The App service backup and scaling is much simpler than virtual machine backup and scaling. The backup and restore in-app feature service let us quickly create app backups. This backup of app service will contain app configuration also, the file content, and optionally the database connected to our app. We can take backup along with the app service. The App service will have the following backup information:

App configuration
File content
Database connected to our app

There are several ways we can take backup:

Manually
Automation based on scheduling
Partial backup

The backup will be stored in a storage account. And in terms of restoration, we can restore an app with its linked database on-demand to its previous state, using the backup, or we can create all-together a new app using that app backup. Both backup and its restoration are only available for apps running in standard and premium tiers.

Scaling

There are two ways we can scale the app services.

Scale-up: It means we can get more CPU, memory, disc space, and also an extra feature like dedicated virtual machines, custom domains, certificates, staging slots, auto-scaling, and many other features based on the pricing tier we select when we are scaling up our app service plan.

Scale-out: It means we will increase the number of VM instances that run our app so we can scale out to any number of instances based on the pricing tier. But, if we go for app service environments in an isolated tier, then we can scale out to a hundred instances.

Apart from this, another important thing that we need to remember about scaling is Auto Scaling. There are many ways that we can scale our app services.

Automatically
Manually
Pre-set Matric
Scheduled

Azure App Service Security

Authentication and Authorization: Every App service comes with an Authentication and Authorization module that handles several things for our app.

It will authenticate the user with a specified provider such as Facebook, Google, Twitter, Azure Active Directory, etc.
It will store, validate, and refreshes tokens.
It also manages the authenticated session.
It injects identity formation into request headers.

How Authentication and Authorization works

First, the request from the client browser will come to the App service front-end. From that, the request will be forwarded to the Authentication and Authorization module. And that Authentication module will include all the Authorization and Authentication logic, which includes token management and also session management, etc., and it sits outside the web app code. That is the reason we don’t need to change code between our web application to enable Authentication and Authorization for our app in Azure. We can able to slightly influence this Authentication and Authorization logic using the environment variable in terms of tracing.

Authentication and Authorization module handles several things for our app:

Authenticates users with the specified provider
Validate, store, and refreshes tokens
Manages the authenticated session
Injects identity information into request headers
Logging & tracing

Other security areas

There are additional security areas that we need to be aware of for App service, which we can take advantage of them.

ISO, SOC, and PCI complaint: If we are processing credit card information, the underlying environment is PCI compliant, but at the same time, you have to go for PCI compliance from the application layer perspective. But, from the environment perspective, Microsoft Azure App Service is PCI compliant
IP Address whitelisting: In case if we want to limit the trigger to our App services form a specific trusted IP Address, then we can white list the same within the Azure portal for our app services.
SSL communication: To encrypt the data at transit, we can enable SSL communication.

Managed Service Identity

This service is recently added to Azure. What we are going to do here is creating an identity for our app, and providing access to different services to that identity. By doing this, we don’t need to store any userID-password to access certain Azure services. What we generally do is we go to the Azure portal and tell to ARM to create managed service identity for your Azure App Service. And when we trigger that, a service principle gets created in Azure active directory.

Example – if we want to Access a secret from Azure key vault. By submitting that token and having a proper access policy defined within Azure key vault, our application code will be able to retrieve the secret at run time and use that secret to access an on-premises resource.

App Service Environments security

If we are using App service environments, then we will get additional benefits in terms of security.

Network security groups: We can associate with network security groups and control the traffic coming into our App service using network security groups.
Web Application Firewall: It is a feature of application Gateway that provides centralized protection of your web applications from common exploits and vulnerabilities. The web application firewall is based on rules from the OWASP core rule sets 3.0 or 2.2.9

Enabling authentication with Azure active directory for Web App

Step 1: Open your API App and click on Authentication/Authorization.

Step 2: Click on the toggle button showing switch on/off. Switch it on.

Step 3: Now select the Action to take when the request is not authenticated as “Login with Azure Active Directory.”

Step 4: Now, configure the Azure Active Directory with the express mode. After that, click on create and then click on save.

So, this brings us to the end of blog. This Tecklearn ‘Azure App Service Backup and Security’ blog helps you with commonly asked questions if you are looking out for a job in Azure and Cloud Computing. If you wish to learn Microsoft Azure and build a career in Cloud Computing domain, then check out our interactive, Microsoft Azure Developer and Administrator Training, that comes with 24*7 support to guide you throughout your learning period. Please find the link for course details:

https://www.tecklearn.com/course/microsoft-azure-developer-associate-az-203-and-microsoft-azure-administrator-associate-az-103/

Microsoft Azure Developer Associate: AZ-203 and Microsoft Azure Administrator Associate AZ-103 Training

About the Course

This Course provides training for Microsoft Azure Administrator and Azure Developer. Tecklearn’s Azure Administrator training provides you with a deep understanding of the entire administrative lifecycle in Azure environments. This Azure course shows you how to maintain services related to computing, storage, network, and security. Enhance your Azure Administrator skills and prepare to ace the AZ-103 Azure Administrator exam. The Azure Developer certification course prepares you for Microsoft’s Azure Developer certification exam AZ-203. It covers Azure architecture, Azure technology development solutions, Azure storage services, and solutions, Cognitive Services such as Computer Vision, Q&A Maker, Azure service solutions, and API management services.

Why Should you take Azure Developer and Administrator Training?

Microsoft certified Azure Associate developer earns salary ranging from $95,000 to $135,000
Average salary of Microsoft Certified Azure Administrator is $90,000 – Indeed.com
Apple, eBay, Samsung, Citrix, UST Global, Mindtree, TCS, Wipro, Infosys & many other MNC’s worldwide use Azure across industries
According to Microsoft, more than 1,000 new sign-ups for Azure occur each day, which equates to approximately 365,000 new sign-ups each year
By 2022, 90% of enterprises will use both the IaaS and PaaS capabilities from cloud provider – Gartner

What you will Learn in this Course?

Introduction to Azure Compute Solutions and Cloud Computing

Introduction to Microsoft Azure
About Azure Certification

Overview of Azure Storage Services

Azure Storage
Azure File Use Case
Azure DNS
Azure Site Recovery

Secure and Manage Azure Storage

Security Issue
Azure Regions
Azure Services

Implementing Secure Data Solutions and Integrating Caching & CDN

Azure CDN
Azure Traffic Manager
Azure Load Balancer
Azure Scale Set

Implementing Azure App Service Web Apps and Mobile Apps

Design and Implement Azure Service Apps
Web Apps
Pricing Calculator – Azure

Managing Azure Subscriptions and Resource Groups

Create Resource Group
Create App Service Plan
Create Web App and Deploy Angular Application using SCM
Deploy .NET Application using SCM
Deploy App using Visual Studio
Web Job Types
Sendgrid

Develop Event-based and Message-based Solutions in Azure

Messaging Strategy
Design and implement Messaging Strategy
Azure Notifications
Microsoft Azure Service Bus
Queues
Topics
Create Topic
Create Subscription
Azure Relay
Using EventHubs

Implementing Azure App Service API Apps & Azure Functions

Azure PAAS Services
API Management
Function Apps
Logic Apps

Overview of Azure Virtual Machines and Configure Virtual Machines for High Availability

Virtual Machines
Create VM
PowerShell DSC and Custom Script Extension
Scale ARM VMS
VMSS
Monitoring VMs
Dev Test Labs
VM Storage

Design and implement Azure DevOps

CI/CD Pipelines
VSTS
Deployment in pass and VM’s
Scheduled deployments

Manage Azure Active Directory (AD)

Manage Identity, Application and Network Services
Overview of Azure Active Directory
Azure Active Directory B2C
Azure Active Directory B2B
Key Vault
Azure Graph API

Azure Virtual Networks and Network Security

Redis Caching
Azure search
Virtual Networks
Configure Virtual Network
Hybrid Network Connectivity
ARM VM Networking
Azure security and recovery services

Developing Solutions That Use Relational Database and Azure Blob Storage

Azure DB Services – SQL DB
Azure Notifications
Backup and Restore
Enabling Geo-Replication
Export source Database
Scale Azure SQL Databases

Developing Solutions That Use Azure Table Storage & Cosmos DB

COSMOS DB
Azure Key Vault
Azure App Insights

Azure Command Line Interface (CLI) and PowerShell

Resource management and deployments using PowerShell and CLI
ARM templates
Implement ARM templates
Control Access
PowerShell runbooks
Azure Automation
Real Time Examples

Got a question for us? Please mention it in the comments section and we will get back to you.

577