Boston Code Camp – April 2019 Jason Haley

Slides:

Advertisements

Similar presentations

Implementing Tableau Server in an Enterprise Environment

Advertisements

Windows Azure for SharePoint people Dennis – Solution Architect Microsoft Windows Azure.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Understanding Active Directory

Cross Platform Mobile Backend with Mobile Services James

Your storage on the ground; Your files in the cloud.

Partner Practice Enablement - Overview This session will focus on integration strategies for applications deployed using Microsoft Azure Websites and Microsoft.

Securing Microsoft® Exchange Server 2010

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.

Partner Practice Enablement - Overview This session will focus on integration strategies for applications deployed using Microsoft Azure Websites and Microsoft.

Website s Azure Websites is an enterprise class cloud solution for developing, testing and running web apps. Azure Websites allows you to focus on what.

Lugano Microsoft Azure Overview Ken Casada Technical Evangelist Microsoft Switzerland

Terminal Services Technical Overview Olav Tvedt TVEDT.info Microsoft Speaker Community

WEB SERVER SOFTWARE FEATURE SETS

Building and Diagnosing Applications using Visual Studio and Azure SDK Paul Yuknewicz Principal PM Manager.

(ITI310) By Eng. BASSEM ALSAID SESSIONS 10: Internet Information Services (IIS)

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

Building web applications with the Windows Azure Platform Ido Flatow | Senior Architect | Sela | This session.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

1 E-Site - FTP Services Setup / install guide. 2 About FTP services can run on any desired port(s) Runs as a windows service Works for all sites installed.

Architecting Enterprise Workloads on AWS Mike Pfeiffer.

Kurt Jung – Sr. Research Analyst KEMP Technologies

A deep dive into Azure AD B2C

Introduction to Azure App Service Environment

Building ARM IaaS Application Environment

Cloud Services vs. Web Apps

Data Virtualization Tutorial… SSL with CIS Web Data Sources

Deploying Web Application

Enterprise Security in Practice

Microsoft Connect /28/ :21 AM

Automate Custom Solutions Deployment on Office 365 and Azure

6/5/2018 9:51 PM BRK3205 Tips and tricks: Build and deploy modern applications using Azure App Service Stefan Schackow Principal.

Implementing Network Access Protection

Securing the Network Perimeter with ISA 2004

Business Connectivity Services in SharePoint 2010 and Office 2010

Logo here Module 3 Microsoft Azure Web App. Logo here Module Overview Introduction to App Service Overview of Web Apps Hosting Web Applications in Azure.

Logo here Module 8 Implementing and managing Azure networking 1.

Azure App Service inside your virtual network

Master Modern PaaS for the Enterprise with Azure App Service

Power BI Security Best Practices

Cloud Security.

Design and Implement Cloud Data Platform Solutions

Common Security Mistakes

Acutelearn Amazon Web Services Training Classroom Training Instructor led trainings at Acutelearn premises Corporate Training Custom tailored trainings.

Acutelearn Azure Administration Training in Hyderabad Classroom Training Instructor led trainings at Acutelearn premises Corporate Training Custom tailored.

Architecting Enterprise-Ready Networking Solutions in Azure

Azure Infrastructure as a Service

Enterprise security for big data solutions on Azure HDInsight

2017 Real Questions

Microsoft Braindumps Braindumps Dumps4Download.us

Server-to-Client Remote Access and DirectAccess

20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.

Microsoft Virtual Academy

06 | Case Studies James Chambers | Author, Microsoft ASP.NET/IIS MVP

Configuring Internet-related services

Microsoft Virtual Academy

12/8/ :07 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Managing Services with VMM and App Controller

Chapter 10: Advanced Cisco Adaptive Security Appliance

Microsoft Azure.

5 Azure Services Every .NET Developer Needs to Know

A - E Cloud Enterprise Symbols

Route web traffic using Azure CLI

Preferred solution (continued)

Keeping Data Secure In Azure

Microsoft Virtual Academy

Presentation transcript:

Boston Code Camp – April 2019 Jason Haley jason@jasonhaley.com Azure Web Apps 2019 Boston Code Camp – April 2019 Jason Haley jason@jasonhaley.com

Goal of this talk: Highlight newer features of Web Apps Introduce features coming soon Walk through securing a web application Storage Key Vault SQL DB

Newer Features

az webapp up Create and deploy code to a web app Supports: Nodejs Python .NET Core ASP.NET Static HTML In a folder structure at least 2 deep off of c: dotnet new mvc az webapp up –n jhaleybcc1 –l eastus –sku S1

Changes on App Settings blade Now called Configurations Now has tabs FTP configuration added HTTP/2 Support Hidden by default Advanced Edit HTTP/2 support in April 2018 https://blogs.msdn.microsoft.com/appserviceteam/2018/04/13/announcing-http2-support-in-azure-app-service/ FTP changes in May 2018 https://blogs.msdn.microsoft.com/appserviceteam/2018/05/08/web-apps-making-changes-to-ftp-deployments/

Custom domains and SSL Settings blades HTTPS Only Custom domains blade SSL Settings blade Minimum TLS Version Manage .pfx certificates Manage .cer certificates August 2018 announcement https://blogs.msdn.microsoft.com/appserviceteam/2018/08/23/devtalk-app-service-ssl-settings-revamp/

New feature on Networking blade IP Restrictions Allows you to create a white list Enforced at the Front Ends (which are upstream from your app) Support for IP 4 and IP 6 - What is new in Azure App Service Networking – Ignite 2018

New Deployment slots blade Improved UX Allows Testing in production feature Deployment https://blogs.msdn.microsoft.com/appserviceteam/2018/06/04/app-service-deployment-center-preview/

New Deployment Center blade Improved UX Search and filter repositories Revamped log files

Securing Web Apps

Demo Setup Website SQL DB Images in Blob Storage Secrets in Key Vault Azure Data Center Website SQL DB Images in Blob Storage Secrets in Key Vault VNet with Subnet Configure Managed Identity Configure VNet Integration on Web App Configure Service Endpoint/Subnet with SQL DB Configure Service Endpoint/Subnet with Key Vault and add user Configure Service Endpoint/Subnet with Storage and add user Azure Storage Azure Virtual Network App Service Internet Service Endpoints Azure Key Vault Delegated subnet Azure SQL https://github.com/juunas11/Joonasw.ManagedIdentityDemos

Managed Identity Identity blade in Web Apps Allow Azure Resources to authenticate to other resources without storing credentials Available with: Azure Key Vault Azure SQL DB Azure Storage Others (ARM, Azure Data Lake, Event Hubs, Service Bus) System Assigned Connects lifecycle of identity with the web app User Assigned Stand alone resources and have their own lifecycle *Note: Deployments Slots have different Identities Key Vault and Managed Service Identities https://odetocode.com/blogs/scott/archive/2018/06/13/key-vault-and-managed-service-identities.aspx

Overview of Local Setup Add local user to Storage Add local user to SQL Server and client IP to firewall

Create a Managed Identity Enable System Managed Identity in Web App Create AAD group and add new managed identity as a member

New Vnet Integration (Preview) Does not use Point to Site VPN Multi home style integration Backend of your app in your Vnet Requires unused subnet with 32 addresses Needs one address for each App Plan instance Only available on new App Service scale units App and VNet must be in same region

Virtual Network Service Endpoints Extend your VNet to Azure services Available with Azure Storage Azure SQL DB Azure Key Vault Others (SQL Data Warehouse, PostgreSQL, MySQL, Cosmos DB, Service Bus, Event Hubs)

Connect Web App to a VNet Create Vnet Enable Service Endpoints Create NSG and add to Subnet Turn on Vnet Integration (Preview) in Web App

Azure Key Vault Secret, key and certificate management solution Firewalls and virtual networks Connect AKV to subnet IP Firewall Access policies Manage identity permissions Users Managed Identities

Connect Key Vault to a VNet Configure Access policies for Managed Identity or Group Configure Vnet Docs: https://azure.microsoft.com/en-us/resources/samples/app-service-msi-keyvault-dotnet/

Azure Storage Encrypted at rest Soft delete (New) Access control Bring your own key (New) Soft delete (New) Access control Users Managed Identities Firewalls and virtual networks Connect AKV to subnet IP Firewall

Connect Storage to VNet Configure Access control for Managed Identity or Group Configure Vnet

Virtual Network Rule Configures SQL DB to accept communication from a subnet Works with Service Endpoints

Secure SQL DB from Web App with Managed Identity Add managed identity to AAD group Grant SQL DB access to managed identity Change connection string Grant minimal privileges to managed identity in SQL DB (Not admin like shown in image) Tutorial: Secure Azure SQL Database connection from App Service using a managed identity https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi CREATE USER [XXX] FROM EXTERNAL PROVIDER; ALTER ROLE db_datareader ADD MEMBER [XXX]; ALTER ROLE db_datawriter ADD MEMBER [XXX]; ALTER ROLE db_ddladmin ADD MEMBER [XXX];

Connect SQL DB to a VNet Add Network Rule Add AAD Group Managed Identity is in to SQL Server

Demo Setup Website SQL DB Images in Blob Storage Secrets in Key Vault Azure Data Center Website SQL DB Images in Blob Storage Secrets in Key Vault VNet with Subnet Configure Managed Identity Configure VNet Integration on Web App Configure Service Endpoint/Subnet with SQL DB Configure Service Endpoint/Subnet with Key Vault and add user Configure Service Endpoint/Subnet with Storage and add user Azure Storage Azure Virtual Network App Service Internet Service Endpoints Azure Key Vault Delegated subnet Azure SQL https://github.com/juunas11/Joonasw.ManagedIdentityDemos

Resources Samples: What is new in Azure App Service networking https://github.com/juunas11/Joonasw.ManagedIdentityDemos What is new in Azure App Service networking https://bit.ly/2FTre8Y In the security trenches of Azure SQL Database and Azure SQL Data Warehouse https://bit.ly/2S7wdIX Tutorial: Secure Azure SQL Database connection from App Service using a managed identity https://bit.ly/2RkdJAh Learn how to protect your data in Azure Storage with new features and capabilities https://bit.ly/2WjP96m Manage keys, secrets, and certificates for secure apps and data with Azure Key Vault https://bit.ly/2HEfZCU