Creating An Azure App Service Environment (ASE) And Access Via An Application Gateway

Introduction

Most of us would be familiar with Azure App Services. We deploy web applications, API backends, mobile backends, etc., on the Microsoft cloud. However, today we will look into another service that can be said to be an enhanced version of the Azure App Service. This is the Azure App Service Environment, also known as ASE. 

What is ASE, and why use it?

Azure App Service environment is an App Service within a pre-defined or new virtual network instead of an Azure App service, which is simply a PAAS service open for public access. The definition must make it quite clear why this service is used. This is used when we want to protect our App services by keeping them within a specific VNet. In this way, we have more control over the inflow and outflow of traffic to our App service and can set up Network Security Groups on subnets. I would also like to mention that we can also integrate a simple Azure Service into a VNet using VNet integration without setting up an ASE. We will explore this option in a future article.

Setting up an architecture with an ASE and Application Gateway

The most common architecture I foresee when using an ASE is to have our app services located within it. Probably a web application app service for UI access and a supporting backend API service. A database like Azure SQL could also be included. All of these and any other PAAS services like Key Vaults, Storage Accounts, Azure Cache for Redis, etc., will be available to the VNet via private endpoints. The web application will be accessible via an Application Gateway. An Application Gateway is a type of reverse proxy that allows for access control to our services. We will set it up, enable WAF (Web Application Firewall) for additional security and only allow access to the web application App service from the Application Gateway.

Please see the below diagram for an example of the architecture,

Creating an Azure App Service Environment (ASE) and access via an Application Gateway

This diagram has been taken from this link which details the process step by step.

Summary

In today’s article, we looked at the architecture of setting up an Azure App Service Environment and accessing it through an Application Gateway. Within the Virtual Network, we can set up access rules as required for the various services. This gives us more control over the environment in which we deploy our App services.