S
Stefan Schackow
Welcome to Ignite 2023!
App Service team members will be presenting at the session "Unlock Innovation with AI by Migrating Enterprise Apps to App Service" on Wednesday November 15th (11:45AM to 12:30PM Pacific time - Level 4 Room 425 - In-Person and Live-streamed). Tune in to see demonstrations of the new Azure Migrate application and code assessment capabilities, the new Microsoft Copilot for Azure and the App Service Conversational Diagnostics experience, and upcoming previews of sidecar extensibility on Linux App Service as well as WebJobs support for both Linux App Service and Windows Containers on App Service. The team will also be walking through how developers can securely connect to Azure OpenAI from App Service leveraging the recent GA of gRPC on Linux App Service to enhance an existing Java application with an AI-powered chat experience!
Additional guidance on developing applications using Azure AI services in conjunction with a variety of Azure developer focused PaaS services is also available in this excellent article that demonstrates various building blocks and reference architectures!
As a handy reference for Ignite attendees (both remote and in-person), listed below are additional sessions covering App Service:
Read on to learn more about everything being announced and released for App Service at Ignite 2023!
New Application and Code Assessment Features for Web Apps
Developers looking to assess and migrate web applications to App Service have new capabilities announced at Ignite 2023 with the Azure Migrate application and code assessment features for .NET and Java! The new capabilities support both Java and .NET workloads, providing application assessments in preparation for application migration to a variety of compute targets in Azure including Azure App Service!
For .NET developers, the new tooling plugs into Visual Studio as an extension that makes it easy for developers to analyze their solutions and gain a comprehensive understanding of project structures, architecture, and dependencies. This information is used to create a detailed inventory of applications and their components to identify any potential challenges or limitations. The result is a comprehensive report that provides guidance for re-platforming and modernizing .NET applications in preparation for migration to Azure.
Application and Code Assessment for a .NET Web Application
You can install the new extension directly from inside of Visual Studio via “Manage Visual Studio Extensions”. Read more about the new application and code assessment capabilities at the Azure Migrate Application and Code Assessment blog!
Conversational Diagnostics on Windows App Service
You have a web application that has been successfully running for some time, and suddenly you start receiving customer complaints that some requests are running slowly. What do you do – which tool(s) should you use? What happens if you didn’t set up monitoring earlier, now where do you go to start troubleshooting? With the announcement of the Conversational Diagnostics (Preview) on Windows App Service, customers can use Microsoft Copilot for Azure integrated with the App Service diagnostics and troubleshooting experience!
Microsoft Copilot for Azure Integration with Conversational Diagnostics
Starting today when customers click on “Diagnose and Solve problems” in the Overview blade of their web application they can sign up for the preview of the new Conversational Diagnostics troubleshooting experience. Read more about the new features in the Conversational Diagnostics blog post and also stay tuned in the future as the App Service Diagnostics team ships future updates to the new experience!
Sidecar Extensibility on Linux App Service
At Ignite 2023 the team is introducing sidecar extensibility for Linux App Service, enabling scenarios such as integrating Application Performance Monitoring (APM) solutions with apps running on App Service. The new sidecar extensibility feature works for both source-code based web apps as well as web apps deployed using custom containers. Sidecar extensibility makes it straightforward to deploy multiple sidecars with a single web application. An example of the ARM definition for adding sidecar containers using the new App Service sitecontainer ARM object is shown below:
{
"name": "apmsidecar",
"type": "Microsoft.Web/sites/sitecontainer",
"location": "westcentralus",
"properties": {
"name": "apmsidecar",
"image": "ignite2023demoappsvcacr.azurecr.io/apmsidecarrepo/dd-java-ubuntu-amd64-1:1.0",
"targetPort": "3000",
"isMain": false,
"startUpCommand": null,
"userManagedIdentityClientId": "SystemIdentity",
}
...
}
With the new sidecar support App Service will be working with Azure Native ISV Services to enable developers to easily add ISV offerings to their web applications. Sidecar extensibility also enables the integration of web apps with microservices built using the Distributed Application Runtime (Dapr) as well as Dapr components providing services such as messaging, state management and workflow. App Service will be releasing sidecar extensibility into early preview later this year (2023) with broader public preview availability in early 2024.
WebJobs for Linux App Service and Windows Containers
We are delighted to announce that WebJobs is arriving for our Linux App Service and Windows Containers customers! WebJobs are ideal for running arbitrary code, executables, scripts, and background tasks. The new WebJobs capability has multiple options for running your “infrastructure glue”. WebJobs can run continuously in the background, periodically based on a schedule, or on demand when manually invoked. Developers deploy WebJobs alongside web applications, with the WebJobs running on the same set of app service plan instances used by the companion web app. Developers can also create an empty placeholder web app for the sole purpose of deploying a compute-intensive WebJob with all the compute power of the underlying app service plan dedicated to the WebJob.
The new WebJobs support is being demonstrated in action at the App Service session at Ignite 2023 and will enter early preview later this year (2023) with broader public preview availability in early 2024.
NET 8.0 GA , gRPC GA, Wordpress Updates and New Language Support!
.NET 8 GA’d this week and App Service developers can now use .NET 8 GA on both Windows and Linux App Service!
Linux App Service also recently announced gRPC support moved to GA. As a quick recap, gRPC on Linux App Service includes full support for unary calls, server streaming, client streaming, and bi-directional streaming. Developers can use .NET, Python, Node or Java to author back-end gRPC applications on Linux App Service. Samples showing the basics of using gRPC on App Service are available in a GitHub Samples Repo. Also stay tuned in 2024 for gRPC support coming to Windows App Service!
WordPress on Linux App Service was recently updated with a new Free Tier hosting option for running personal and proof-of-concept WordPress sites. The offering includes running the WordPress web application on the Linux App Service Free Tier and the database back-end with the Azure Data for MySQL Free Trial. Try it out and give the team feedback! WordPress on App Service is also now integrated with Azure Communication Services Email to enable Application-to-Person (A2P) email scenarios. Deployment slots on App Service can now be used with WordPress to setup pre-production staging environments - more information about this recent improvement is available in this blog post. Users can also increase performance of their WordPress sites using the just released Azure Cache for Redis integration with WordPress - read more about improving WordPress performance in this announcement! Looking ahead to the next few months the team will be releasing an App Service migration plugin which will help users migrate their WordPress sites from on-premises hosting or any other hosting provider to App Service. Furthermore, integrations with Azure DevOps and Azure Active Directory are planned for release by the end of this year (2023)!
Of course, a round-up of new capabilities wouldn’t be complete without a mention of additional notable new language releases. Node 20 and Python 3.12 were also both just released on App Service! PHP 8.3 is coming later this year. And Java 21 is planned in the next few weeks so Java developers stay tuned! Also, for Java developers, the team has recently released a great set of samples showing how to deploy both source-code and containerized Java applications to App Service.
Secure Deployments with GitHub Actions OpenID Connect Support
App Service just launched the public preview of support for securely publishing web applications via GitHub Actions Open ID Connect (OIDC) integration. OIDC secured publishing makes it much easier for developers to build web applications using GitHub Actions and then securely publish the web applications to App Service.
App Service will generate a user identity on behalf of the web application in Microsoft Entra and then federate the user identity with GitHub. A developer builds their application using a GitHub Actions workflow suitable for their selected language, with the publishing steps in the workflow securely connecting to App Service using the federated user identity. The screenshot below shows how straightforward it is to choose a user-assigned identity for publishing when setting up GitHub integration in the App Service Deployment Center.
New GitHub Actions OIDC Integration
No cleartext credentials are used! Even better, security conscious customers can turn off basic authentication publishing support in App Service and instead rely exclusively on the OIDC based publishing flow.
End-to-End TLS Encryption and TLS 1.3 Support
The service recently enabled a new end-to-end (e2e) TLS encryption feature for web apps running on Linux App Service. By default, inbound TLS connections are terminated on the App Service front-end infrastructure after which the platform front-ends proxy requests within App Service clusters to individual workers over HTTP. When the new e2e TLS feature is enabled, the front-end-->worker network hop is secured with TLS using a platform generated TLS certificate.
Enabling end-to-end TLS encryption
Developers can read more about the capabilities and configuration options for the e2e TLS feature in this recent blog article. Looking ahead to 2024, App Service will also be bringing the e2e TLS feature to Windows App Service as well!
In parallel the team has been incrementally enabling TLS 1.3 across the App Service, Functions and Logic Apps footprints. TLS 1.3 will continue to be progressively deployed across App Service regions throughout the remainder of this year (2023). As a quick retrospective, the Minimum TLS Cipher Suite public preview announced earlier in 2023 at the Build conference will also receive an updated cipher suite order as part of the TLS 1.3 rollout. Developers can look forward to the Cipher Suite feature moving to GA status early in 2024 after the global TLS 1.3 rollout has completed!
New Features for App Service Environment v3
The App Service Environment v3 (ASEv3) platform now supports TLS certificates issued by private certificate authorities (CAs)! Since it is very common to deploy internal load balancer (ILB) ASEv3s for internal facing workloads, customers may want to secure application traffic using certificates issued by their own private CAs. Previously these types of certificates could only be used on ASEs for making *outbound* calls to downstream network endpoints. However, with a recent upgrade developers can now secure *inbound* TLS traffic to apps running on ASEv3s using certificates issued by a company’s private certificate authority. More information on this new feature is available in the ASEv3 documentation about using private certificates.
We also know customers have been eagerly awaiting memory-isolated options for the Isolatedv2 SKU. ASEv3s are getting updated this quarter through early 2024 with support for memory-optimized offerings that mirror the Pmv3 options released earlier! The new additions to the Isolatedv2 family are referred to as Imv2 (m for memory optimized) and will provide compute options all the way up to a 32 vCPUs/256GB offering.
Reducing Subnet Sprawl with Multi-plan Subnet Join
The ability to join multiple app service plans to a single subnet in a virtual network just entered public preview! This feature enables developers to point multiple app service plans at a single integration subnet, thus vastly reducing the number of subnets needed for large scale App Service deployments. For example, customers could have hundreds of dev/test app service plans each connected to a single subnet, with the subnets allocated inside of a dev/test specific virtual network. With the new multi-plan subnet join feature, this topology could be collapsed down into either a single “large-ish” subnet, or a handful of subnets – just enough IP addresses to handle the outbound connectivity requirements from a few hundred app service plans.
The ability to join multiple app service plans to a single subnet is currently available in the West Central US and France Central regions. App Service is continuing to rollout the feature globally with more regions coming online over the remainder of this year (2023). For more details on how to enable the feature, as well pointers on planning subnet IP address usage given increased address consumption within the scope of a single subnet (rather than an entire virtual network) be sure to take a look at the public preview announcement!
Next Steps
Developers can learn more about Azure App Service at Getting Started with Azure App Service. Stay up to date on new features and innovations on Azure App Service via Azure Updates as well as the Azure App Service (@AzAppService) X feed. There is always a steady stream of great deep-dive technical articles about App Service as well as the breadth of developer focused Azure services over on the Apps on Azure blog. And lastly drop by the Microsoft Azure Developers YouTube channel for developer focused content about tooling, languages and services running in Azure!
Continue reading...
App Service team members will be presenting at the session "Unlock Innovation with AI by Migrating Enterprise Apps to App Service" on Wednesday November 15th (11:45AM to 12:30PM Pacific time - Level 4 Room 425 - In-Person and Live-streamed). Tune in to see demonstrations of the new Azure Migrate application and code assessment capabilities, the new Microsoft Copilot for Azure and the App Service Conversational Diagnostics experience, and upcoming previews of sidecar extensibility on Linux App Service as well as WebJobs support for both Linux App Service and Windows Containers on App Service. The team will also be walking through how developers can securely connect to Azure OpenAI from App Service leveraging the recent GA of gRPC on Linux App Service to enhance an existing Java application with an AI-powered chat experience!
Additional guidance on developing applications using Azure AI services in conjunction with a variety of Azure developer focused PaaS services is also available in this excellent article that demonstrates various building blocks and reference architectures!
As a handy reference for Ignite attendees (both remote and in-person), listed below are additional sessions covering App Service:
Thursday, November 16
11:45 AM - 12:30 PM Pacific Standard Time
11:45 AM - 12:30 PM Pacific Standard Time
In-person and Online
Level 4, Room 441
Thursday, November 16
3:30 PM - 3:45 PM Pacific Standard Time
3:30 PM - 3:45 PM Pacific Standard Time
Demo Session - In-person Only
Level 5, Hub Demo Theater 1
Read on to learn more about everything being announced and released for App Service at Ignite 2023!
New Application and Code Assessment Features for Web Apps
Developers looking to assess and migrate web applications to App Service have new capabilities announced at Ignite 2023 with the Azure Migrate application and code assessment features for .NET and Java! The new capabilities support both Java and .NET workloads, providing application assessments in preparation for application migration to a variety of compute targets in Azure including Azure App Service!
For .NET developers, the new tooling plugs into Visual Studio as an extension that makes it easy for developers to analyze their solutions and gain a comprehensive understanding of project structures, architecture, and dependencies. This information is used to create a detailed inventory of applications and their components to identify any potential challenges or limitations. The result is a comprehensive report that provides guidance for re-platforming and modernizing .NET applications in preparation for migration to Azure.
Application and Code Assessment for a .NET Web Application
You can install the new extension directly from inside of Visual Studio via “Manage Visual Studio Extensions”. Read more about the new application and code assessment capabilities at the Azure Migrate Application and Code Assessment blog!
Conversational Diagnostics on Windows App Service
You have a web application that has been successfully running for some time, and suddenly you start receiving customer complaints that some requests are running slowly. What do you do – which tool(s) should you use? What happens if you didn’t set up monitoring earlier, now where do you go to start troubleshooting? With the announcement of the Conversational Diagnostics (Preview) on Windows App Service, customers can use Microsoft Copilot for Azure integrated with the App Service diagnostics and troubleshooting experience!
Microsoft Copilot for Azure Integration with Conversational Diagnostics
Starting today when customers click on “Diagnose and Solve problems” in the Overview blade of their web application they can sign up for the preview of the new Conversational Diagnostics troubleshooting experience. Read more about the new features in the Conversational Diagnostics blog post and also stay tuned in the future as the App Service Diagnostics team ships future updates to the new experience!
Sidecar Extensibility on Linux App Service
At Ignite 2023 the team is introducing sidecar extensibility for Linux App Service, enabling scenarios such as integrating Application Performance Monitoring (APM) solutions with apps running on App Service. The new sidecar extensibility feature works for both source-code based web apps as well as web apps deployed using custom containers. Sidecar extensibility makes it straightforward to deploy multiple sidecars with a single web application. An example of the ARM definition for adding sidecar containers using the new App Service sitecontainer ARM object is shown below:
{
"name": "apmsidecar",
"type": "Microsoft.Web/sites/sitecontainer",
"location": "westcentralus",
"properties": {
"name": "apmsidecar",
"image": "ignite2023demoappsvcacr.azurecr.io/apmsidecarrepo/dd-java-ubuntu-amd64-1:1.0",
"targetPort": "3000",
"isMain": false,
"startUpCommand": null,
"userManagedIdentityClientId": "SystemIdentity",
}
...
}
With the new sidecar support App Service will be working with Azure Native ISV Services to enable developers to easily add ISV offerings to their web applications. Sidecar extensibility also enables the integration of web apps with microservices built using the Distributed Application Runtime (Dapr) as well as Dapr components providing services such as messaging, state management and workflow. App Service will be releasing sidecar extensibility into early preview later this year (2023) with broader public preview availability in early 2024.
WebJobs for Linux App Service and Windows Containers
We are delighted to announce that WebJobs is arriving for our Linux App Service and Windows Containers customers! WebJobs are ideal for running arbitrary code, executables, scripts, and background tasks. The new WebJobs capability has multiple options for running your “infrastructure glue”. WebJobs can run continuously in the background, periodically based on a schedule, or on demand when manually invoked. Developers deploy WebJobs alongside web applications, with the WebJobs running on the same set of app service plan instances used by the companion web app. Developers can also create an empty placeholder web app for the sole purpose of deploying a compute-intensive WebJob with all the compute power of the underlying app service plan dedicated to the WebJob.
The new WebJobs support is being demonstrated in action at the App Service session at Ignite 2023 and will enter early preview later this year (2023) with broader public preview availability in early 2024.
NET 8.0 GA , gRPC GA, Wordpress Updates and New Language Support!
.NET 8 GA’d this week and App Service developers can now use .NET 8 GA on both Windows and Linux App Service!
Linux App Service also recently announced gRPC support moved to GA. As a quick recap, gRPC on Linux App Service includes full support for unary calls, server streaming, client streaming, and bi-directional streaming. Developers can use .NET, Python, Node or Java to author back-end gRPC applications on Linux App Service. Samples showing the basics of using gRPC on App Service are available in a GitHub Samples Repo. Also stay tuned in 2024 for gRPC support coming to Windows App Service!
WordPress on Linux App Service was recently updated with a new Free Tier hosting option for running personal and proof-of-concept WordPress sites. The offering includes running the WordPress web application on the Linux App Service Free Tier and the database back-end with the Azure Data for MySQL Free Trial. Try it out and give the team feedback! WordPress on App Service is also now integrated with Azure Communication Services Email to enable Application-to-Person (A2P) email scenarios. Deployment slots on App Service can now be used with WordPress to setup pre-production staging environments - more information about this recent improvement is available in this blog post. Users can also increase performance of their WordPress sites using the just released Azure Cache for Redis integration with WordPress - read more about improving WordPress performance in this announcement! Looking ahead to the next few months the team will be releasing an App Service migration plugin which will help users migrate their WordPress sites from on-premises hosting or any other hosting provider to App Service. Furthermore, integrations with Azure DevOps and Azure Active Directory are planned for release by the end of this year (2023)!
Of course, a round-up of new capabilities wouldn’t be complete without a mention of additional notable new language releases. Node 20 and Python 3.12 were also both just released on App Service! PHP 8.3 is coming later this year. And Java 21 is planned in the next few weeks so Java developers stay tuned! Also, for Java developers, the team has recently released a great set of samples showing how to deploy both source-code and containerized Java applications to App Service.
Secure Deployments with GitHub Actions OpenID Connect Support
App Service just launched the public preview of support for securely publishing web applications via GitHub Actions Open ID Connect (OIDC) integration. OIDC secured publishing makes it much easier for developers to build web applications using GitHub Actions and then securely publish the web applications to App Service.
App Service will generate a user identity on behalf of the web application in Microsoft Entra and then federate the user identity with GitHub. A developer builds their application using a GitHub Actions workflow suitable for their selected language, with the publishing steps in the workflow securely connecting to App Service using the federated user identity. The screenshot below shows how straightforward it is to choose a user-assigned identity for publishing when setting up GitHub integration in the App Service Deployment Center.
New GitHub Actions OIDC Integration
No cleartext credentials are used! Even better, security conscious customers can turn off basic authentication publishing support in App Service and instead rely exclusively on the OIDC based publishing flow.
End-to-End TLS Encryption and TLS 1.3 Support
The service recently enabled a new end-to-end (e2e) TLS encryption feature for web apps running on Linux App Service. By default, inbound TLS connections are terminated on the App Service front-end infrastructure after which the platform front-ends proxy requests within App Service clusters to individual workers over HTTP. When the new e2e TLS feature is enabled, the front-end-->worker network hop is secured with TLS using a platform generated TLS certificate.
Enabling end-to-end TLS encryption
Developers can read more about the capabilities and configuration options for the e2e TLS feature in this recent blog article. Looking ahead to 2024, App Service will also be bringing the e2e TLS feature to Windows App Service as well!
In parallel the team has been incrementally enabling TLS 1.3 across the App Service, Functions and Logic Apps footprints. TLS 1.3 will continue to be progressively deployed across App Service regions throughout the remainder of this year (2023). As a quick retrospective, the Minimum TLS Cipher Suite public preview announced earlier in 2023 at the Build conference will also receive an updated cipher suite order as part of the TLS 1.3 rollout. Developers can look forward to the Cipher Suite feature moving to GA status early in 2024 after the global TLS 1.3 rollout has completed!
New Features for App Service Environment v3
The App Service Environment v3 (ASEv3) platform now supports TLS certificates issued by private certificate authorities (CAs)! Since it is very common to deploy internal load balancer (ILB) ASEv3s for internal facing workloads, customers may want to secure application traffic using certificates issued by their own private CAs. Previously these types of certificates could only be used on ASEs for making *outbound* calls to downstream network endpoints. However, with a recent upgrade developers can now secure *inbound* TLS traffic to apps running on ASEv3s using certificates issued by a company’s private certificate authority. More information on this new feature is available in the ASEv3 documentation about using private certificates.
We also know customers have been eagerly awaiting memory-isolated options for the Isolatedv2 SKU. ASEv3s are getting updated this quarter through early 2024 with support for memory-optimized offerings that mirror the Pmv3 options released earlier! The new additions to the Isolatedv2 family are referred to as Imv2 (m for memory optimized) and will provide compute options all the way up to a 32 vCPUs/256GB offering.
Reducing Subnet Sprawl with Multi-plan Subnet Join
The ability to join multiple app service plans to a single subnet in a virtual network just entered public preview! This feature enables developers to point multiple app service plans at a single integration subnet, thus vastly reducing the number of subnets needed for large scale App Service deployments. For example, customers could have hundreds of dev/test app service plans each connected to a single subnet, with the subnets allocated inside of a dev/test specific virtual network. With the new multi-plan subnet join feature, this topology could be collapsed down into either a single “large-ish” subnet, or a handful of subnets – just enough IP addresses to handle the outbound connectivity requirements from a few hundred app service plans.
The ability to join multiple app service plans to a single subnet is currently available in the West Central US and France Central regions. App Service is continuing to rollout the feature globally with more regions coming online over the remainder of this year (2023). For more details on how to enable the feature, as well pointers on planning subnet IP address usage given increased address consumption within the scope of a single subnet (rather than an entire virtual network) be sure to take a look at the public preview announcement!
Next Steps
Developers can learn more about Azure App Service at Getting Started with Azure App Service. Stay up to date on new features and innovations on Azure App Service via Azure Updates as well as the Azure App Service (@AzAppService) X feed. There is always a steady stream of great deep-dive technical articles about App Service as well as the breadth of developer focused Azure services over on the Apps on Azure blog. And lastly drop by the Microsoft Azure Developers YouTube channel for developer focused content about tooling, languages and services running in Azure!
Continue reading...