App Service 環境 v1 簡介Introduction to App Service Environment v1

注意

這篇文章是關於 App Service 環境 v1。This article is about the App Service Environment v1. 有較新版本的 App Service 環境,更易於使用,並且可以在功能更強大的基礎結構上執行。There is a newer version of the App Service Environment that is easier to use and runs on more powerful infrastructure. 若要深入瞭解新版本,請從 App Service 環境簡介開始著手。To learn more about the new version start with the Introduction to the App Service Environment.

概觀Overview

App Service 環境是Azure App Service高階服務方案選項,可提供完全隔離和專用的環境,以便安全地大規模執行 Azure App Service 應用程式,包括 Web Apps、Mobile Apps 和 API Apps。An App Service Environment is a Premium service plan option of Azure App Service that provides a fully isolated and dedicated environment for securely running Azure App Service apps at high scale, including Web Apps, Mobile Apps, and API Apps.

適合應用程式工作負載的 App Service 環境需要:App Service Environments are ideal for application workloads requiring:

  • 非常高的延展性Very high scale
  • 隔離和安全的網路存取Isolation and secure network access

客戶可以在單一 Azure 區域,以及跨多個 Azure 區域中建立多個 App Service 環境。Customers can create multiple App Service Environments within a single Azure region, as well as across multiple Azure regions. 這使得 App Service 環境很適合用來水平調整無狀態應用程式層的規模,以支援高 RPS 工作負載。This makes App Service Environments ideal for horizontally scaling state-less application tiers in support of high RPS workloads.

App Service 環境已經過隔離,可執行只有單一客戶的應用程式,且一律會部署到虛擬網路。App Service Environments are isolated to running only a single customer's applications, and are always deployed into a virtual network. 客戶對於輸入和輸出的應用程式網路流量都有更細微的控制,且應用程式可以透過虛擬網路建立與內部部署公司資源的高速安全連線。Customers have fine-grained control over both inbound and outbound application network traffic, and applications can establish high-speed secure connections over virtual networks to on-premises corporate resources.

如需 App Service 環境如何啟用高擴充和安全網路存取的總覽,請參閱 App Service 環境的 AzureCon 深入探討For an overview of how App Service Environments enable high scale and secure network access, see the AzureCon Deep Dive on App Service Environments!

如需使用多個 App Service Environment 水平延展的深入探討,請參閱關於如何設定地理位置發佈的應用程式使用量一文。For a deep-dive on horizontally scaling using multiple App Service Environments see the article on how to setup a geo-distributed app footprint.

若要查看 AzureCon Deep Dive 中顯示之安全性架構的設定方式,請參閱有關使用 App Service Environment 實作 分層安全性架構 的文章。To see how the security architecture shown in the AzureCon Deep Dive was configured, see the article on implementing a layered security architecture with App Service Environments.

在 App Service 環境中執行之應用程式的存取權可能會受到 Web 應用程式防火牆 (WAF) 等上游裝置的管制。Apps running on App Service Environments can have their access gated by upstream devices such as web application firewalls (WAF). 設定 App Service Environment 的 WAF 上的文章將說明這種情況。The article on configuring a WAF for App Service Environments covers this scenario.

注意

雖然這篇文章主要針對 Web Apps,但也適用於 API Apps 和 Mobile Apps。Although this article refers to web apps, it also applies to API apps and mobile apps.

專用計算資源Dedicated Compute Resources

App Service Environment 中的所有計算資源皆專屬於單一訂用帳戶,且 App Service Environment可以設定最多五十 (50) 個計算資源,讓單一應用程式獨佔使用。All of the compute resources in an App Service Environment are dedicated exclusively to a single subscription, and an App Service Environment can be configured with up to fifty (50) compute resources for exclusive use by a single application.

App Service Environment 是由前端計算資源集區,以及一到三個背景工作計算資源集區所組成。An App Service Environment is composed of a front-end compute resource pool, as well as one to three worker compute resource pools.

前端集區包含負責 TLS 終止的計算資源,以及 App Service 環境內應用程式要求的自動負載平衡。The front-end pool contains compute resources responsible for TLS termination as well automatic load balancing of app requests within an App Service Environment.

每個背景工作集區都含有配置給 App Service 方案的計算資源,其中又包含一或多個 Azure App Service 應用程式。Each worker pool contains compute resources allocated to App Service Plans, which in turn contain one or more Azure App Service apps. 因為 App Service Environment 中可有多達三個不同的背景工作集區,所以您有彈性可為每個背景工作集區選擇不同的計算資源。Since there can be up to three different worker pools in an App Service Environment, you have the flexibility to choose different compute resources for each worker pool.

比方說,您可以針對主要用於開發或測試應用程式的 App Service 方案,建立一個計算資源較不強大的背景工作集區。For example, this allows you to create one worker pool with less powerful compute resources for App Service Plans intended for development or test apps. 第二個 (或甚至第三個) 背景工作集區可以使用比較強大的運算資源,以供 App Service 方案執行生產應用程式。A second (or even third) worker pool could use more powerful compute resources intended for App Service Plans running production apps.

如需前端和背景工作集區可用計算資源數量的詳細資訊,請參閱如何設定 App Service EnvironmentFor more details on the quantity of compute resources available to the front-end and worker pools, see How To Configure an App Service Environment.

如需 App Service Environment 中支援的可用計算資源大小的詳細資訊,請參閱 App Service 定價頁面,並檢閱 Premium 定價層中 App Service Environment可用的選項。For details on the available compute resource sizes supported in an App Service Environment, consult the App Service Pricing page and review the available options for App Service Environments in the Premium pricing tier.

虛擬網路支援Virtual Network Support

App Service Environment 可以在 Azure Resource Manager 虛擬網路或者傳統式部署模型虛擬網路其中之一中建立 (更多有關虛擬網路的資訊)。An App Service Environment can be created in either an Azure Resource Manager virtual network, or a classic deployment model virtual network (more info on virtual networks). 因為 App Service Environment 一律存在於虛擬網路中,而且更精確來說是在虛擬網路的子網路內,所以您可以運用虛擬網路的安全性功能來控制傳入和傳出網路通訊。Since an App Service Environment always exists in a virtual network, and more precisely within a subnet of a virtual network, you can leverage the security features of virtual networks to control both inbound and outbound network communications.

App Service Environment 可以是具有公用 IP 位址的網際網路對向,或只具有 Azure 內部負載平衡器 (ILB) 位址的內部對向。An App Service Environment can be either Internet facing with a public IP address, or internal facing with only an Azure Internal Load Balancer (ILB) address.

您可以使用網路安全性群組將傳入網路通訊限制為 App Service Environment 所在的子網路。You can use network security groups to restrict inbound network communications to the subnet where an App Service Environment resides. 這可讓您在上游裝置和服務 (例如 Web 應用程式防火牆和網路 SaaS 提供者) 背後執行應用程式。This allows you to run apps behind upstream devices and services such as web application firewalls, and network SaaS providers.

應用程式也經常需要存取公司資源,例如內部資料庫和 Web 服務。Apps also frequently need to access corporate resources such as internal databases and web services. 常見的方法是讓這些端點僅可用於在 Azure 虛擬網路中傳送的內部網路流量。A common approach is to make these endpoints available only to internal network traffic flowing within an Azure virtual network. 一旦 App Service Environment 加入與內部服務相同的虛擬網路,在此環境中執行的應用程式即可存取這些內部服務,包括可透過站台對站台Azure ExpressRoute 連線聯繫的端點。Once an App Service Environment is joined to the same virtual network as the internal services, apps running in the environment can access them, including endpoints reachable via Site-to-Site and Azure ExpressRoute connections.

如需 App Service Environment 如何搭配虛擬網路和內部部署網路使用的詳細資訊,請參閱下列文章:網路架構控制輸入流量安全地連接到後端For more details on how App Service Environments work with virtual networks and on-premises networks consult the following articles on Network Architecture, Controlling Inbound Traffic, and Securely Connecting to Backends.

開始使用Getting started

若要開始使用 App Service 環境,請參閱 如何建立 App Service 環境To get started with App Service Environments, see How To Create An App Service Environment

如需 App Service Environment 網路架構的概觀,請參閱網路架構概觀一文。For an overview of the App Service Environment network architecture, see the Network Architecture Overview article.

如需搭配 ExpressRoute 使用 App Service Environment 的詳細資訊,請參閱 Express Route 與 App Service Environment一文。For details on using an App Service Environment with ExpressRoute, see the following article on Express Route and App Service Environments.

注意

如果您想在註冊 Azure 帳戶前開始使用 Azure App Service,請移至 試用 App Service,即可在 App Service 中立即建立短期入門 Web 應用程式。If you want to get started with Azure App Service before signing up for an Azure account, go to Try App Service, where you can immediately create a short-lived starter web app in App Service. 不需要信用卡;無需承諾。No credit cards required; no commitments.