Web App
The presented resiliency recommendations in this guidance include Web App and associated settings.
Summary of Recommendations
| Recommendation | Category | Impact | State | ARG Query Available |
|---|---|---|---|---|
| APP-1 - Enable diagnostics logging | Monitoring | Low | Preview | Yes |
| APP-2 - Monitor performance | Monitoring | Medium | Preview | Yes |
| APP-3 - Separate web apps from web APIs | System Efficiency | Low | Preview | No |
| APP-4 - Create a separate storage account for logs | System Efficiency | Medium | Preview | No |
| APP-5 - Deploy to a staging slot | Governance | Medium | Preview | Yes |
| APP-6 - Store configuration as app settings | Application Resilience | Medium | Preview | Yes |
Recommendations Details
App-1 - Enable diagnostics logging
Category: Monitoring
Impact: Low
Guidance
Enabling diagnostics logging for your Azure App Service is important for monitoring and diagnostics purposes. It includes application logging and web server logging.
Resources
// under development
App-2 - Monitor Performance
Category: Monitoring
Impact: Medium
Guidance
Use a performance monitoring service such Application Insights to monitor application performance and behavior under load. Performance monitoring gives you real-time insight into the application. It enables you to diagnose issues and perform root-cause analysis of failures.
Enable monitoring on your web applications based on ASP.NET, ASP.NET Core, Java, and Node.js running on Azure App Service. Previously, you needed to manually instrument your app, but the latest extension/agent is now built into the App Service image by default.
Resources
Resource Graph Query
// under-development
App-3 - Separate web apps from web APIs
Category: System Efficiency
Impact: Low
Guidance
If your solution has both a web front end and a web API, consider decomposing them into separate App Service apps. This design makes it easier to decompose the solution by workload. You can run the web app and the API in separate App Service plans, so they can be scaled independently. If you don’t need that level of scalability at first, you can deploy the apps into the same plan, and move them into separate plans later, if needed.
Resources
// cannot-be-validated-with-arg
App-4 - Create a separate storage account for logs
Category: System Efficiency
Impact: Medium
Guidance
Create a separate storage account for logs. Don’t use the same storage account for logs and application data. This helps to prevent logging from reducing application performance.
Resources
// cannot-be-validated-with-arg
App-5 - Deploy to a staging slot
Category: Governance
Impact: Medium
Guidance
Create a deployment slot for staging. Deploy application updates to the staging slot, and verify the deployment before swapping it into production. This reduces the chance of a bad update in production. It also ensures that all instances are warmed up before being swapped into production. Many applications have a significant warmup and cold-start time. For more information
Consider creating a deployment slot to hold the last-known-good (LKG) deployment. When you deploy an update to production, move the previous production deployment into the LKG slot. This makes it easier to roll back a bad deployment. If you discover a problem later, you can quickly revert to the LKG version. Resources
Resource Graph Query
// Azure Resource Graph Query
// Display App Service with the count of deployment slots for Apps under eligible App service plans and it shows if deployment slot is enabled or not
resources
| where type =~ 'microsoft.web/sites' or type =~ 'microsoft.web/sites/slots'
| extend isSlot = iff(type =~ 'microsoft.web/sites/slots', 1, 0)
| extend AspName = iff(isSlot == 1, split(name, '/')[0], name)
| extend Sku = tostring(properties.sku)
| where tolower(Sku) contains "standard" or tolower(Sku) contains "premium" or tolower(Sku) contains "isolatedv2"
| project id, name, AspName, isSlot, Sku
| summarize Slots = countif(isSlot == 1) by id, name, AspName, Sku
| extend DeploymentSlotEnabled = iff(Slots > 1, true, false)
| where DeploymentSlotEnabled = false
| project recommendationId="app-5", name, id, tags="", param1=Sku, param2=Slots, param3="DeploymentSlotEnabled=false"
App-6 - Store configuration as app settings
Category: Application Resilience
Impact: Medium
Guidance
Use app settings to hold configuration settings as app settings. Define the settings in your Resource Manager templates, or using PowerShell, so that you can apply them as part of an automated deployment / update process, which is more reliable.
Resources
// Azure Resource Graph Query
//Provides a list of Azure App Service resources that don't have App Settings configured
appserviceresources
| where type == "microsoft.web/sites/config"
| extend AppSettings = iif(isempty(properties.AppSettings), true, false)
| where AppSettings == false
| project recommendationId="app-6", id, name, tags="", param1="AppSettings is not configured"