Presentation is loading. Please wait.

Presentation is loading. Please wait.

Boston Code Camp – April 2019 Jason Haley

Published byJosé Ramón Pedro Palma Modified over 5 years ago

Similar presentations

Presentation on theme: "Boston Code Camp – April 2019 Jason Haley"— Presentation transcript:

1 Boston Code Camp – April 2019 Jason Haley jason@jasonhaley.com
Azure Web Apps 2019 Boston Code Camp – April 2019 Jason Haley

2 Goal of this talk: Highlight newer features of Web Apps
Introduce features coming soon Walk through securing a web application Storage Key Vault SQL DB

3 Newer Features

4 az webapp up Create and deploy code to a web app Supports: Nodejs
Python .NET Core ASP.NET Static HTML In a folder structure at least 2 deep off of c: dotnet new mvc az webapp up –n jhaleybcc1 –l eastus –sku S1

5

6 Changes on App Settings blade
Now called Configurations Now has tabs FTP configuration added HTTP/2 Support Hidden by default Advanced Edit HTTP/2 support in April 2018 FTP changes in May 2018

7 Custom domains and SSL Settings blades
HTTPS Only Custom domains blade SSL Settings blade Minimum TLS Version Manage .pfx certificates Manage .cer certificates August 2018 announcement

8 New feature on Networking blade
IP Restrictions Allows you to create a white list Enforced at the Front Ends (which are upstream from your app) Support for IP 4 and IP 6 - What is new in Azure App Service Networking – Ignite 2018

9 New Deployment slots blade
Improved UX Allows Testing in production feature Deployment

10 New Deployment Center blade
Improved UX Search and filter repositories Revamped log files

11 Securing Web Apps

12 Demo Setup Website SQL DB Images in Blob Storage Secrets in Key Vault
Azure Data Center Website SQL DB Images in Blob Storage Secrets in Key Vault VNet with Subnet Configure Managed Identity Configure VNet Integration on Web App Configure Service Endpoint/Subnet with SQL DB Configure Service Endpoint/Subnet with Key Vault and add user Configure Service Endpoint/Subnet with Storage and add user Azure Storage Azure Virtual Network App Service Internet Service Endpoints Azure Key Vault Delegated subnet Azure SQL

13 Managed Identity Identity blade in Web Apps
Allow Azure Resources to authenticate to other resources without storing credentials Available with: Azure Key Vault Azure SQL DB Azure Storage Others (ARM, Azure Data Lake, Event Hubs, Service Bus) System Assigned Connects lifecycle of identity with the web app User Assigned Stand alone resources and have their own lifecycle *Note: Deployments Slots have different Identities Key Vault and Managed Service Identities

14 Overview of Local Setup
Add local user to Storage Add local user to SQL Server and client IP to firewall

15 Create a Managed Identity
Enable System Managed Identity in Web App Create AAD group and add new managed identity as a member

16 New Vnet Integration (Preview)
Does not use Point to Site VPN Multi home style integration Backend of your app in your Vnet Requires unused subnet with 32 addresses Needs one address for each App Plan instance Only available on new App Service scale units App and VNet must be in same region

17 Virtual Network Service Endpoints
Extend your VNet to Azure services Available with Azure Storage Azure SQL DB Azure Key Vault Others (SQL Data Warehouse, PostgreSQL, MySQL, Cosmos DB, Service Bus, Event Hubs)

18 Connect Web App to a VNet
Create Vnet Enable Service Endpoints Create NSG and add to Subnet Turn on Vnet Integration (Preview) in Web App

19 Azure Key Vault Secret, key and certificate management solution
Firewalls and virtual networks Connect AKV to subnet IP Firewall Access policies Manage identity permissions Users Managed Identities

20 Connect Key Vault to a VNet
Configure Access policies for Managed Identity or Group Configure Vnet Docs:

21 Azure Storage Encrypted at rest Soft delete (New) Access control
Bring your own key (New) Soft delete (New) Access control Users Managed Identities Firewalls and virtual networks Connect AKV to subnet IP Firewall

22 Connect Storage to VNet
Configure Access control for Managed Identity or Group Configure Vnet

23 Virtual Network Rule Configures SQL DB to accept communication from a subnet Works with Service Endpoints

24 Secure SQL DB from Web App with Managed Identity
Add managed identity to AAD group Grant SQL DB access to managed identity Change connection string Grant minimal privileges to managed identity in SQL DB (Not admin like shown in image) Tutorial: Secure Azure SQL Database connection from App Service using a managed identity CREATE USER [XXX] FROM EXTERNAL PROVIDER; ALTER ROLE db_datareader ADD MEMBER [XXX]; ALTER ROLE db_datawriter ADD MEMBER [XXX]; ALTER ROLE db_ddladmin ADD MEMBER [XXX];

25 Connect SQL DB to a VNet Add Network Rule
Add AAD Group Managed Identity is in to SQL Server

26 Demo Setup Website SQL DB Images in Blob Storage Secrets in Key Vault
Azure Data Center Website SQL DB Images in Blob Storage Secrets in Key Vault VNet with Subnet Configure Managed Identity Configure VNet Integration on Web App Configure Service Endpoint/Subnet with SQL DB Configure Service Endpoint/Subnet with Key Vault and add user Configure Service Endpoint/Subnet with Storage and add user Azure Storage Azure Virtual Network App Service Internet Service Endpoints Azure Key Vault Delegated subnet Azure SQL

27 Resources Samples: What is new in Azure App Service networking
What is new in Azure App Service networking In the security trenches of Azure SQL Database and Azure SQL Data Warehouse Tutorial: Secure Azure SQL Database connection from App Service using a managed identity Learn how to protect your data in Azure Storage with new features and capabilities Manage keys, secrets, and certificates for secure apps and data with Azure Key Vault

Download ppt "Boston Code Camp – April 2019 Jason Haley"

Similar presentations

Implementing Tableau Server in an Enterprise Environment

Implementing Tableau Server in an Enterprise Environment
Windows Azure for SharePoint people Dennis – Solution Architect Microsoft Windows Azure.

Windows Azure for SharePoint people Dennis – Solution Architect Microsoft Windows Azure.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Understanding Active Directory

Understanding Active Directory
Cross Platform Mobile Backend with Mobile Services James

Cross Platform Mobile Backend with Mobile Services James
Your storage on the ground; Your files in the cloud.

Your storage on the ground; Your files in the cloud.
Partner Practice Enablement - Overview This session will focus on integration strategies for applications deployed using Microsoft Azure Websites and Microsoft.

Partner Practice Enablement - Overview This session will focus on integration strategies for applications deployed using Microsoft Azure Websites and Microsoft.
Securing Microsoft® Exchange Server 2010

Securing Microsoft® Exchange Server 2010
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.

Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.
Partner Practice Enablement - Overview This session will focus on integration strategies for applications deployed using Microsoft Azure Websites and Microsoft.

Partner Practice Enablement - Overview This session will focus on integration strategies for applications deployed using Microsoft Azure Websites and Microsoft.
Website s Azure Websites is an enterprise class cloud solution for developing, testing and running web apps. Azure Websites allows you to focus on what.

Website s Azure Websites is an enterprise class cloud solution for developing, testing and running web apps. Azure Websites allows you to focus on what.
2014 - Lugano Microsoft Azure Overview Ken Casada Technical Evangelist Microsoft Switzerland

Lugano Microsoft Azure Overview Ken Casada Technical Evangelist Microsoft Switzerland
Terminal Services Technical Overview Olav Tvedt TVEDT.info Microsoft Speaker Community

Terminal Services Technical Overview Olav Tvedt TVEDT.info Microsoft Speaker Community
WEB SERVER SOFTWARE FEATURE SETS

WEB SERVER SOFTWARE FEATURE SETS
Building and Diagnosing Applications using Visual Studio and Azure SDK Paul Yuknewicz Principal PM Manager.

Building and Diagnosing Applications using Visual Studio and Azure SDK Paul Yuknewicz Principal PM Manager.
(ITI310) By Eng. BASSEM ALSAID SESSIONS 10: Internet Information Services (IIS)

(ITI310) By Eng. BASSEM ALSAID SESSIONS 10: Internet Information Services (IIS)
IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.
Building web applications with the Windows Azure Platform Ido Flatow | Senior Architect | Sela | This session.

Building web applications with the Windows Azure Platform Ido Flatow | Senior Architect | Sela | This session.

Similar presentations

Ads by Google