App Service Environment Support for Availability Zones (Preview)

App Service Environment (ASE) support for Availability Zones (AZ) is now in preview.  Customers can deploy internal load balancer (ILB) ASEs into a specific AZ (Zone 1, 2 or 3) within an Azure region, and the runtime resources used by that ILB ASE will be deployed into the specified AZ.  An ILB ASE is deployed in a zonal manner which means the ILB ASE is pinned to a specific zone. This means all of the following runtime ILB ASE resources will be located in the specified zone:  the internal load balancer IP address of the ASE,  the compute resources used by the ASE to run web applications, and the underlying file content storage for all of the web applications deployed on the ASE. Currently ILB ASEs can be deployed into AZs in the Central US region.  The set of available regions for the ASE AZ preview will be expanded over the course of January and February to include all AZ enabled Azure regions.  Note that only ILB ASEs support availability zones - there are no plans at this time to enable AZ support for external facing ASEs (i.e. ASEs that have a public IP address for accepting website traffic). Customers can deploy an ASE into an availability zone using ARM templates.  The ARM template snippet below shows the new properties and values in bold that tell the platform to deploy the ASE into an availability zone:

    "resources": [
      {
         "type": "Microsoft.Web/hostingEnvironments",
         "kind": "ASEV2",
         "name": "yourASENameHere",
         "apiVersion": "2018-05-01-preview",
         "location": "Central US",
         "zones": [
            "2"
         ],
         "properties": {
            "name": "yourASENameHere",
            "location": "Central US",
            "ipSslAddressCount": 0,
            "internalLoadBalancingMode": "3",
            "dnsSuffix": "contoso-internal.com",
            "virtualNetwork": {
               "Id": "/subscriptions/your-subscription-id-here/resourceGroups/your-resource-group-here/providers/Microsoft.Network/virtualNetworks/your-vnet-name-here",
               "Subnet": "yourSubnetNameHere"
            }
         }
      }
    ]

There are only two minor changes needed in an ILB ASE ARM template to enable zonal deployment.  The apiVersion property must be set to 2018-05-01-preview in order for the zones property to be processed.  The zones property can be set as shown above with a value of 1, 2 or 3 depending on which zone you want to deploy the ASE into. In order to attain zone resiliency for apps created on AZ deployed ILB ASEs, customers will need to deploy at least two ILB ASEs - one per zone. Customers should then create and publish copies of their application onto each of the AZ deployed ASEs. Customers will additionally need to deploy a load balancing solution upstream of the AZ deployed ASEs so that traffic bound for an application is distributed across all instances of the ASEs. For example a zone-redundant Application Gateway could be deployed upstream, and then configured to route requests for a given application across all of the application instances created on the AZ deployed ASEs. More details on zone-redundant Application Gateway are available here: Autoscaling and Zone-redundant Application Gateway (Public Preview). Once an ASE and its applications are running inside of a specific zone, the applications will continue to run and serve traffic on that ASE even if other zones in the same region suffer an outage. However it is possible that non-runtime behavior including application service plan scaling as well as application creation/configuration/publishing may be impacted in the event of a region outage. Future investments into availability zone support for App Service will eventually extend zone resiliency to these non-runtime behaviors.