers, amongst others, can be used for automatic deployment?
Azure DevOps, GitHub, and BitBucket
What options are available for manually deploying Apps?
Git, CLI, ZIP deploy, and FTP/S
What CLI command could you use to manually deploy an app?
The webapp up
feature of the az
CLI. This feature packages an app and deploys it.
Can you use the webapp up
feature to create a new App Service web app?
Yes. If one doesn’t already exist.
What protocol is used when using ZIP deploy.
HTTP/S
How does using deployment slots eliminate downtime?
The swap operation warms up worker instances to match production scale.
What’s the easiest way to add authentication to web apps, APIs, mobile back-ends, and functions?
By using the App Service built-in authentication and authorization support
Does Azure App Service allow you to integrate auth. capabilities without you implementing them yourself?
Yes
What third-party is used to manage user identities and the authentication flow?
App Service used third-party identity providers
What’s the sign-in endpoint for Microsoft Identity Platform?
/.auth/login/add
Where does the built-in authentication and authorization module run?
In the same sandbox as your application code
What does the built-in auth. module handle?
- Authenticates users with the specified provider
- Validates, stores, and refreshes tokens
- Manages the authenticated session
- Injects identity information into request headers
How is the built-in auth. module configured?
Using app settings
What changes to your code are required to use the built-in auth. module?
None
For Linux and containers, where does the built-in auth. module run?
A separate container, isolated from your application code.
In what type of environment would you use Server-Directed Flow or Server Flow?
Typically in a browser app. The application delegates the sign-in to App Service.
The browser can the present the provider’s login page to the user.
In what type of environment would you use Client-Directed Flow or Client Flow?
In a browser-less app, such as a mobile app, REST APIs, Azure Functions, and JavaScript browser apps.
The application signs into the provide manually and submits the authentication token to App Service for validation.
Does this table show the authentication steps for Server-Directed and Client-Directed flows?
Yes
What are the two behaviours supported for non-authenticated requests received by the built-in auth. module?
Allow Unauthenticated Requests - defers authorization to the application code. For authenticated requests, authentication information is included in the request headers.
Require Authentication - Rejects all unauthenticated traffic to your application.
What actions are available when rejecting unauthenticated requests using the built-in auth. module?
- Redirect to one of the configured identity providers
- Return a HTTP 401 Unauthorized response to native mobile apps
- Return a HTTP 401 Unauthorized or HTTP 403 Forbidden response for all requests
By default, are apps hosted in an App Service accessible over the Internet?
Yes
By default, can apps hosted in an App Service reach non-public endpoints in Azure?
No
What are the two main deployment types for an App Service?
Multi-tenant (public service hosts) and Single-Tenant - isolated in an App Service Environment (ASE)
Azure App Service is a distributed system. What are the roles handling incoming HTTP/S requests called?
Front Ends
In Azure App Service, what are the roles that handle the customer workload called?
Workers
In what type of network do the roles in an App Service deployment exist in?
Multi-tenant
Why can’t you connect a multi-tenant App Service to your virtual network?
Because there are multiple tenants (Azure customers) in the same App Service scale unit
What features can be used to handle requests (inbound) to an app on a multi-tenant App Service?
- App Assigned Address
- Access Restrictions
- Service Endpoints
- Private Endpoints
What features can be used to make requests (outbound) from an app on a multi-tenant App Service?
- Hybrid Connections
- Gateway-Required Virtual Network Integration
- Virtual Network Integration
What feature would you use to support IP-based SSL access to your App Service app?
App-Assigned Address
What feature would you use to support an unshared dedicated inbound address to your App Service app?
App-Assigned Address
What feature would you use to restrict access to your App Service app to a set of well-defined addresses?
Access Restrictions
Are the workers in the Free and Shared App Service Plans multi-tenant?
Yes
Are the workers in the Basic and higher App Service Plans multi-tenant?
No, they are dedicated to only one App Service Plan
Do workers in the Free, Shared, Basic, Standard, and Premium tiers all use the same VM type?
Yes
Do workers in the Premium V2 tier and the Premium V3 tier use different VM types from each other and the other tiers?
Yes
Does your outbound IP address change if you change between (Free, Shared, Basic, Standard, Premium), Premium V2, and Premium V3 tiers?
Yes.
What app property in the Azure Portal shows the current outbound addresses your app might use in a scale unit?
Outbound IP Addresses
What is a scale unit?
A scale unit is a group of servers dedicated to a specific role, such as running App Services
What bash command could you use to list the possible outbound IP addresses of an App Service app?
az webapp show \ --resource-group <group_name> \ --name <app_name> \ --query possibleOutboundIpAddresses \ --output tsv
In App Service, what mechanism is used to pass app settings to the application code?
Environment Variables
In App Service Linux and Custom Container Apps, what flag is used to pass variables to the container?
--env