How To Migrate Existing Azure Assets to Azure App Service - azure

Can existing Azure assets, i.e. cloud services, notification hubs, SQL servers and databases, storage accounts and service buses be migrated to a Azure App Service? If so, how?

The Azure App Service (Mobile Service App) can use an existing Notification Hub. Using the "Push" setting, you can select a hub within the same resource group.
For Azure App Services, when you configure the notification hub for your app service, you could choose an existing Notification Hub. Note: You could choose an existing notification hub across different resource groups and under different locations. Moreover, when you add a new hub under "SETTINGS > Push" of your app service on Azure Portal, it would create a new notification hub within the same resource group for your app service and the location for the new hub would use the location of your resource group. I would recommend you follow Azure Resource Manager overview and Azure App Service plan overview for a better understanding of Resource Group and App service plan.
Can existing Azure assets, i.e. cloud services, notification hubs, SQL servers and databases, storage accounts and service buses be migrated to a Azure App Service?
For cloud services, I just found migrate an cloud services to service fabric and migrate the web application to cloud service. AFAIK, if you want to migrate your cloud services application to azure app service, you need to adjust your project and deploy it to your app service.
For SQL servers and databases, storage accounts and service buses, you just need to change the connection string for the specific services when communicating with them programmatically in your app service. Moreover, in order to reduce the latency between your app service with other azure services, you need to make sure they are in the same data center or closer to each other.

Related

Securing and configuring Azure Service Bus for public facing webapp (using B2C) to call downstream APIs and services using AAD

Follow up to other question posted here:
Azure microservices: authenticating downstream APIs from B2C to Azure AD, how to configure AD?
All our apps and microservices are hosted in a AKS cluster.
Want to have a single webapp decoupled from other services: using a message broker seems a good approach.
How should a public-facing portal be setup to be able to push data down into a queue or endpoint
How can calls to specific API endpoints and microservices to and from the webapp be secured from the public FE?
How would this be configured in terms of authentication, app reg etc.?
Lets answer your questions one after another which you have.
The first question
How should a public-facing portal be setup to be able to push data down into a queue or endpoint ?
For this first we need to use a Web API to push data to Azure Service Bus Queue. You can create a new ASP.NET Core Web API project and install Azure Service Bus NuGet package. Check this document for the way to do it.
Then we can use Service Bus Queue trigger Azure function to read the message from the queue and the process it or store it depending on the requirement. Check Azure Service Bus trigger for Azure Functions for more information.
The second question
How can calls to specific API endpoints and microservices to and from the webapp be secured from the public FE ?
We can achieve this requirement by securing the front end using Application Gateway. We need to configure Application Gateway in front of the Web API.
Check this Configure App Service with Application Gateway document from Microsoft for more information.
Lastly, the third question
How would this be configured in terms of authentication, app reg etc.?
In this case we can use Azure Managed Identity. Managed identities provide an identity for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication.
So, we can use Azure Managed Identities with the Azure Resources like AKS. Check this Use managed identities in Azure Kubernetes Service for more information.

Is it possible to use an Azure Classic Service Connection in my Release pipeline to deploy App Service?

This is a follow up to this question (Is it possible to use DevOps to deploy to an Azure App Service if I don't have access to Azure Active Directory?) where I can't create a service connection if I don't have access to Azure AD for my tenant.
The standard Service Connection creates a service principal which can't be done if there is no access to Azure AD. So I'm trying to see if I can create an Azure Classic Service Connection instead.
I seem to be able to create the service connection and I've verified and saved it okay.
However, it doesn't appear in the dropdown list in the Deploy Azure App Services task.
Am I doing something wrong? I'm trying this on a free trial tenant where I do definitely have access to Azure AD. I can't find any documentation to say Service Connections can't be Azure Classic.
If this is a restrictions for Pipelines, is it possible to deploy to an App Service in Azure without Azure AD access?
No, the Azure App Service Deploy task doesn't support classic service connections.
From the docs:
The task does not work with the Azure Classic service connection, and it will not list these connections in the settings of the task.

is there a way to block swapping of slots of azure app service

In my organization, we have setup of master branch of asp.net core app targeting to azure app service and other braches targeting to slots of same azure app service.
We have a requirement block any user in azure portal or any azure devops YAML pipeline's service connection to swap a slot of any azure app service.
Is there an azure policy which can enforce this rule.
If not then can we create service connection that can only either target azure app service or a slot in that app service
Azure Policy is not user aware, so you can not block. This should be possible using RBAC.

Why is my Azure App Service charging two plans?

I have several App services, some of them are on a Free tier and some of them are on a Shared tier.
For some reason Azure is charging both plans for each App Service and I don't undestand why.
Also, I checked their App Service Plan and it is on a Free Tier.
Any insights on this?
Try to list all your App Service Plans (the compute behind an App Service) in the Azure Portal. ("All services" and the App Service Plans in the navigation) This will give you an overview of App Service Plans and how many "apps" you have on them. Technically you can have an App Service Plan with no apps but with cost.
When you create new App Service (Web, Api ect.) you can choose to create a new App Service Plan or re-use an existing. You can therefore end up with re-creating new App Services Plans (with billing also) everytime you create and App Service.
Also be aware that when you scale out (more instances) you are billed for every instance (as a seperate App Service Plan).
List of App Service plans in the Azure Portal
Could it be that your App Service has a connected service (like Application Insights) that exists on another plan? Or if you have a deployment slot on the App Service that belongs to another plan?

Can we create an Azure Service Bus (to debug Workflow & Remote Event Receivers) inside Azure VM

I am developing some Provider Hosted add-ins for my SharePoint online tenant, and the Provider Hosted add-ins contain WCFs to implement Remote Event Receivers. Now I know that inside Azure subscription account, i can create a new Service Bus, to use it inside my visual studio projects, for debugging and testing my remote event receivers and workflows. For example inside my Azure web portal i have created this service bus:-
then inside the visual studio's Provider Hosted add-ins Project i entered the service bus information, as follow:-
This allowed me to debug and test my Remote Event Receivers code (actually i did not find any other way to debug my Remote Event Receivers, rather than specifying an Azure Service Bus). now my question is, if we chose to have an Azure Virtual Machine, instated of Azure subscription. will we still be able to create an Azure service bus or similar functionality inside IIS? or this option is only provided as part of Azure subscription account?
If the answer, is No (i can not create a service bus inside Azure VM), then is there a way i can debug and test my Remote Event Receivers code, without using Azure service BUS?
Thanks
Azure Service Bus is a hostess on azure service. You can't "create" or "emulate" it on premises or VM.
if we chose to have an Azure Virtual Machine, instated of Azure subscription. will we still be able to create an Azure service bus inside IIS? or this option is only provided as part of Azure subscription?
Through Azure subscription you get access to services and they're resources. Such as VMs and Azure Service Bus. To use a VM you don't have to use Azure subscription as you could soon one on your machine if you'd like. But you can't run your own Service Bus. IIS or not. For that you'll need to have an acute subscription and create a namespace under Service Bus.
If the answer, is No (i can not create a service bus inside Azure VM), then is there a way i can debug and test my Remote Event Receiver, without using Azure service BUS??
As mentioned above, you could use a namespace for testing purposes from a VM as long as that VM has access to the internet.

Resources