AZ-303 Microsoft Azure Architect Technologies – Implement Solutions for Apps (10-15%) Part 3
- Web Apps – Authorisation Walkthrough
Next, let’s take a look at authentication and authorization. Many websites need you to be able to sign in in order to authenticate you. And this can be achieved in many different ways from third party identity providers, Azure Active Directory, Active Directory, or even just standard database back to username and passwords.
The majority of these require some amount of programming effort on the developer’s behalf in order to integrate them, especially token based providers such as Facebook, Google and even Microsoft. Microsoft Azure actually makes it really easy to integrate your applications, and it can be done through the Authentication Authorization tab. As mentioned in the overview, the Azure Web Apps supports a number of different authentication providers azure Active Directory, Microsoft, Facebook, Google, and so on. In order to integrate this, the first thing we need to do is turn the app service authentication on.
Next we simply go into the one that we want to configure. Now, in all, except for Active Directory, when you’re going to configure an identity provider, you have to supply a client ID and a secret. This is obtained by going to your authentication provider, for example, Microsoft account settings and going and enabling it for your actual account. If it was Facebook, for example, there is a developer page there where you can go and request tokens.
And again, the same for Twitter and Google. Once you’ve got a client ID in secret, you then need to say what scope you want to give the user access to under this account and the actual scope, or the things that you can do with that token such as reading the user’s basic profile, single sign of behavior, reading users birthday and so on, all depend on the provider themselves. And the idea is that you can restrict exactly what can be seen using these account settings. To make things easier, I’m actually going to use Azure Active Directory.
And the reason why I’m going to use Azure Active Directory is that I don’t actually need to provide this ID and token. Instead, what I can do is I can go into the management and set it to Express and I can tell it to create a new ad app and we’ll see what that does in the background in a second. Go ahead and click OK. Next we need to tell it what action to take when we’re not actually authenticated. The default is it will just allow anonymous access, but what we want to do is force people to log in. So we’ll go down to Login with Azure Active Directory. Once that’s set, go ahead and click Save. Once that’s saved, I’ll show you what’s happened in the background. If we go to the Azure Active Directory configurations, this is not the web app. This is for all of our Azure subscription.
We have an option down the side here called app registrations. We’ll see. Now we have this app registration for cloud guru, hack and web app and it’s got a client ID. And if we can go in, we can see some various things and we can see that the application ID is the URL of our website. Take a note of the actual application ID here. Now go back to our web app, go back into authentication authorization, and go into our Active Directory option. Again, we’ll now see that there’s this Azure ad app configured and again, that shows the details. What this app registration is is kind of like a service account and it’s what ties our actual web application to the Active Directory users. If we go back to our website and hit refresh, it’s now going to prompt us to log in.
So now, as you can see, with a few simple clicks, we’ve been able to enable Azure Active Directory authentication on our web app without changing any of the code whatsoever.
- Web Apps – Backups Walkthrough
Now let’s have a look at backups. You could argue that if your website is built and deployed from code, then if you ever needed to rebuild it, you could simply redeploy. However, there are times when it’s handy to have a complete backup of your deployed website. To go to backups, simply go to the Backup section under Settings and the first time you use it you’ll need to configure it. And the first thing you’ll need to configure is a storage account because you need to tell it where to actually store the backups and by default it wants to store them in a storage account. So select the storage account we want to use and then select Container.
I don’t actually have a container set up, so let’s go ahead and create one. We’ll call this web app Backups and it needs to all be lowercase and we’ll select that container and click Save. Another option you can do within the configuration screen is back up any associated SQL databases. So if in your application you actually have a connection string set within the configuration of that website, the backup system will detect that and give the option to back it up.
So if that then appears and you select the backup, then every time you back up the web application, it’s also going to store a backup of the database as well. Again, this can be a very useful way of keeping a backup of your entire system, SQL databases and apps all in one place. Once that’s ready, we have a couple more options. We can either do one off backups or again in the configuration, we can set schedule backups. We set schedule backups. We have the option of scheduling backup every one day or every so many hours.
We can tell it what time to back up and we can tell it how long to store the backups for. I’m not going to do that just for now. Instead I’m going to do a single backup. So I’m simply going to click on Backup. It will tell me the job has successfully submitted and then it will start to run. Once completed, we can go in to see some basic backup details. We can also go to the storage accounts into our web backups container. So there we can see our actual backup that we’ve just created. As you can see, there are three separate files, a log file, an XML configuration file, and the zip file itself that contains all the information for the website.
Once we have our backup, if for whatever reason we needed to restore, we simply go back to the Backups tab, click the Restore option, the restore source is in storage, so go ahead and find the backup file and then click the Target app service. So we can tell it to override, or we can tell it to create a new backup or to a new slot and then click OK that will validate and then perform the actual restore in the background. Using site backups in this way is a very quick and easy way to ensure you’ve always got an UpToDate backup with configurable schedules, or even if you just want to perform ad hoc backups as and when you need to.
- Web Apps – Autoscaling Walkthrough
Next, let’s have a look at auto scaling. If you remember from the overview we said that we can set web apps to auto scale or scale. This means we can add additional instances or copies of our web app as we need them. And this copy or instance of our web app effectively goes behind a virtual IP or a simply single IP which would be accessed via your URL. And then in the background an automatically created load balancer would automatically send traffic between all the instances spun up. So let’s have a look at how we’d set that up. Within our web app, we want to go to the scale out option and this allows us to configure both manual scaling and custom scaling.
So if we know we always want to have two, three or more instances of our app, we simply go in here and increase the instance count and this will automatically scale up our application to cope with the number of users that we expect to come to our website. However, one of the powerful things about Cloud is that we can make our web apps to be far more dynamic. So for example, we can set our web app to maybe have a single instance count at an evening or periods when we know there’s going to be below traffic and make it automatically scale up as and when more power is required by our app. So to do this we’ll go to the custom auto scale option. When we come to do the custom auto scale option, we need to add the kind of rule that we want.
So here we can define for example, a particular metric such as CPU. We could also go for the amount of data in and out and various other options. We can then set an operator so we can say when CPU usage is greater than, equal to, less than and so on to a certain amount. For example 70%, and it’s over 70% for a set number of minutes, the default is ten. We can then say increase the count by one instance. So with this rule, this means whenever the CPU percentage is over 70% for more than ten minutes, it will automatically add an extra instance. You can also see that at the bottom we have a number of minimum, maximum and default instances.
So we can actually constrain the number of instances that it will ever spin up so that we can control costs. We can also set the minimum number so that even when it’s doing nothing, it always starts with two, three or however many we need. Next we can add a rule to do the opposite. So once our application is scaled up, because it’s being used a lot, we want it to be able to scale back down once it goes into a quiet period. So what we do now is we can set a less than and we could set say, the threshold to 30% and now we change the action from Increased Count to Decrease count, and then click Add again. So now we have two rules.
One, it will scale out when the CPU percentage goes above 70% for ten minutes or more. However, it will scale back in if the CPU percentage on any one instance is less than 30% for around ten minutes. We can even add multiple scale conditions. So a second type of scale condition we might want is by time. So we could set it to automatically start up or reduce instances based on certain times of the day or even specific days of the month. And this is great for when you know that your users maybe are all coming from a certain country. So, for example, you could scale up in peak hours and scale back in the evening when maybe no one will be using it, or maybe scale back at weekends and so on. I’m going to discard those changes for now and leave our instance count at one.
Before we finish this lecture, I’m just going to scale our application back to the Free tier. And that’s because we no longer need it. To be on a premium plan. You need to make sure that you’ve deleted any deployment slots that you had. If you want to change, just go to the Deployment Stop slot, make sure you’ve only got your one slot, then go to the Scale Up tab, change it to the Dev test, workload the F One or Free Pricing tier, and click Apply. Go back to the Overview page and just make sure we’re back on the Free tier.