Udaiappa Ramachandran, profile picture
Uploaded byUdaiappa Ramachandran
PPTX, PDF729 views

Azure Web Apps Advanced Security

The document outlines Azure Web Apps advanced security features, including web application firewalls, app gateways, and secure deployment practices. It emphasizes the integration of Azure services such as key vaults and virtual networks, and addresses common deployment issues with client authorization and firewall configurations. The agenda covers topics like app service environments, deployment scenarios, and essential resources for further understanding.

Technology
Related topics:
web-apps

Embed presentation

Downloaded 16 times
Azure WebApps – Advanced Security Udaiappa Ramachandran ( Udai ) LinkedIn://linkedin.com/in/udair Twitter: @nhcloud
Who am I? • Udaiappa Ramachandran ( Udai ) • CTO, Akumina, Inc., • Consultant • Focus on Cloud Computing • Microsoft Azure, Amazon Web Services and Google • New Hampshire Cloud User Group (http://www.meetup.com/nashuaug ) • http://cloudycode.wordpress.com • @nhcloud
Agenda • Introduction to Web Apps • App Gateway • VNET Service Endpoints • App Service Environment • WebApp Deployment Scenarios • PowerShell Provisioning • References
Web Apps • Multiple languages and frameworks • DevOps optimization • Global scale with high availability • Connections to SaaS platforms and on-premises data • Security and compliance • Application templates • Visual Studio integration • API and mobile features • Hosts Windows, Linux, Dockers, Mobile and Serverless code
App Gateway • Web Traffic Load balancer • Protects your workload • Web application firewall (OWASP 3.0 or 2.2.9 ruleset) • URL-based routing • Multiple-site hosting • Multi-tenant • Auto scaling and zone redundancy • Redirection • Global redirection • Path-based redirection (ex., /cart/*) • Redirect to external site • Cookie based session affinity • WebSocket and HTTP/2 traffic • Health Monitoring • Static VIP
VNET Service Endpoints • Generally available • Azure Storage: Generally available in all Azure regions. • Azure SQL Database: Generally available in all Azure regions. • Azure Database for PostgreSQL server: Generally available in Azure regions where database service is available. • Azure Database for MySQL server: Generally available in Azure regions where database service is available. • Azure Cosmos DB: Generally available in all Azure public cloud regions. • Azure Key Vault: Generally available in all Azure public cloud regions. • Preview • Azure SQL Data Warehouse: Available in preview in all Azure public cloud regions. • Azure Service Bus: Available in preview. • Azure Event Hubs: Available in preview. • Azure Data Lake Store Gen 1: Available in preview.
Deployment - Simple • Store Sensitive details such as connection string to Key Vault • Enable Identity (MSI- Managed Service Identity) to access the key vault
Deployment – With App Gateway • Store Sensitive details such as connection string to Key Vault • Use Identity to access the key vault • Configure App Gateway as a Whitelist IP to Web App • Enable WAF on App Gateway with Detection or Prevention mode • Deploy App Gateway into multiple Zones • Assign right size based on the WebApp Content Response
Deployment-VNET Client • Point-to-Site VPN • User Action • Need whitelist IP to work with other services such as Storage, Key Vault, etc., • Store Sensitive details such as connection string to Key Vault • Use Identity to access the key vault • Configure App Gateway as a Whitelist IP to Web App • Enable WAF on App Gateway with Detection or Prevention mode • Deploy App Gateway into multiple Zones • Assign right size based on the WebApp Content Response
WebApp and VNET Client Issues • Client address (40.79.65.200) is not authorized and caller is not a trusted service Create a VM, install any software and configure including any ports • 403 Forbidden message from Azure Storage • It is by design that we cannot enable the Azure Storage firewall if the Azure App Service and Azure Storage Account are in the same region • The public multi-tenant App Service does not support integration with the Service Endpoints + Firewall feature of Azure Storage • Allow trusted Microsoft services to access this storage account • Add the Outbound IP Address • 403 Forbidden message from Key Vault • The public multi-tenant App Service does not support integration with the Service Endpoints + Firewall feature of Azure Storage • Allow trusted Microsoft services to bypass this firewall • Add the Outbound IP Address
App Service Environment • External ASE • Internal ASE
Deployment – VNET (ASE) • Site-to-Site VPN • User Action: • Store Sensitive details such as connection string to Key Vault • Use Identity to access the key vault • Configure App Gateway as a Whitelist IP to Web App • Enable WAF on AppGateway with Detection or Prevention mode • Deploy App Gateway into multiple Zones • Assign right size based on the WebApp Content Response
Demo • App Gateway • VNET Client • VNET – ASE • PowerShell
References • VNET Service Endpoints: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints- overview • Integrate your app with an Azure Virtual Network: https://docs.microsoft.com/en-us/azure/app-service/web-sites- integrate-with-vnet • Application Gate way: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-introduction • Multi-tenant back ends: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-web-app- overview • URL-based routing: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway- introduction#url-based-routing • Application Gate way FAQ: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-faq • URL path-based redirection: https://docs.microsoft.com/en-us/azure/application-gateway/tutorial-url-redirect- powershell • About ASEs: https://docs.microsoft.com/en-us/azure/app-service/environment/intro • Network Architecture of an ASE: https://docs.microsoft.com/en-us/azure/app-service/environment/network-info • Trusted Microsoft Services: https://docs.microsoft.com/en-us/azure/storage/common/storage-network- security#trusted-microsoft-services • How to create an ASE: • External ASE: https://docs.microsoft.com/en-us/azure/app-service/environment/create-external-ase • Internal ASE: https://docs.microsoft.com/en-us/azure/app-service/environment/create-ilb-ase
Thank you for attending New Hampshire Code Camp (@NHCodecamp) 2018

More Related Content

PPTX
Azure App Service Deep Dive
byAzure Riyadh User Group
 
PPTX
Azure staticwebapps
byUdaiappa Ramachandran
 
PPTX
Azure functions serverless
byUdaiappa Ramachandran
 
PPTX
Azure PaaS (WebApp & SQL Database) workshop solution
byGelis Wu
 
PPTX
Azure Automation and Update Management
byUdaiappa Ramachandran
 
PPTX
Intro to Azure Static Web Apps
byMoaid Hathot
 
PPTX
What is Azure development?-MS Azure development
byZabeel Institute
 
PPTX
Azure cloud for the web frontend developers
byMaxim Salnikov
 
Azure App Service Deep Dive
byAzure Riyadh User Group
 
Azure staticwebapps
byUdaiappa Ramachandran
 
Azure functions serverless
byUdaiappa Ramachandran
 
Azure PaaS (WebApp & SQL Database) workshop solution
byGelis Wu
 
Azure Automation and Update Management
byUdaiappa Ramachandran
 
Intro to Azure Static Web Apps
byMoaid Hathot
 
What is Azure development?-MS Azure development
byZabeel Institute
 
Azure cloud for the web frontend developers
byMaxim Salnikov
 

What's hot

PDF
Azure web apps
byVaibhav Gujral
 
PDF
Develop enterprise-ready applications for Microsoft Teams
byMarkus Moeller
 
PPTX
Azure signalr service
byUdaiappa Ramachandran
 
PDF
Azure App Services
byAzure Riyadh User Group
 
PDF
Azure API Manegement Introduction and Integeration with BizTalk
byShailesh Dwivedi
 
PPTX
2 Speed IT powered by Microsoft Azure and Minecraft
bySriram Hariharan
 
PDF
SERVERLESS MIDDLEWARE IN AZURE FUNCTIONS
byCodeOps Technologies LLP
 
PDF
Design and Configure Azure App Service Web Apps
byRoy Kim
 
PPTX
Azure sql introduction
byManishK55
 
PPTX
Azure Web Apps - Introduction
byChristopher Gomez
 
PDF
Sitecore hosted on azure
byJeremy (Jerry) Norman-Nott
 
PPTX
Azure fundamental -Introduction
byManishK55
 
PPTX
Azure serverless architectures
byBenoit Le Pichon
 
PDF
O365Con18 - Connect SharePoint Framework Solutions to API's secured with Azur...
byNCCOMMS
 
PPTX
Four Scenarios for Using an Integration Service Environment (ISE)
byDaniel Toomey
 
PPTX
Intro to docker and kubernetes
byMohit Chhabra
 
PPTX
The new Azure App Service Architecture
byJoão Pedro Martins
 
PPTX
Azure functions
byvivek p s
 
PPTX
Durable Azure Functions
byPushkar Saraf
 
PDF
Azure Cloud Dev Camp - App Platform
bygiventocode
 
Azure web apps
byVaibhav Gujral
 
Develop enterprise-ready applications for Microsoft Teams
byMarkus Moeller
 
Azure signalr service
byUdaiappa Ramachandran
 
Azure App Services
byAzure Riyadh User Group
 
Azure API Manegement Introduction and Integeration with BizTalk
byShailesh Dwivedi
 
2 Speed IT powered by Microsoft Azure and Minecraft
bySriram Hariharan
 
SERVERLESS MIDDLEWARE IN AZURE FUNCTIONS
byCodeOps Technologies LLP
 
Design and Configure Azure App Service Web Apps
byRoy Kim
 
Azure sql introduction
byManishK55
 
Azure Web Apps - Introduction
byChristopher Gomez
 
Sitecore hosted on azure
byJeremy (Jerry) Norman-Nott
 
Azure fundamental -Introduction
byManishK55
 
Azure serverless architectures
byBenoit Le Pichon
 
O365Con18 - Connect SharePoint Framework Solutions to API's secured with Azur...
byNCCOMMS
 
Four Scenarios for Using an Integration Service Environment (ISE)
byDaniel Toomey
 
Intro to docker and kubernetes
byMohit Chhabra
 
The new Azure App Service Architecture
byJoão Pedro Martins
 
Azure functions
byvivek p s
 
Durable Azure Functions
byPushkar Saraf
 
Azure Cloud Dev Camp - App Platform
bygiventocode
 

Similar to Azure Web Apps Advanced Security

PPTX
Design Practices for a Secure Azure Solution
byMichele Leroux Bustamante
 
PPTX
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
byLorenzo Barbieri
 
PPTX
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
byThuan Ng
 
PPTX
Developing Solutions for Azure - Best Practices
byFisnik Doko
 
PPTX
Demystifying Azure App Service Networking
byMohamed Wali
 
PPTX
ciplaasfqewfefewtwegndkvndsgjbsdz-dfafd.pptx
bykreshenka
 
PPTX
Microsoft Windows Azure Platform Appfabric for Technical Decision Makers
byMicrosoft Private Cloud
 
PPTX
App modernization in 2020 and beyond. Radu Vunvulea
byRadu Vunvulea
 
PPTX
AZ-900T00A-ENU-PowerPoint-02.pptx
byTheGameSquad
 
PPTX
Azure presentation nnug dec 2010
byEthos Technologies
 
PPTX
671956595-Az-900t00a-Enu-Powerpoint-02.pptx
byranandraj2
 
PPTX
CCI2018 - Azure Network - Security Best Practices
bywalk2talk srl
 
PPTX
AZ-900 Azure Fundamentals Slideshow number 2.pptx
byBhuvanaGowda9
 
PPTX
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
byEuropean Collaboration Summit
 
PPTX
Azure Web App services
byAlexey Bokov
 
PPTX
MS Cloud day - Understanding and implementation on Windows Azure platform sec...
bySpiffy
 
PDF
02microsoftazurefundamentalsworkloads1606403971632.pdf
byjazzboss
 
PDF
Simplify and Scale Enterprise Spring Apps in the Cloud | March 23, 2023
byVMware Tanzu
 
PPTX
Secure your web app presentation
byFrans Lytzen
 
PDF
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
byMSAdvAnalytics
 
Design Practices for a Secure Azure Solution
byMichele Leroux Bustamante
 
How do you protect a hybrid PaaS-IaaS solution, built entirely in the cloud?
byLorenzo Barbieri
 
Design a Secure Azure IaaS - Lesson Learnt from Government Cloud
byThuan Ng
 
Developing Solutions for Azure - Best Practices
byFisnik Doko
 
Demystifying Azure App Service Networking
byMohamed Wali
 
ciplaasfqewfefewtwegndkvndsgjbsdz-dfafd.pptx
bykreshenka
 
Microsoft Windows Azure Platform Appfabric for Technical Decision Makers
byMicrosoft Private Cloud
 
App modernization in 2020 and beyond. Radu Vunvulea
byRadu Vunvulea
 
AZ-900T00A-ENU-PowerPoint-02.pptx
byTheGameSquad
 
Azure presentation nnug dec 2010
byEthos Technologies
 
671956595-Az-900t00a-Enu-Powerpoint-02.pptx
byranandraj2
 
CCI2018 - Azure Network - Security Best Practices
bywalk2talk srl
 
AZ-900 Azure Fundamentals Slideshow number 2.pptx
byBhuvanaGowda9
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
byEuropean Collaboration Summit
 
Azure Web App services
byAlexey Bokov
 
MS Cloud day - Understanding and implementation on Windows Azure platform sec...
bySpiffy
 
02microsoftazurefundamentalsworkloads1606403971632.pdf
byjazzboss
 
Simplify and Scale Enterprise Spring Apps in the Cloud | March 23, 2023
byVMware Tanzu
 
Secure your web app presentation
byFrans Lytzen
 
Cortana Analytics Workshop: Cortana Analytics -- Security, Privacy & Compliance
byMSAdvAnalytics
 

More from Udaiappa Ramachandran

PPTX
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
PPTX
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
PPTX
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
PPTX
Building Enterprise Agents with Azure AI Search: From RAG to Agentic Retrieval
byUdaiappa Ramachandran
 
PPTX
Transform Any Website into a Conversational Experience with NLWeb
byUdaiappa Ramachandran
 
PPTX
Scalable Multi-Agent AI with AutoGen by Udai
byUdaiappa Ramachandran
 
PPTX
Building .NET AI Applications with Google AI: Leveraging Vertex AI and Gemini
byUdaiappa Ramachandran
 
PPTX
Microsoft Fabric by Udaiappa Ramachandran.pptx
byUdaiappa Ramachandran
 
PPTX
.NET Aspire Presentation by Udaiappa Ramachandran
byUdaiappa Ramachandran
 
PPTX
AI-Driven Dynamic Data Querying and Visualization with KQL and SQL
byUdaiappa Ramachandran
 
PPTX
Advanced Application Protection with Azure WAF
byUdaiappa Ramachandran
 
PPTX
RAG Patterns and Vector Search in Generative AI
byUdaiappa Ramachandran
 
PPTX
Level up your security using Intune.pptx
byUdaiappa Ramachandran
 
PPTX
Building AI-Driven Apps Using Semantic Kernel.pptx
byUdaiappa Ramachandran
 
PPTX
AI-Plugins-Planners-Persona-SemanticKernel.pptx
byUdaiappa Ramachandran
 
PPTX
DOTNET8.pptx
byUdaiappa Ramachandran
 
PPTX
AzureSynapse.pptx
byUdaiappa Ramachandran
 
PPTX
Vector Search using OpenAI in Azure Cognitive Search.pptx
byUdaiappa Ramachandran
 
PPTX
SecureAzureServicesUsingADAuthentication.pptx
byUdaiappa Ramachandran
 
PPTX
AzureOpenAI.pptx
byUdaiappa Ramachandran
 
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
Building Agents in Microsoft Agent Framework.pptx
byUdaiappa Ramachandran
 
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
Building Enterprise Agents with Azure AI Search: From RAG to Agentic Retrieval
byUdaiappa Ramachandran
 
Transform Any Website into a Conversational Experience with NLWeb
byUdaiappa Ramachandran
 
Scalable Multi-Agent AI with AutoGen by Udai
byUdaiappa Ramachandran
 
Building .NET AI Applications with Google AI: Leveraging Vertex AI and Gemini
byUdaiappa Ramachandran
 
Microsoft Fabric by Udaiappa Ramachandran.pptx
byUdaiappa Ramachandran
 
.NET Aspire Presentation by Udaiappa Ramachandran
byUdaiappa Ramachandran
 
AI-Driven Dynamic Data Querying and Visualization with KQL and SQL
byUdaiappa Ramachandran
 
Advanced Application Protection with Azure WAF
byUdaiappa Ramachandran
 
RAG Patterns and Vector Search in Generative AI
byUdaiappa Ramachandran
 
Level up your security using Intune.pptx
byUdaiappa Ramachandran
 
Building AI-Driven Apps Using Semantic Kernel.pptx
byUdaiappa Ramachandran
 
AI-Plugins-Planners-Persona-SemanticKernel.pptx
byUdaiappa Ramachandran
 
DOTNET8.pptx
byUdaiappa Ramachandran
 
AzureSynapse.pptx
byUdaiappa Ramachandran
 
Vector Search using OpenAI in Azure Cognitive Search.pptx
byUdaiappa Ramachandran
 
SecureAzureServicesUsingADAuthentication.pptx
byUdaiappa Ramachandran
 
AzureOpenAI.pptx
byUdaiappa Ramachandran
 

Recently uploaded

PPTX
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
PDF
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
PDF
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
Python Automation in Action: Real-World Use Cases and Practical Implementation
byDenys Smirnov
 
PDF
Advanced SELinux Management - RHCSA (RH134).pdf
byLinuxCert Guru
 
PPTX
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PPTX
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
PDF
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
PDF
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
PDF
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
PDF
BEP-20 Token on BNB Chain: From Concept to Deployment.pdf
byimoliviabennett
 
PDF
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
PDF
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
Designing a Blog Using Wordpress
bymarkzubi50
 
PDF
AI for Risk Management & Fraud Detection ppt.pdf
byalexmartincaneda
 
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
UiPath Automation Developer Associate Training Series 2026 - Session 2
byDianaGray10
 
Configure and Manage Systemd Timers- RHCSA (RH134).pdf
byLinuxCert Guru
 
Python Automation in Action: Real-World Use Cases and Practical Implementation
byDenys Smirnov
 
Advanced SELinux Management - RHCSA (RH134).pdf
byLinuxCert Guru
 
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
The Emergence of Empathic XR: AWE Asia 2026 keynote
byMark Billinghurst
 
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
Track Phone Location via Number (2026)_ What Actually Works, What’s a Scam, a...
byEmily Woods
 
BEP-20 Token on BNB Chain: From Concept to Deployment.pdf
byimoliviabennett
 
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
From DeFi POC to Production MVP - A 12-16 Week Blueprint.pdf
byniahiggins21
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
Designing a Blog Using Wordpress
bymarkzubi50
 
AI for Risk Management & Fraud Detection ppt.pdf
byalexmartincaneda
 

Azure Web Apps Advanced Security

  • 1.
    Azure WebApps –Advanced Security Udaiappa Ramachandran ( Udai ) LinkedIn://linkedin.com/in/udair Twitter: @nhcloud
  • 2.
    Who am I? •Udaiappa Ramachandran ( Udai ) • CTO, Akumina, Inc., • Consultant • Focus on Cloud Computing • Microsoft Azure, Amazon Web Services and Google • New Hampshire Cloud User Group (http://www.meetup.com/nashuaug ) • http://cloudycode.wordpress.com • @nhcloud
  • 3.
    Agenda • Introduction toWeb Apps • App Gateway • VNET Service Endpoints • App Service Environment • WebApp Deployment Scenarios • PowerShell Provisioning • References
  • 4.
    Web Apps • Multiplelanguages and frameworks • DevOps optimization • Global scale with high availability • Connections to SaaS platforms and on-premises data • Security and compliance • Application templates • Visual Studio integration • API and mobile features • Hosts Windows, Linux, Dockers, Mobile and Serverless code
  • 5.
    App Gateway • WebTraffic Load balancer • Protects your workload • Web application firewall (OWASP 3.0 or 2.2.9 ruleset) • URL-based routing • Multiple-site hosting • Multi-tenant • Auto scaling and zone redundancy • Redirection • Global redirection • Path-based redirection (ex., /cart/*) • Redirect to external site • Cookie based session affinity • WebSocket and HTTP/2 traffic • Health Monitoring • Static VIP
  • 6.
    VNET Service Endpoints •Generally available • Azure Storage: Generally available in all Azure regions. • Azure SQL Database: Generally available in all Azure regions. • Azure Database for PostgreSQL server: Generally available in Azure regions where database service is available. • Azure Database for MySQL server: Generally available in Azure regions where database service is available. • Azure Cosmos DB: Generally available in all Azure public cloud regions. • Azure Key Vault: Generally available in all Azure public cloud regions. • Preview • Azure SQL Data Warehouse: Available in preview in all Azure public cloud regions. • Azure Service Bus: Available in preview. • Azure Event Hubs: Available in preview. • Azure Data Lake Store Gen 1: Available in preview.
  • 7.
    Deployment - Simple •Store Sensitive details such as connection string to Key Vault • Enable Identity (MSI- Managed Service Identity) to access the key vault
  • 8.
    Deployment – WithApp Gateway • Store Sensitive details such as connection string to Key Vault • Use Identity to access the key vault • Configure App Gateway as a Whitelist IP to Web App • Enable WAF on App Gateway with Detection or Prevention mode • Deploy App Gateway into multiple Zones • Assign right size based on the WebApp Content Response
  • 9.
    Deployment-VNET Client • Point-to-SiteVPN • User Action • Need whitelist IP to work with other services such as Storage, Key Vault, etc., • Store Sensitive details such as connection string to Key Vault • Use Identity to access the key vault • Configure App Gateway as a Whitelist IP to Web App • Enable WAF on App Gateway with Detection or Prevention mode • Deploy App Gateway into multiple Zones • Assign right size based on the WebApp Content Response
  • 10.
    WebApp and VNETClient Issues • Client address (40.79.65.200) is not authorized and caller is not a trusted service Create a VM, install any software and configure including any ports • 403 Forbidden message from Azure Storage • It is by design that we cannot enable the Azure Storage firewall if the Azure App Service and Azure Storage Account are in the same region • The public multi-tenant App Service does not support integration with the Service Endpoints + Firewall feature of Azure Storage • Allow trusted Microsoft services to access this storage account • Add the Outbound IP Address • 403 Forbidden message from Key Vault • The public multi-tenant App Service does not support integration with the Service Endpoints + Firewall feature of Azure Storage • Allow trusted Microsoft services to bypass this firewall • Add the Outbound IP Address
  • 11.
    App Service Environment •External ASE • Internal ASE
  • 12.
    Deployment – VNET(ASE) • Site-to-Site VPN • User Action: • Store Sensitive details such as connection string to Key Vault • Use Identity to access the key vault • Configure App Gateway as a Whitelist IP to Web App • Enable WAF on AppGateway with Detection or Prevention mode • Deploy App Gateway into multiple Zones • Assign right size based on the WebApp Content Response
  • 13.
    Demo • App Gateway •VNET Client • VNET – ASE • PowerShell
  • 14.
    References • VNET ServiceEndpoints: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints- overview • Integrate your app with an Azure Virtual Network: https://docs.microsoft.com/en-us/azure/app-service/web-sites- integrate-with-vnet • Application Gate way: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-introduction • Multi-tenant back ends: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-web-app- overview • URL-based routing: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway- introduction#url-based-routing • Application Gate way FAQ: https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-faq • URL path-based redirection: https://docs.microsoft.com/en-us/azure/application-gateway/tutorial-url-redirect- powershell • About ASEs: https://docs.microsoft.com/en-us/azure/app-service/environment/intro • Network Architecture of an ASE: https://docs.microsoft.com/en-us/azure/app-service/environment/network-info • Trusted Microsoft Services: https://docs.microsoft.com/en-us/azure/storage/common/storage-network- security#trusted-microsoft-services • How to create an ASE: • External ASE: https://docs.microsoft.com/en-us/azure/app-service/environment/create-external-ase • Internal ASE: https://docs.microsoft.com/en-us/azure/app-service/environment/create-ilb-ase
  • 15.
    Thank you forattending New Hampshire Code Camp (@NHCodecamp) 2018

Editor's Notes

  • #5 Multiple languages and frameworks - Web Apps has first-class support for ASP.NET, ASP.NET Core, Java, Ruby, Node.js, PHP, or Python. You can also run PowerShell and other scripts or executables as background services. DevOps optimization - Set up continuous integration and deployment with Azure DevOps, GitHub, BitBucket, Docker Hub, or Azure Container Registry. Promote updates through test and staging environments. Manage your apps in Web Apps by using Azure PowerShell or the cross-platform command-line interface (CLI). Global scale with high availability - Scale up or out manually or automatically. Host your apps anywhere in Microsoft's global datacenter infrastructure, and the App Service SLA promises high availability. Connections to SaaS platforms and on-premises data - Choose from more than 50 connectors for enterprise systems (such as SAP), SaaS services (such as Salesforce), and internet services (such as Facebook). Access on-premises data using Hybrid Connections and Azure Virtual Networks. Security and compliance - App Service is ISO, SOC, and PCI compliant. Authenticate users with Azure Active Directory or with social login (Google, Facebook, Twitter, and Microsoft). Create IP address restrictions and manage service identities. Application templates - Choose from an extensive list of application templates in the Azure Marketplace, such as WordPress, Joomla, and Drupal. Visual Studio integration - Dedicated tools in Visual Studio streamline the work of creating, deploying, and debugging. API and mobile features - Web Apps provides turn-key CORS support for RESTful API scenarios, and simplifies mobile app scenarios by enabling authentication, offline data sync, push notifications, and more. Serverless code - Run a code snippet or script on-demand without having to explicitly provision or manage infrastructure, and pay only for the compute time your code actually uses (see Azure Functions).
  • #6 Open Web Application Security Project Global redirection Redirects from one listener to another listener on the gateway. This enables HTTP to HTTPS redirection on a site. Path-based redirection This type of redirection enables HTTP to HTTPS redirection only on a specific site area, for example a shopping cart area denoted by /cart/*. Redirect to external site Public IP(optional)->FrontEndPort<-Listener(host,port,certificate)->Rule(where to go)->httpsettings(protocol,port,certificate)->backend pool (paas,iass,lb), probe(protocol,host,path,port) Proble helps to track the healthiness
  • #10 Point-to-Site VPN
  • #12 External ASE: Exposes the ASE-hosted apps on an internet-accessible IP address. For more information, see Create an External ASE. ILB ASE: Exposes the ASE-hosted apps on an IP address inside your VNet. The internal endpoint is an internal load balancer (ILB), which is why it's called an ILB ASE. For more information, see Create and use an ILB ASE.