We are currently using Application Insights in our self-hosted web app, and we are trying to migrate the app to a new VM hosted in Azure. In this case is there anything I need to do to make my Application Insight to continue to work? Do I need to white list the new VMs?
There is no way to configure Application Insights to only accept data from certain IPs. So you don't need to whitelist anything in Application Insights.
If anything, you might want to keep track on what outgoing traffic your VM has. In this case, you need to whitelist Application Insights in that direction.
Related
On my on premise servers, we have two set of web apis:
service.xxxx.net/chartdata/data
service.xxxx.net/chartimage/image
We are in the process of moving our sites to azure (as two web apps). The big boss wants to keep the url structure on azure. I did some research and seems application gateway can achieve that.
However, when setting up an application gateway, I need to provide vnet and subnet information. As it is just two web apps, I don't really have a vnet.
So this makes me wonder if application gateway is indeed the right choice or not? Maybe there is something else?
App gateway is the right solution for a single region.
You need to create Vnet for the App Gateway not for the web apps. You can check this tutorial:
https://learn.microsoft.com/en-us/learn/modules/load-balance-web-traffic-with-application-gateway/
https://learn.microsoft.com/en-us/learn/modules/load-balance-web-traffic-with-application-gateway/5-exercise-create-configure-application-gateway
For multiple regions, Azure Front Door is a the right one: https://azure.microsoft.com/en-us/services/frontdoor/
I have a web application that is currently running on IIS in 3 Azure VMs. I have been working to make my application App-Services friendly, but would like to test the migration to App-Services in a safe / controlled environment.
Would it be possible to spin up the App-Service and use an Azure Load Balancer to redirect a percentage of traffic off the VM and onto the App-Service?
Is there any other technology that would help me get there?
You might be able to achieve this if you are using an App Service Environment and an internal load balancer
https://learn.microsoft.com/en-us/azure/app-service/environment/app-service-environment-with-internal-load-balancer
However, based on your description of your current setup I don't believe there is an ideal solution for this as a standard load balancer only allows for the backend ports to map to VMs. Using an Application Gateway might be another option as well
https://learn.microsoft.com/en-us/azure/application-gateway/
I would suggest you make use of the deployment and production slots available that comes a Web App. Once you have the webapp running in the dev slots, test the site to ensure all works as expected. Once it does, switch it to the production slot and reroute all traffic from the VMs to the App Service.
All in all, running an app on a Web App is quite simple. Microsoft takes away the need to manage the VM settings so you can simply deploy and run. I don't see you having any issues simply migrating. The likelihood for issues is small. You can also minimalism it by performing the migration during off hours in case you need to make any changes.
There is also some Web App migration guidance you might find useful
https://learn.microsoft.com/en-us/dotnet/azure/dotnet-howto-choose-migration?view=azure-dotnet
Technical Stack
Imperva WAF
Angular 7
Azure WebApp
We are planning to deploy Angular 7 build in Azure WebApp and will add custom domain to it which will be behind Imperva WAF. WAF will make sure that only whitelisted IPs can access site. WebApp gets WAF IPs instead of client IPs.
In this case, we are not able to trace usage reports for given client IPs. So as per suggestion, we want to add these data into App Insights to make sure we have all to get the usage reports.
How to implement this? Do we have anything to write custom code to implement this?
Please correct me if I misunderstand you.
There is application insights sdk, you can take use of it like use methods trackTrace / trackEvent to add your custom log.
You can also search by google, there're lots of examples of using application insights for logging with code.
Hope it helps.
I have Azure App Services behind the Azure Application Gateway/Firewall. There are few application that talks between them. Does that applications talk internally(using xxx.azurewebsites.net) or they talk with public domain(mydomain.com)?
Also, how to check these things in logs.
Current configuration:
HTTPSettings: Pick hostname from the backend address has checked.
Probes: pick hostname from backend https settings has checked.
To answer your question, No if your applications are inside azure's network, it usually wont go through the public domain. But it will go through the firewall/gateways and follow the same networking restriction you have defined.
What logs you want to check? if you want to see the application event logs you can do it using scm. You can access it via Diagnostics/Advanced Tools in your azure app services.
You can enable Access Logs in the Application gateway to see all the request that hits Application Gateway. It has the hostname field where you can check how the site is being accessed.
Let me know if you have any further questions.
We are trying to migrate our ASP.NET web apps to an Azure VM. We have about 5 apps under our website, but we need to do these one by one. The problem is when we migrate one app to an Azure VM IIS, we need to maintain the URL and not disturb the 4 remaining web apps. Below is an image better explaining what I need to do:
See Image
Notice I need to maintain the original URL (https://www.site1.com/App1-1) when moved to the Azure VM. We had thought about doing a reverse proxy for that one app, but I think that would put too much extra traffic going back and forth.
I know this is probably not the best way of migrating things to Azure. Refactoring the app is slated for the future. This is a "lift and shift" interim solution. Any suggestions or tips would be greatly appreciated!
You can do something like:
Migrated the app to Azure VM and test it first to confirm it working
Configure the custom DNS entry to point to the app in Azure. You can read more here
https://learn.microsoft.com/en-in/azure/dns/dns-domain-delegation
Switch off the app from the local server once DNS entry in Azure is active.
Migrate other apps