twixx - Fotolia


Azure App Service Isolated boosts security and PaaS performance

Aimed at organizations with unique security needs, Azure App Service Environment v2 lets applications run in a dedicated network without sacrificing scale or performance.

Azure App Service Isolated represents a different approach to platform services in the cloud, and according to those who are familiar with the service, it marks a significant step from earlier Microsoft offerings.

For years, Azure App Service has been Microsoft's leading platform as a service (PaaS) offering. It hosts over 1 million external apps and sites, according to the company, and supports integration with SaaS apps, such as Office 365 and Dynamics CRM, as well as on-premises applications, like SAP and Oracle. But for performance and security reasons, some organizations wanted something different. In 2015, Microsoft unveiled App Service Environment, a new tier of PaaS that supported operation within a customer's dedicated virtual network to boost Azure App Service security.

This year, the company took that approach one step further and rolled out App Service Environment v2 (ASE v2). The service is available as a new option and pricing tier in App Service, called App Service Isolated, that's intended to combine the ease of use and performance of Azure's multi-tenant App Service with the security of App Service Environment.

What's the meaning behind this evolution? Microsoft did not respond to a request for comment, but according to Muhammad Nabeel, principal Azure architect at Hewlett Packard Enterprise, App Service has established itself as a beneficial tool for many businesses because it isolates the hosting and management of any application from its working components. This enables users to take just about any app and deploy it to Azure without knowledge of the underlying environment and without having to be concerned about things like patches.

"It represents the real power of the cloud," he said.

Although it wasn't the first or only PaaS provider to enter the market, Microsoft's initial foray into the field was a success, but it did leave some organizations looking for a more robust offering, Nabeel said, which led to the creation of App Service Environment. However, that service was relatively costly, which hurt its popularity. That, he believes, is what led to App Service Environment v2 and the new Isolated option. To deliver better price per performance, Microsoft bases the technology on a more robust set of hardware, Nabeel said.

Microsoft noted earlier this year that the improved performance of the service comes from its dedicated Dv2-based machines that have faster chipsets, solid-state drive (SSD) storage and twice the memory per core compared to the prior generation. The Dv2 has 20 CPU cores, 140 GB of memory, 1,000 GB of temporary SSD, up to eight virtual network interface cards, up to 40 data disks and high network bandwidth, according to Microsoft. The company also said the dedicated worker sizes -- or groups of compute resources -- for the new App Service Environment are one core with 3.5 GB RAM, two cores with 7 GB RAM and four cores with 14 GB RAM.

Azure App Service Isolated and ASE v2, like the prior-generation service, enable the creation of a private network, a feature that especially appeals to industries such as banking, which have stricter security and Payment Card Industry compliance requirements.

Gordon McKenna, CEO at U.K.-based Inframon, a cloud managed service provider that is also a Microsoft partner, said many of his customers have used App Service Environment, particularly larger enterprises.

"It is what we recommend for people doing monolithic development in PaaS with a need for features, such as greater security," he said.

Users have already expressed an interest in ASE v2, McKenna continued. "ASE v2 is extremely popular with customers; everybody kind of want[s] to get to PaaS ... and being able to do it in a secure fashion is very appealing," he said.

Room for growth

While ASE v2 offers several improvements over its predecessor, the market will likely demand further enhancements, according to Nabeel.

For example, because the service makes it possible to have hundreds of applications that run in a single environment, developers will likely crave more unique tools to manage those applications. Currently, according to Nabeel, the tooling that is available through the Azure portal is largely the same for Azure App Service and App Service Isolated. Additionally, Microsoft could offer more guidance in terms of best practices and case studies related to the service, he said.

Finally, costs for Azure App Service Isolated, which are based on a per-second billing model, are likely to come down even further, especially as pricing among the major cloud providers remains so competitive. Based on comparisons with Google App Engine offerings, for example, Microsoft will likely have to scale back the costs of App Service Isolated to remain competitive in the future.

Dig Deeper on Cloud app development and management

Data Center