Related
I already have a domain name purchase from Google Domains.
I would like to host this site on Microsoft Azure, How should I plan to purchase all the required resources on Azure, if I want to host a Wordpress site, but would also need control over the size, if in future I plan to host some microsite with NodeJS or any other technologies like Java or .Net Core.
What would be my cost per month considering the above requirements?
Below is the list that I envisioned that I may need, can anyone suggest something this I missed.
A VM with Ubuntu (That would take care of Wordpress, Database(MySQL), NodeJS, Java and others)
Map my domain with Azure and map it with the VM
The solution you're thinking of is also known as IaaS (Infrastructure as a Service) and it is something you'd usually consider when migrating from an on-prem solution where you already have the VMs images for your needs.
In your particular case I'd recommend looking into PaaS (Platform as a Service) - specifically Azure App Service.
Everything you enumerated can be hosted in an Azure App Service as it supports all major technologies for deploying web apps today (.Net, Node.js, Java, etc).
In addition to your own code, Azure offers a number of build-in templates for 3rd party vendors that allow you to deploy pre-packaged solutions such as Wordpress without having to worry about the installation yourself. See this Wordpress on Azure article for more details.
Pricing information for Azure Web Apps can be found on the docs page. In your case I suspect you could do with a B1 or S1 instance.
Lastly, for your domain name, you can easily map and configure any custom domain to an Azure Web App by simply updating the DNS records in your Domain Management system and reference that in the Azure Portal. See docs for details.
Adding to Alex's response. To provide you a good understanding on hosting website on Azure. Firstly, I wish to highlight that Azure offers several ways to host websites: Azure App Service WebApps (PAAS solution), Virtual Machines (IAAS), Service Fabric, and Cloud Services.
Azure App Service (PAAS solution) is the best choice for most web apps. Deployment and management are integrated into the platform, sites can scale quickly to handle high traffic loads, and the built-in load balancing and traffic manager provide high availability.
WebApp is a fully managed compute platform that is optimized for hosting websites and web applications.
If you wish to host your website/app on an Azure VM (IAAS solution), you would typically install, design and configure the app in a similar way as you would onprem. If you have an existing application that would require substantial modifications to run in App Service you could choose Virtual Machines in order to simplify migrating to the cloud.
Take a look at the supported and unsupported configuration on App Service Migrate - Migration checklist when moving to Azure App Service : https://azure.microsoft.com/en-us/blog/migration-checklist-when-moving-to-azure-app-service/
I been wondering how secure/dangerous could be to run a PHP WebApp (WebApp-A) in Azure when there is another WebApp (WebApp-B that could be a .Net app) running on the same Azure subscription.
Could WebApp-A run some malicious script and affect the server instance of WebApp-B?
There's no way to give a blanket-statement answer regarding malicious scripts, attack surfaces, etc. There are many vulnerabilities showing up daily (which have nothing to do with web apps - just attacks in general).
That said: Every web app in Azure is going to have its own sandbox with its own files, etc. The only thing shared between web apps? The app service plan hosting the web app(s) (you may have multiple web apps on an app service plan). But the only thing they share are things like CPU. Everything from a code standpoint is isolated.
You'd need to take explicit steps to grant access across web apps (e.g. add them to the same vnet).
I have a azure cloud service (a server) where i host a Redis database. I also have a web site hosted in azure web sites. I want the web site to be able to talk to the Redis DB on port 6379. I know I can configure a public endpoint for that port on my server but that would open it for whole Internet. I want it opened only for azure web sites (or even better, only for my web site). How can i do this?
Windows Azure Web Sites is in an isolation bubble separate from your Cloud Services and there's no way to bridge that gap. Ideally you'd do this by connecting the web site machine to other Azure services via a Virtual Network, but this FAQ confirms you can't do that right now:
Can I use Windows Azure websites with Virtual Network?
No. We do not support websites with virtual networks.
Opening Redis up over the internet shouldn't even be considered as it doesn't have the kind of security you'd want out of the box to be opening up its port publicly as it is meant to be co-located with your application, so you really wouldn't want to do that. Never mind the added network overhead which will eat into the performance you expect to get by leveraging something like Redis anyway.
I believe your best bet given your current configuration is to add a Web Role that's part of the same Azure Cloud Service and run your web based application out of that so that it can communicate with worker role. It only requires a little bit of configuration to get this going (i.e. adding an InternalEndpoint to the Redis Worker Role). While I realize Web Roles don't offer as frictionless a development model as Web Sites, you have to choose the right tool for the job.
Another option, if you want to setup your Redis on a VM instead of tying it to the Cloud Service directly, is that you can setup a Virtual Network, put the Redis VM on the virtual network and then configure the Cloud Service so that it's part of the same affinity group and add the NetworkConfiguration/VirtualNetworkSite configuration section to the Cloud Service's .cscfg.
Which approach makes more sense all depends on how you leverage your Redis instance, but the main benefit of the latter approach is that the Redis instance is not recreated each time you deploy your Cloud Service and, so, any data that's in it will stay available between deployments. Another benefit is if you want to build and leverage a Redis cluster across multiple Cloud Services this enables you to do that.
What are the material differences between the new Azure Web Sites and the traditional Azure Web Roles for an ASP.NET MVC application? What reason would I choose a "web site" over a "web role" or vice versa?
Let's assume that I would need equal capacity in either case (e.g. 2 small instances). The prices seem comparable other than the fact that there is a 33% temporary discount for web sites while they are in their preview period.
Are there things that I can do with a "web site" that are difficulty or impossible with a web role? For example, does it become easy to put multiple web sites in a single set of VMs using "web sites"? Do I lose anything with a "web site" vs a "web role"? Ability to fine tune IIS? Ability to use the Cache service locally?
Web Roles give you several features beyond Web Apps (formerly Web Sites):
Ability to run elevated startup scripts to install apps, modify registry settings, install performance counters, fine-tune IIS, etc.
Ability to split an app up into tiers (maybe Web Role for front end, Worker Role for backend processing) and scale independently
Ability to RDP into your VM for debugging purposes
Network isolation
Dedicated virtual IP address, which allows web role instances in a cloud service to access IP-restricted Virtual Machines
ACL-restricted endpoints (added in Azure SDK 2.3, April 2014)
Support for any TCP/UDP ports (Web Sites are restricted to TCP 80/443)
Web Apps have advantages over Web Roles though:
Near-instant deployment with deployment history / rollbacks
Visual Studio Online, github, local git, ftp, CodePlex, DropBox, BitBucket deployment support
Ability to roll out one of numerous CMS's and frameworks, (like WordPress, Joomla, Django, MediaWiki, etc.)
Use of SQL Database or MySQL
Simple and fast to scale from free tier to shared tier to dedicated tier
Web Jobs
Backups of Web Site content
Built-in web-based debugging tools (simple cmd/powershell debug console, process explorer, diagnostic tools like log streaming, etc.)
With the April 2014 and September 2014 rollouts, there are now some features common to both Web Apps and Web Roles (and Worker Roles), including:
Staging+production slots
Wildcard DNS, SSL certificates
Visual Studio integration
Traffic Manager support
Virtual Network support
Here's a screengrab I took from the Web Sites gallery selection form:
I think Web Apps are a great way to get up and running quickly, where you can move from shared to reserved resources. Once you outgrow this, you can then move up to Web Roles and expand as you need.
EDIT 2014: For what it's worth, a lot of the info in this answer is no longer correct - see comments.
Add more to #David response:
With Windows Azure Websites, you don't have control over IIS or web Server because you are using a resources slice along with hundreds of other website on the same machine, you are sharing resources like any other so there is no control over IIS.
The big difference between a website shared and Azure web role is that a web-site is considered process bound while roles are VM bound.
Websites are stored on a content share which is accessible from all the "web servers" in the farm so there is no replication or anything like that required.
Windows Azure websites can not have their own host name instead they must use websitename.azurewebsites.net only and you sure can use CNAME setting in your DNS provider to route your request exactly same with previous Windows Azure Role only when they are running in reserved mode. CNAME setting is not supported for shared websites.
I've just posted a comprehensive blog post on this very subject at http://robdmoore.id.au/blog/2012/06/09/windows-azure-web-sites-vs-web-roles/.
An excerpt from my conclusion: If you need enormous scale, SSL, Asian or West US data centres, a non-standard configuration (of IIS, ports, diagnostics, security certs or start up scripts), RDP or cost-effective Worker Roles (combined with your Web Role) then you are going to have to stick to Web Roles for now.
Otherwise, Web Sites is a great option!
Azure Web Role is like a virtual private host. You get a VM that acts as your web server, and you own that VM instance.
Azure Web Sites are like an elastic shared hosting service. You deploy your app to a web server that is not controlled by you and which also servers other users' sites. You can scale your site up and down (at some extra charge) to make it more elastic as your resource needs shift.
There is one more scenario that is up the air: After these 500 exceptions are eliminated, they haven't said anything about the ability of Azure Websites to handle wildcard CNAME's. Several of us are using Nate's Web Role Accelerator in Cloud Services, becuase a one-line hack provided wildcard subdomain capability in Nate's software. We can't move these wildcard subdomain apps until we know that Azure Websites will be able to handle them. If it won't ever be able to do that, then it goes down as a positive on the Web Role side of the equation. Also of note is that with pricing being exactly the same (after the preview discount expires), I'm not sure I want to give up my access to RDC and Event Viewer (just to mention two things).
Azure Web Sites enables you to build highly scalable web sites quickly on Azure. You can use the Azure Portal or the command-line tools to set up a web site with popular languages such as .NET, PHP, Node.js, and Python. Supported frameworks are already deployed and do not require more installation steps. The Azure Web Sites gallery contains many third-party applications, such as Drupal and WordPress as well as development frameworks such as Django and CakePHP. After creating a site, you can either migrate an existing web site or build a completely new web site. Web Sites eliminates the need to manage the physical hardware, and it also provides several scaling options. You can move from a shared multi-tenant model to a standard mode where dedicated machines service incoming traffic. Web Sites also enable you to integrate with other Azure services, such as SQL Database, Service Bus, and Storage. Using the Azure WebJobs SDK preview, you can add background processing. In summary, Azure Web Sites make it easier to focus on application development by supporting a wide range of languages, open source applications, and deployment methodologies (FTP, Git, Web Deploy, or TFS). If you don’t have specialized requirements that require Cloud Services or Virtual Machines, an Azure Web Site is most likely the best choice.
Cloud Services enable you to create highly-available, scalable web applications in a rich Platform as a Service (PaaS) environment. Unlike Web Sites, a cloud service is created first in a development environment, such as Visual Studio, before being deployed to Azure. Frameworks, such as PHP, require custom deployment steps or tasks that install the framework on role startup. The main advantage of Cloud Services is the ability to support more complex multitier architectures. A single cloud service could consist of a frontend web role and one or more worker roles. Each tier can be scaled independently. There is also an increased level of control over your web application infrastructure. For example, you can remote desktop onto the machines that are running the role instances. You can also script more advanced IIS and machine configuration changes that run at role startup, including tasks that require administrator control.
Virtual Machines enable you to run web applications on virtual machines in Azure. This capability is also known as Infrastructure as a Service (IaaS). Create new Windows Server or Linux machines through the portal, or upload an existing virtual machine image. Virtual Machines give you the most control over the operating system, configuration, and installed software and services. This is a good option for quickly migrating complex on-premises web applications to the cloud, because the machines can be moved as a whole. With Virtual Networks, you can also connect these virtual machines to on-premises corporate networks. As with Cloud Services, you have remote access to these machines and the ability to perform configuration changes at the administrative level. However, unlike Web Sites and Cloud Services, you must manage your virtual machine images and application architecture completely at the infrastructure level. One basic example is that you have to apply your own patches to the operating system.
See updated and comprehensive comparison from this link: http://azure.microsoft.com/en-us/documentation/articles/choose-web-site-cloud-service-vm/
Azure Websites, Web Workers and Virtual Machines are three different computing approaches available on Windows Azure. They differ in the level of control and responsibilities:
Azure Website have lowest level of control, but you don't care about keeping in health virtual machine and IIS, because Azure stuff do this for you
Web Roles give you more control (traffic manager, remote desktop), but more administration is possible on your side which means that you can break something via remote desktop for example
Virtual Machines gives you full control of VM, so require the most administration efforts.
There is no one best choice, because it depends on what level of control you need, what features you need and what you want to leave Azure stuff to maintain. And it is big topic..
Please look at this articles for more information to make more informed choice:
http://www.windowsazure.com/en-us/documentation/articles/choose-web-site-cloud-service-vm/
http://davidpallmann.blogspot.com/2012/06/reintroducing-windows-azure-part-2.html
It boils down to tradeoff between ease of use and capabilities.
Two more things I found was cost of getting SSL for a custom domain site and Multi-tenant configurations.
For website you need to pay monthly on top of standard instance (Small instance is the cheapest option). This means in order to get custom domain https would cost you ~70/month for small instance plus ~41/ month for SSL that supports all browser.
For WebRole you can get XS instance and add your own SSL for free, which means ~$15 per month
and you have a custom domain with SSL.
For multi-tenant website check out
Multi-tenant Azure dynamic wildcard CName
A web role is a virtual machine that hosts multiple websites
This is a common question, and I would like to give out an excerpt from msdn.
Access to services like Caching, Service Bus, Storage, SQL Azure Database- WebSite:Yes WebRole:Yes
Support for ASP.NET, classic ASP, Node.js, PHP- WebSite: Yes WebRole:Yes
Shared content and configuration- WebSite:Yes WebRole:No
Deploy code with GIT, FTP- WebSite:Yes WebRole:No
Near-instant deployment-WebSite:Yes WebRole:No
Integrated MySQL-as-a-service support-WebSite:Yes WebRole:Yes
Multiple deployment environments (production and staging)-WebSite:No WebRole:Yes
Network isolation-WebSite:No WebRole:Yes
Remote desktop access to servers-WebSite:No WebRole:Yes
Ability to run programs with elevated permissions-WebSite:No WebRole:Yes
Ability to define/execute start-up tasks-WebSite:No WebRole:Yes
Ability to use unsupported frameworks or libraries-WebSite:No WebRole:Yes
Support for Windows Azure Connect/ Windows Azure Network-WebSite:No WebRole:Yes
To get a more in detail, visit this link: http://blogs.msdn.com/b/silverlining/archive/2012/06/27/windows-azure-websites-web-roles-and-vms-when-to-use-which.aspx
What are the material differences between the new Azure Web Sites and the traditional Azure Web Roles for an ASP.NET MVC application? What reason would I choose a "web site" over a "web role" or vice versa?
Let's assume that I would need equal capacity in either case (e.g. 2 small instances). The prices seem comparable other than the fact that there is a 33% temporary discount for web sites while they are in their preview period.
Are there things that I can do with a "web site" that are difficulty or impossible with a web role? For example, does it become easy to put multiple web sites in a single set of VMs using "web sites"? Do I lose anything with a "web site" vs a "web role"? Ability to fine tune IIS? Ability to use the Cache service locally?
Web Roles give you several features beyond Web Apps (formerly Web Sites):
Ability to run elevated startup scripts to install apps, modify registry settings, install performance counters, fine-tune IIS, etc.
Ability to split an app up into tiers (maybe Web Role for front end, Worker Role for backend processing) and scale independently
Ability to RDP into your VM for debugging purposes
Network isolation
Dedicated virtual IP address, which allows web role instances in a cloud service to access IP-restricted Virtual Machines
ACL-restricted endpoints (added in Azure SDK 2.3, April 2014)
Support for any TCP/UDP ports (Web Sites are restricted to TCP 80/443)
Web Apps have advantages over Web Roles though:
Near-instant deployment with deployment history / rollbacks
Visual Studio Online, github, local git, ftp, CodePlex, DropBox, BitBucket deployment support
Ability to roll out one of numerous CMS's and frameworks, (like WordPress, Joomla, Django, MediaWiki, etc.)
Use of SQL Database or MySQL
Simple and fast to scale from free tier to shared tier to dedicated tier
Web Jobs
Backups of Web Site content
Built-in web-based debugging tools (simple cmd/powershell debug console, process explorer, diagnostic tools like log streaming, etc.)
With the April 2014 and September 2014 rollouts, there are now some features common to both Web Apps and Web Roles (and Worker Roles), including:
Staging+production slots
Wildcard DNS, SSL certificates
Visual Studio integration
Traffic Manager support
Virtual Network support
Here's a screengrab I took from the Web Sites gallery selection form:
I think Web Apps are a great way to get up and running quickly, where you can move from shared to reserved resources. Once you outgrow this, you can then move up to Web Roles and expand as you need.
EDIT 2014: For what it's worth, a lot of the info in this answer is no longer correct - see comments.
Add more to #David response:
With Windows Azure Websites, you don't have control over IIS or web Server because you are using a resources slice along with hundreds of other website on the same machine, you are sharing resources like any other so there is no control over IIS.
The big difference between a website shared and Azure web role is that a web-site is considered process bound while roles are VM bound.
Websites are stored on a content share which is accessible from all the "web servers" in the farm so there is no replication or anything like that required.
Windows Azure websites can not have their own host name instead they must use websitename.azurewebsites.net only and you sure can use CNAME setting in your DNS provider to route your request exactly same with previous Windows Azure Role only when they are running in reserved mode. CNAME setting is not supported for shared websites.
I've just posted a comprehensive blog post on this very subject at http://robdmoore.id.au/blog/2012/06/09/windows-azure-web-sites-vs-web-roles/.
An excerpt from my conclusion: If you need enormous scale, SSL, Asian or West US data centres, a non-standard configuration (of IIS, ports, diagnostics, security certs or start up scripts), RDP or cost-effective Worker Roles (combined with your Web Role) then you are going to have to stick to Web Roles for now.
Otherwise, Web Sites is a great option!
Azure Web Role is like a virtual private host. You get a VM that acts as your web server, and you own that VM instance.
Azure Web Sites are like an elastic shared hosting service. You deploy your app to a web server that is not controlled by you and which also servers other users' sites. You can scale your site up and down (at some extra charge) to make it more elastic as your resource needs shift.
There is one more scenario that is up the air: After these 500 exceptions are eliminated, they haven't said anything about the ability of Azure Websites to handle wildcard CNAME's. Several of us are using Nate's Web Role Accelerator in Cloud Services, becuase a one-line hack provided wildcard subdomain capability in Nate's software. We can't move these wildcard subdomain apps until we know that Azure Websites will be able to handle them. If it won't ever be able to do that, then it goes down as a positive on the Web Role side of the equation. Also of note is that with pricing being exactly the same (after the preview discount expires), I'm not sure I want to give up my access to RDC and Event Viewer (just to mention two things).
Azure Web Sites enables you to build highly scalable web sites quickly on Azure. You can use the Azure Portal or the command-line tools to set up a web site with popular languages such as .NET, PHP, Node.js, and Python. Supported frameworks are already deployed and do not require more installation steps. The Azure Web Sites gallery contains many third-party applications, such as Drupal and WordPress as well as development frameworks such as Django and CakePHP. After creating a site, you can either migrate an existing web site or build a completely new web site. Web Sites eliminates the need to manage the physical hardware, and it also provides several scaling options. You can move from a shared multi-tenant model to a standard mode where dedicated machines service incoming traffic. Web Sites also enable you to integrate with other Azure services, such as SQL Database, Service Bus, and Storage. Using the Azure WebJobs SDK preview, you can add background processing. In summary, Azure Web Sites make it easier to focus on application development by supporting a wide range of languages, open source applications, and deployment methodologies (FTP, Git, Web Deploy, or TFS). If you don’t have specialized requirements that require Cloud Services or Virtual Machines, an Azure Web Site is most likely the best choice.
Cloud Services enable you to create highly-available, scalable web applications in a rich Platform as a Service (PaaS) environment. Unlike Web Sites, a cloud service is created first in a development environment, such as Visual Studio, before being deployed to Azure. Frameworks, such as PHP, require custom deployment steps or tasks that install the framework on role startup. The main advantage of Cloud Services is the ability to support more complex multitier architectures. A single cloud service could consist of a frontend web role and one or more worker roles. Each tier can be scaled independently. There is also an increased level of control over your web application infrastructure. For example, you can remote desktop onto the machines that are running the role instances. You can also script more advanced IIS and machine configuration changes that run at role startup, including tasks that require administrator control.
Virtual Machines enable you to run web applications on virtual machines in Azure. This capability is also known as Infrastructure as a Service (IaaS). Create new Windows Server or Linux machines through the portal, or upload an existing virtual machine image. Virtual Machines give you the most control over the operating system, configuration, and installed software and services. This is a good option for quickly migrating complex on-premises web applications to the cloud, because the machines can be moved as a whole. With Virtual Networks, you can also connect these virtual machines to on-premises corporate networks. As with Cloud Services, you have remote access to these machines and the ability to perform configuration changes at the administrative level. However, unlike Web Sites and Cloud Services, you must manage your virtual machine images and application architecture completely at the infrastructure level. One basic example is that you have to apply your own patches to the operating system.
See updated and comprehensive comparison from this link: http://azure.microsoft.com/en-us/documentation/articles/choose-web-site-cloud-service-vm/
Azure Websites, Web Workers and Virtual Machines are three different computing approaches available on Windows Azure. They differ in the level of control and responsibilities:
Azure Website have lowest level of control, but you don't care about keeping in health virtual machine and IIS, because Azure stuff do this for you
Web Roles give you more control (traffic manager, remote desktop), but more administration is possible on your side which means that you can break something via remote desktop for example
Virtual Machines gives you full control of VM, so require the most administration efforts.
There is no one best choice, because it depends on what level of control you need, what features you need and what you want to leave Azure stuff to maintain. And it is big topic..
Please look at this articles for more information to make more informed choice:
http://www.windowsazure.com/en-us/documentation/articles/choose-web-site-cloud-service-vm/
http://davidpallmann.blogspot.com/2012/06/reintroducing-windows-azure-part-2.html
It boils down to tradeoff between ease of use and capabilities.
Two more things I found was cost of getting SSL for a custom domain site and Multi-tenant configurations.
For website you need to pay monthly on top of standard instance (Small instance is the cheapest option). This means in order to get custom domain https would cost you ~70/month for small instance plus ~41/ month for SSL that supports all browser.
For WebRole you can get XS instance and add your own SSL for free, which means ~$15 per month
and you have a custom domain with SSL.
For multi-tenant website check out
Multi-tenant Azure dynamic wildcard CName
A web role is a virtual machine that hosts multiple websites
This is a common question, and I would like to give out an excerpt from msdn.
Access to services like Caching, Service Bus, Storage, SQL Azure Database- WebSite:Yes WebRole:Yes
Support for ASP.NET, classic ASP, Node.js, PHP- WebSite: Yes WebRole:Yes
Shared content and configuration- WebSite:Yes WebRole:No
Deploy code with GIT, FTP- WebSite:Yes WebRole:No
Near-instant deployment-WebSite:Yes WebRole:No
Integrated MySQL-as-a-service support-WebSite:Yes WebRole:Yes
Multiple deployment environments (production and staging)-WebSite:No WebRole:Yes
Network isolation-WebSite:No WebRole:Yes
Remote desktop access to servers-WebSite:No WebRole:Yes
Ability to run programs with elevated permissions-WebSite:No WebRole:Yes
Ability to define/execute start-up tasks-WebSite:No WebRole:Yes
Ability to use unsupported frameworks or libraries-WebSite:No WebRole:Yes
Support for Windows Azure Connect/ Windows Azure Network-WebSite:No WebRole:Yes
To get a more in detail, visit this link: http://blogs.msdn.com/b/silverlining/archive/2012/06/27/windows-azure-websites-web-roles-and-vms-when-to-use-which.aspx