Azure Web Apps Background

I’ve been working with Azure Web Apps for a long time. Before the launch of Azure Web Apps for Containers (or even Azure Web App on Linux), these web apps ran on Windows Virtual Machines managed by Microsoft. This meant that any workload running behind IIS (i.e., ASP.Net) would run without hiccups — but that was not the case with workloads which preferred Linux over Windows (i.e., Drupal).

Furthermore, the Azure Web Apps that ran on Windows were not customizable. This meant that if your website required a custom tool to work properly, chances are it was not going to work on an Azure Web App, and you’d need to deploy a full-blown IaaS Virtual Machine. There was also a strict lockdown regarding tools and language runtime versions that you couldn’t change. So, if you wanted the latest bleeding-edge language runtime, you weren’t gonna get it.

Azure Web Apps for Containers: Drum Roll

Last year, Microsoft released the Azure Web Apps for Containers or Linux App Service plan offering to the public. This meant we could build a custom Docker image containing all the binaries and files, and then deploy it on the PaaS offering. After working with the product for some time, I was like..

The product was excellent, and it was clear that it had potential. Some of  the benefits:

  • Ability to use a custom Docker image to run the Web App
  • Zero headaches from managing Docker containers
  • The benefits of Azure Web App on Windows like Backups, Kudu, Deployment Slots, Autoscaling (Scale up & Scale out), etc.

Suddenly, running workloads that preferred Linux or required custom binaries became extremely easy.

The Architecture

Compared to Azure Web App on Windows, the architecture implemented in Azure Web App for Containers is different.

diagram of Azure web apps architecture

Each of the above Web Apps is strictly locked down with minimal possibility of modification. Furthermore, the backend storage was based on Network File Shares which means that even if you don’t want any storage (like in cases when your app simply reads data from the database and displays it back), the app would still perform slowly.

diagram of Azure web apps architecture

The major difference is that the Kudu/SCM site runs in a separate container from the actual web app. Both containers are connected to each other with a private network. In this case, each App Service Plan is deployed on a separate Virtual Machine and all the plumbing is managed by Microsoft. The benefits of this approach are:

  • Better isolation. If your Kudu is experiencing issues, it reduces the chance of taking down your actual website.
  • Ability to customize the actual web app container running the website.
  • Better resource utilization

Stay tuned for the next part in which I would be discussing the various options related to Storage which are available in Azure Web App for Containers and their trade-offs.

Happy holidays!

Microsoft US SI of the Year Award at Microsoft Inspire
AIS won the 2018 Microsoft US SI of the Year award for Azure Performance at Microsoft Inspire in Las Vegas. The award recognizes AIS’ work in Azure consumption values, as well as our success as the #1 United States Co-Sell Partner in the Microsoft Co-Sell Initiative. With over $26 million in Azure consumption and over $12 million in total contract value, AIS assisted Microsoft in retiring over $1 million in Azure goals.

Microsoft generated more than 11,000 co-sell wins with partners like AIS during the past 12 months, equating to roughly $5 billion in contract value through the channel. The figures are the result of Microsoft’s newly-formed One Commercial Partner (OCP) roll-out, designed to drive deeper collaboration between internal direct sellers and partners.

Microsoft described the OCP-driven co-sell program as the “largest sales transformation” in decades.

“In less than a year, AIS partnered with the OCP team to conceive and deliver our co-sell offerings with market-leading results,” said Larry Katzman, AIS Vice President of Marketing and Sales. “We leveraged our Cloud Adoption Framework, which is a collection of services we’ve delivered multiple times while helping our clients adopt Azure. We also included our Legacy Modernization offerings.”

AIS will be expanding our co-sell offerings to include our Office 365 and Dynamics 365 adoption programs in the coming year,

“Congratulations to the OCP Team and the AIS Marketing and Sales Teams for turning the OCP vision into a reality so quickly,” said Tom O’Connell, AIS Managing Partner. “This is only the beginning. We built a solid pipeline and see even better results in FY19.”

AIS Team Members Accepting Award

2018 Microsoft US SI of the Year Award

We can do this for you too! Check out our Azure QuickStart offering here.

Azure Data Lake logoFirst Things First…What’s a Data Lake?

If you’re not already familiar with the term, a “data lake” is generally defined as an expansive collection of data that’s held in its original format until needed. Data lakes are repositories of raw data, collected over time, and intended to grow continually. Any data that’s potentially useful for analysis is collected from both inside and outside your organization, and is usually collected as soon as it’s generated. This helps ensure that the data is available and ready for transformation and analysis when needed. Data lakes are central repositories of data that can answer business questions…including questions you haven’t thought of yet.

Azure Data Lake

Azure Data Lake is actually a pair of services: The first is a repository that provides high-performance access to unlimited amounts of data with an optional hierarchical namespace, thus making that data available for analysis. The second is a service that enables batch analysis of that data. Azure Data Lake Storage provides the high performance and unlimited storage infrastructure to support data collection and analysis, while Azure Data Lake Analytics provides an easy-to-use option for an on-demand, job-based, consumption-priced data analysis engine.

We’ll now take a closer look at these two services and where they fit into your cloud ecosystem. Read More…

First announced as a public preview in September 2017, Global VNet Peering is now generally available in all Azure public regions.

Similar to virtual network peering within the same Azure region, Global VNet Peering now lets you seamlessly connect virtual networks in different Azure regions. The connectivity between the peered virtual networks is routed through the Microsoft backbone infrastructure through private IP addresses. VNet peering provides virtual network connectivity without gateways, additional hops, or transit over the public internet. Global VNet Peering can simplify network designs which have cross-regional scenarios for data replication, disaster recovery, and database failover.

While similar, peering within the same region and peering across regions have unique constraints.  These are clearly identified in the Microsoft documentation, so check that out before you get started. Read More…

As part of AIS Managed Services, we provide proactive management and reactive support of infrastructure and applications at a predictable monthly cost. Recently, during a routine infrastructure health check, we noticed that Azure was failing to take backups for a particular virtual machine. Why?

The Environment

The client is a medium-sized outdoor equipment vendor. For this enterprise customer, we have configured Azure Recovery Services to take a daily backup of all the virtual machines in the production environment. The environment is set up with four domain controllers. Two of them are hosted in Azure while the other two are hosted on-premises. All domain controllers are running Windows Server 2008 R2. Both domain controllers hosted in Azure have 120GB System Drives attached to them, with only Active Directory Domain Services and DNS Server roles present on the server. Read More…

I had the opportunity to attend the first Azure Government HackFest & Training on June 7 and June 8, 2017 with several of my AIS colleagues (Jonathan Eckman, Nicolas Mark, and Brian Rudolph) and it did not disappoint. This event was a great opportunity for me personally to learn more about Azure and spend some time applying that new information to work on an interesting problem.  I know that many of you might be considering attending another HackFest, so I wanted to take some time to tell you about the event and what I learned.  I also wanted to give you a few tips if you attend one of these in the future.

Day One started off with a number of training/knowledge-sharing sessions with the Microsoft Azure Government Engineering Team, providing an overview of Azure Gov, Security, Lift and Shift, Azure HDInsight, and Cognitive Services. The information provided was detailed enough that it wasn’t marketing material, but not so deep to be too difficult for general IT pros to grasp. Kudos to those that presented from the Microsoft Azure Engineering Team! Read More…

AIS is proud to announce we’ve officially joined the Microsoft FastTrack for Azure program! Microsoft FastTrack for Azure provides direct assistance from Microsoft and a Microsoft partner to help customers build their desired cloud-based solutions with maximum speed and confidence. AIS will work side-by-side with Microsoft engineers to guide our mutual customers from setup, configuration, and development to production, focusing on the following Azure solutions:

  • Development and test
  • Backup and archive
  • Disaster recovery
  • Line of business applications (database migration, app modernization, app “lift and shift”)

The FastTrack program will guide you through the three key phases of a successful cloud journey: Envisioning, onboarding, and deployment to quickly realize the business benefits of moving to Azure. It’s a process we here at AIS know very well, so we’re looking forward to helping even more customers take their first steps into the cloud.

Ready to get started?

FastTrack for Azure is available to select Azure customers in the United States, Canada and Australia. You can find out more here or contact us for more information.

 

 

At the Microsoft BUILD 2017 Day One keynote, Harry Shum announced the ability to customize the vision API. In the past, the cognitive vision API came with a pre-trained model. That meant that as a user, you could upload a picture and have the pre-trained model analyze it. You can expect to have your image classified based on the 2,000+ (and constantly growing) categories that the model is trained on. You can also get information such as tags based on the image, detect human faces, recognize hand-written text inside the image, etc.

But what if you wanted to work with images pertinent to your specific business domain? And what if those images fall outside of the 2,000 pre-trained categories? This is where the custom vision API comes in. With the custom vision API, you can train the model on your own images in just four steps: Read More…

Azure Role-Based Access Control (RBAC) offers the powerful ability to accord permissions based on the principle of “least privilege.” In this short video, we extend the idea of Azure RBAC to implement a JIT (just in time) permission control. We think a JIT model can be useful for the following reasons:

1) Ability to balance the desire for “least privilege” with the cost of managing an exploding number of fine-grained permission rules (hundreds of permission types, combined with hundreds of resources).

2) Allow coarse-grained access (typically DevOps teams need access to multiple services) that is “context aware” (permission is granted during the context of a task).

Of course JIT can only be successful if its accompanied with smart automation (so users have instant access to permissions that they need and when they need them).

Interested? Watch this 15-minute video that goes over the concepts and a short demonstration of JIT with Azure RBAC.