Posted September 12, 20222 yr An App Service Environment is an Azure App Service feature that provides a fully isolated and dedicated environment for running apps securely at high scale. Organizations may require an isolated environment for running App Service apps for many reasons, such as where physical separation of data is a compliance requirement in a certain country or regulated industry or where organizations want dedicated resources to achieve very-high scale. An App Service Environment provides a single-tenant deployment of Azure App Service that runs in your virtual network. Using an App Service Environment, developers host applications from only one organization, using one of their virtual networks, thus providing greater control over inbound and outbound application network traffic. This also helps enable applications to establish high-speed secure connections over VPNs to on-premises corporate resources. Azure recently rolled out the latest version of App Service Environment v3, with enhanced speed, scalability, and Azure Virtual Network (VNet) support. An analysis by GigaOm concluded App Service Environment v3 offers a way forward for regulated organizations as they look to embrace the digital transformation benefits of the cloud.1 Migrating to App Service Environment v3 is something you will want to prioritize for your business—here are three reasons why: Higher performance and new features Among the differences between App Service Environment v3 and earlier versions, App Service Environment v3 provides enhanced support for your workloads, delivers compliance capabilities with fewer dependencies, scales faster, and provides more cost-effective capabilities with faster hardware. Also, network traffic is now managed by the platform in the Azure Virtual Network (VNet) infrastructure. In the public cloud offering developers get a slice of a secure—but otherwise shared—multi-tenant service on the cloud, whereas with App Service Environment v3, developers get the entire single tenant to themselves. Operating Differences Here are key operating differences between a multi-tenant environment and the new single-tenant instance offered through App Service Environment v3: Multi-tenant App Service App Service Environment v3 Pricing Lower pay-as-you-go pricing Higher pay-as-you-go pricing but with reserved instances, lower cost than PremiumV2 Scale Scales out to 30 App Service Plan instances Scales out to 100 App Service Plan instances Speed Fast scaling Platform requires time for provisioning, as resources are dedicated to the specific customer Support Elastic premium support No consumption plan tier options available Networking Networking features enabled at app level No networking features needed on the apps (apps inherit the security and isolation associated with the VNet on which the App Service Environment is deployed) Automatic scaling, access across global peering, and new efficiencies that reduce costs are among the many performance enhancements for App Service Environment v3 compared to earlier versions. Using App Service Environment v3 in Compliance-Oriented Industries Furthermore, with App Service Environment v3 the network traffic is managed and kept within the Azure infrastructure and organizations do not have to manage the internal traffic between App Service and other services, which can be helpful for regulated industries. You can further integrate with Microsoft Defender for Cloud, Azure Policy, Azure Monitor, and Azure Active Directory for enhanced security experience end to end. For example, a bank may require isolation from other tenants and potentially even require dedicated hardware to meet compliance and regulatory requirements—App Service Environment v3 can provide the solution to meet those requirements. Here is a quick overview of App Service Environment v3’s new features: There are no networking dependencies on the customer's virtual network. You can secure all inbound and outbound traffic and route outbound traffic as you want. You can deploy an App Service Environment v3 that is enabled for zone redundancy. You set zone redundancy only during creation and only in regions where all App Service Environment v3 dependencies are zone redundant. You can deploy an App Service Environment v3 on a dedicated host group. Host group deployments are not zone redundant. Much faster scaling compared with App Service Environment v2. If near-instantaneous scaling is a priority, consider the public multi-tenant App Service offering. App Service Environment v3 front ends automatically scale to meet your needs and are deployed on high-performance hardware. Scaling no longer blocks other scale operations within the App Service Environment v3. You can now reach apps in an internal-VIP App Service Environment v3 across global peering. A more cost-effective migration solution We know that the cost of compliance is one of many factors to consider when choosing your app migration strategy. App Service Environment v3 can be more cost-effective for many reasons, including the removal of the stamp fee associated with App Service Environment v1 and v2 and the availability of reserved instance pricing which can further reduce costs. Multiple deployment types are available, each with its own pricing model, which all run on the Isolated v2 SKU (how you purchase the App Service Environment v3 service). This gives organizations the ability to potentially double CPU and RAM for the same cost as previous versions—essentially helping organizations pay less for the underlying infrastructure. Among its analysis, GigaOm looked specifically at costs associated with an App Service Environment v3. It found that an App Service Environment v3 provides a lower operational cost than hosting on-premises without the capital costs or need to pre-stage capacity for peak loads.2 Additionally, the TCO of compliance reporting should be lower when using the App Service Environments v3 than for v2 or for on-premises, with a target savings of 20%,3 the analysis found. Furthermore, for many companies, five-year, fully burdened costs of maintaining a secure hosting environment, with fully tested and supported software components, will be lower using App Service Environment v3 than hosting on-premises,4—there really is no reason to wait to migrate to App Service Environment v3. Upcoming end-of-life for App Service Environment v1 and App Service Environment v2 In August 2021, we announced Azure Cloud Services (classic) will be retiring on August 31, 2024. App Service Environment v1 and v2 run on Azure Cloud Services (classic), and will be retired at the same time. If you are using either App Service Environment v1 or v2, now is the time to consider migrating to App Service Environment v3 and not only ensure seamless operational efficiency and compliance, but also to start taking advantage of the new features and potential cost savings discussed above. Get Started Join this on-demand webinar to learn about App Service Environment v3 and the networking capabilities of Azure App Service. Download this whitepaper to learn how using App Service Environment v3 can help your business in compliance-oriented industries. Migrate with our migration feature and explore the Azure App Service landing zone accelerator for reference architectures and best practices. Source: Using App Service Environment v3 in Compliance-Oriented Industries (microsoft.com) 1-4Claims based on data from a report prepared by GigaOm in February 2022. The report was prepared for CIOs, CTOs, CISOs, chief architects and VPs of Engineering and considers what Microsoft’s App Service Environment offering looks like in practice. The report outlines the key needs of compliance-oriented scenarios, looking at how the platform’s capabilities map onto these needs. Based on these scenarios, along with end-user research, the report maps out lessons and strategies for making the most of App Service Environment v3 in the compliance context. Continue reading...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.