kleines bad modern einrichten
[music] hey i'm scott andit's azure friday. we're here with stefan schackowtalking about app services. it's my favorite feature. >> [crosstalk]>> i got like 21 of them now. all kinds ofdifferent live sites, running up in azurein app services. what are we changing? >> so what are we changing?
we're introducing a new sku,a new option for running your appson app service. it's called the isolated sku and it is probably somewhat jokinglyone of the first sku names we have that actuallydescribes what it does. >> [laugh]>> so as you can sort of imagine,it says that it's isolated. it's all about creating an app,or multiple apps on our service and running them ina locked-down, isolated manner.
so that the outside world can'tsee them, know about them, they can't get to them, soit's completely isolated. but you get all the goodnessof azure app service. so like perfect example, right,you have maybe a workload today, it's an on-premisesline of business app, you've beenscratching your head. you're like how do i get thisstuff up into the cloud? so the whole point behindthe isolated sku is, guess what, that's a kind of workloadyou don't want the outside
world to ever see or know about. but you'd like to be able todo things like auto scale and slots and everything elsewe have on app service. what you do is, you go deployit using our isolated sku inside of a virtual network thatyou built out inside of azure. so now you got the bestof both worlds. it's completely internal,hidden from the world. you, only you and your company,can actually see it and use it. so the outside worldcan't get to it.
but everything thatyou're accustomed to using on app service is stillthere and available to you. >> so forgive my ignorance but was it not possible before tomake a virtual network and make it secret and make it soyou can vpn into it? >> so you've been able to,obviously for years in azure, you can set up a vnet, put infrastructure-as-a-servicein there. that absolutely all works,all there today.
and even us on the app service, we've had a precursor called appservice environments that gave you sort of the firstgeneration of that. >> but those were big, and theytook 20 minutes to fire up, and they cost a lot of money. >> yeah, so the isolated sku,think of it this way, it's taken all of therefinements, the feedback, and put it all into our product. made it better, made it easier,and more approachable.
and so now sort of the secondgeneration of it is now what's called the isolated sku. and you'll see herein a little bit, i think it flows a lotmore naturally and works the way you would sortof expect app service to work. >> would it be appropriate forsmaller businesses, like myself? like i've got a coupleof smalls, but in an app service environment,i'm not a big business. >> yeah, so->> not even a medium business.
>> correct, so it's likeadmittedly, isolated sku, it tends to be driven, again,as the name isolated implies. it's driven by the fact theyyour business, your company, you have an overriding reasonto run things maybe in a highly pci compliantenvironment. >> case in point,banking, financials, things like that where you justhave stricter requirements. and so you have to haveno proverbial error gaps, as it were, in terms ofnetwork access to your app.
>> wow. >> certainly small, mediumbusiness you can go run on it. there is andyou'll see it a little bit here. one thing you can do is we can give you muchhigher scaling limits. so that is an option,but let's face it. at the end of the day, if i'm running like a smallerstorefront blog marketing site, definitely public app service.
that's still whereyou want to be. >> that makes sense, okay. but if i am gonna be doingmy expense reporting system, my hr system, this is perfect. >> it's perfect, another perfectexample is, a lot of us, right, probably we've all got iras,401ks, you name it. the reason why i bring that upis those are all examples of sites that they havesensitive data, they need to be accessibleto the outside world, right?
because you and i, we need tofire it up on our mobile device. >> right.>> but at the same time, i don't want the apps that arerunning there to just be wide open to the internet. so another thing you can do for example with the isolated sku,is you can deploy an app service you app's hidden fromthe outside world. you can frontend it witha service or a firewall or web application firewalls,pick your device or service.
that's what the outside worldwill actually see and access, but your actual appis locked down and sort of hidden behind this load. >> that's really interesting, i've got my bloodsugar application, right now sitting alongsidebaby smash, my video game. they're all just kind of hangingout together on the same app service. i could make my blood sugar,
my personal health information,isolated. >> yes, absolutely. >> very cool, let's see a demo. okay, sowhat we've got showing here is, i'm already loggedinto the portal. i've got a resourcegroup with an app and app service environmentalready set up. so let's jump in here. this is the actual app itself.
a couple of things to note is,you can see, hey, it's running in an app serviceplan [crosstalk]- >> let me guess, that actually isa capital letter i, not obvious, [crosstalk]>> we'll take the feedback and change the font to plural. >> yeah, [laugh] make an i with a->> yes. >> i know s1 is standard andf1 is freeze, so
then i1 is isolated. >> i1 is isolated, yes, it is. another thing to note, right, the url, nice thing whenyou're running in isolated. you also are effectively runningin your own isolated dns zone. because it's yourvirtual network. we don't really care whatthe domain suffixes are, and so that's nice, because itmeans that you can, for example, the appitself can use names.
example, if youwere to go out and create an app today onapp service and call it example. good luck, it was probably takenabout five milliseconds after the service went live. >> so you're not thinkingabout azurewebsite.net? >> exactly, exactly, you're using the customdomain you care about. so let's take a closerlook at that, right, there's an app service plan.
if i jump in here,to the blade specifically for the app service plan,we'll see a couple of things. i'm running in west us 2. again, i'm running isolated. and if i jump in here tothe scale-up options, now you can see what'sactually available. and this is the crux of whatis the isolated offering. so, a couple of thingsto point out, right? it runs on a much more powerfultier of compute horsepower.
so again, folks in the is worldhave been able to enjoy the db2 series for a while. we've finally been able tobring it here to app service. >> wow.>> so you get a lot more memory per sku and then also, even though the coreslook sort of similar. it's like hey, 1, 2, 4 core. i got that today on standard but remember those cores, acu foracu, are more than twice as
powerful as what we've gotrunning in app service today. everything else herewe've been talking about, you run inside a virtualnetwork,1 tb of storage. so that's a pretty honking chunkof storage for app service. it's way higher than the normal, i think it's like 50 gigswhat you get in standard. but again, because you're sortof in your own little world, we can give you a lot more. and then last but not least,right, those hundred instances
that's part of thing aboutisolation is that literally this is a crunch-downedversion of app services. hey, this is yours,it goes in your virtual network. and that means we can do crazythings like scale that sucker out to a much broader degreethan sorta what's possible if you're running a basic or standard on the regularapp service. >> that gets me thinkingabout that gradient of all the different choicesfrom azure stack
to app service environments, butthis is i just clicked that. it's actually veryreasonably priced for a medium-sized business. i've got ssds and 100 instances. i could potentially, dependingon the size of my company, run all my internal stuff onthat and have room to spare. it's a pretty beefy machine. >> yeah and you bring upa very good point which is for isolated, definitely, we expectfor a lot of folks the model
isn't gonna be you run one appand isolate it and you're done. >> no.>> you figure, look, you've got a whole suite ofapps, you're gonna run 1,050, 100 apps in an isolated sku. you got enough horsepower andso between the horsepower and the number of instancesyou can run like, think of it like your ownminiature it department or your own miniature web postingservice inside your company. >> your own miniatureweb hosting service.
now does that mean becauseit is app service, which i am a huge fan of,i could still do my git pushes, they're just to internalize->> you know, funny that you should bringthat up, i'll tell you what. let's hop in here to a, this is a virtual machine that iam running inside of the small virtual network asmy isolated app. and first we'll pull up here, we'll just go to a examplehere azurefriday.net.
hello world, wow that's really exciting,there's that url again. so now what i did realquickly is i threw visual studio codeonto the machine here. >> mm-hm. >> so we'll say hello world,hello scott. we'll go out and save that. >> okay. >> and then i already set upgit local git here on my vm.
>> so we'll do a live. >> git commit with a t. >> push thank youthat's always good. and then we'll go getpush azure master and so literally i'm on this vm. i already set up this app aheadof time so that it's connected to the local get functionalityon my app, running in isolated so i made that change,we pop back here, i hit refresh. boom, there it is.
>> nice and i noticed when youdid that push it was subtle, but people who are watchingwould've seen that the scm url, that kudu, k-u-d-u, the kuduurl, also that same machine. because it is app service,it's just isolated. >> yes, exactly. and if we pop back over here,pop back into the main portal. take a look at deploymentoptions for the app and you'll actually see from when i wasplaying around with it earlier. and then also there it is.
there's, there'sthe push we did live. so again, it's a very quickexample but very powerful. which the whole point is peopleget familiar with app service. they're really happy with it. they're running itlive on the internet. but then invariably,like you said, there's sort of a tier of apps. i feel a little nervousabout just hanging out there live on the internet.
so that's the whole pointof the isolated sku. you get to use what'sin app service, but you get to put it in thatlockdown environment where you have the securityyou're looking for. so maybe i, at the verybeginning of this segment, i may have disparaged appservice environment a little bit because it seemedlike a big deal. it seemed like when i madean app service environment it was like, now i'vegraduated into more money.
i've graduated from a small company toa medium-sized company. help me understand better wheni would use regular vanilla app service where an appservice environment fits and we're isolating fits. >> well, so the first thing tomake that easier to understand is underneath the hoodthe implementation details are the isolated queue. it's basicallya second generation of
app service environmentsunderneath the hood. but what we've done iswe've stripped away all of the complexity. right so again, we heard thefeedback i feel it first hand because, again,i talk to customers, they know my email addressthey complain to me, that kind of feedback loop. so the whole point isjust to say, look, people know an app,they know an app service plan,
they know how to useit on app service. can we deliver an offering thatworks the same way so that you don't have to worry about grungyunderneath-the-hood details. so that's the thing. the isolated sku, if you wereto peel back the covers and look at the engineunderneath the hood, basically it's likethe app service environment v2, second generation. but you,like what i just showed you,
you don't have to deal withthat or worry about that. so, that's the firstthing right, the two thingsare collapsed together. now, the continuum, again,perfectly great question. let's say i'm a smallcompany and again, i have my marketing site right. there it's like i want thaton the regular app service. it makes sense, it's easilyaccessible, things like that. but maybe i'm doing business,say in the financial space.
again, pci's is the perfectexample where i know i'm gonna get those badorders coming in. there's gonna go throughthe 400 item checklist. and they're gonna be like,i don't care how good you are. your apps gotta be allsecured and locked down. >> you've done thatchecklist for me. >> exactly, you deploy andto isolate it. it's like there you go,checklist is done. >> very cool.is this available now?
>> by the time this airs, yes. it will be available now. and actually, again,you're seeing the portal live. so it's already there andup and running. >> very cool. all right, i'm learning allkinds of things about isolated app services,here on azure friday.