App Service 環境簡介Introduction to the App Service Environments

概觀Overview

Azure App Service Environment 是 Azure App Service 的功能,可提供完全隔離和專用的環境,以便安全地大規模執行 App Service 應用程式。The Azure App Service Environment is an Azure App Service feature that provides a fully isolated and dedicated environment for securely running App Service apps at high scale. 此功能可以裝載您的:This capability can host your:

  • Windows Web 應用程式Windows web apps
  • Linux Web 應用程式Linux web apps
  • Docker 容器Docker containers
  • 行動應用程式Mobile apps
  • 函式Functions

App Service Environment (ASE) 適合需要下列項目的應用程式工作負載:App Service environments (ASEs) are appropriate for application workloads that require:

  • 非常高的延展性。Very high scale.
  • 隔離和安全的網路存取。Isolation and secure network access.
  • 高記憶體使用率。High memory utilization.

客戶可以在單一 Azure 區域中或跨多個 Azure 區域建立多個 ASE。Customers can create multiple ASEs within a single Azure region or across multiple Azure regions. 這種彈性讓 ASE 很適合用於水平調整無狀態應用程式層的規模,以支援高每秒要求數 (RPS) 的工作負載。This flexibility makes ASEs ideal for horizontally scaling stateless application tiers in support of high requests per second (RPS) workloads.

ASE 只能裝載一個客戶的應用程式,並且會在其中一個 VNet 中執行此動作。ASEs host applications from only one customer and do so in one of their VNets. 客戶可以精確控制輸入和輸出的應用程式網路流量。Customers have fine-grained control over inbound and outbound application network traffic. 應用程式可以透過 VPN 建立內部部署公司資源的高速安全連線。Applications can establish high-speed secure connections over VPNs to on-premises corporate resources.

專用的環境Dedicated environment

ASE 以獨佔方式專屬於單一訂用帳戶,並可以裝載 100 個 App Service 方案執行個體。An ASE is dedicated exclusively to a single subscription and can host 100 App Service Plan instances. 不管是單一 App Service 方案中的 100 個執行個體或 100 個單一執行個體的 App Service 方案,只要加總之執行個體數在 100 以下皆可。The range can span 100 instances in a single App Service plan to 100 single-instance App Service plans, and everything in between.

ASE 是由前端和背景工作角色所組成。An ASE is composed of front ends and workers. 前端負責處理 HTTP/HTTPS 終止和 ASE 中應用程式要求的自動負載平衡。Front ends are responsible for HTTP/HTTPS termination and automatic load balancing of app requests within an ASE. 前端會隨 ASE 中的 App Service 方案相應放大而自動新增。Front ends are automatically added as the App Service plans in the ASE are scaled out.

背景工作角色是裝載客戶應用程式的角色。Workers are roles that host customer apps. 背景工作角色可以三個固定的大小提供:Workers are available in three fixed sizes:

  • 一個 vCPU/3.5 GB RAMOne vCPU/3.5 GB RAM
  • 兩個 vCPU/7 GB RAMTwo vCPU/7 GB RAM
  • 四個 vCPU/14 GB RAMFour vCPU/14 GB RAM

客戶不需要管理前端和背景工作角色。Customers do not need to manage front ends and workers. 所有的基礎結構會隨客戶的 App Service 方案擴增而自動新增。All infrastructure is automatically added as customers scale out their App Service plans. 隨著 App Service 方案建立或相應縮小 ASE,會視需要將基礎結構新增或移除。As App Service plans are created or scaled in an ASE, the required infrastructure is added or removed as appropriate.

ASE 會有一般每月費率來支付基礎結構,且不會依 ASE 的大小而變更。There is a flat monthly rate for an ASE that pays for the infrastructure and doesn't change with the size of the ASE. 此外,每個 App Service 方案 vCPU 核心都會有其成本。In addition, there is a cost per App Service plan vCPU. ASE 中裝載的所有應用程式都會位於隔離價格 SKU 中。All apps hosted in an ASE are in the Isolated pricing SKU. 如需 ASE 價格的相關資訊,請參閱 App Service 價格頁面,並檢閱 ASE 的可用選項。For information on pricing for an ASE, see the App Service pricing page and review the available options for ASEs.

虛擬網路支援Virtual network support

ASE 功能是將 Azure App Service 直接部署到客戶 Azure Resource Manager 虛擬網路的部署。The ASE feature is a deployment of the Azure App Service directly into a customer's Azure Resource Manager virtual network. 若要深入了解 Azure 虛擬網路,請參閱 Azure 虛擬網路常見問題集To learn more about Azure virtual networks, see the Azure virtual networks FAQ. ASE 一律存在於虛擬網路;更精確地說,是虛擬網路的子網路內。An ASE always exists in a virtual network, and more precisely, within a subnet of a virtual network. 您可以使用虛擬網路的安全性功能控制應用程式的輸入和輸出網路通訊。You can use the security features of virtual networks to control inbound and outbound network communications for your apps.

ASE 可以是具有公用 IP 位址的網際網路對應,或只具有 Azure 內部負載平衡器 (ILB) 位址的內部對應。An ASE can be either internet-facing with a public IP address or internal-facing with only an Azure internal load balancer (ILB) address.

網路安全性群組會將輸入網路通訊限定於 ASE 所在的子網路。Network Security Groups restrict inbound network communications to the subnet where an ASE resides. 您可以使用 NSG 在上游裝置和服務 (例如 WAF 和網路 SaaS 提供者) 背後執行應用程式。You can use NSGs to run apps behind upstream devices and services such as WAFs and network SaaS providers.

應用程式也經常需要存取公司資源,例如內部資料庫和 Web 服務。Apps also frequently need to access corporate resources such as internal databases and web services. 如果您在具有內部部署網路 VPN 連線的虛擬網路中部署 ASE,ASE 中的應用程式便可以存取內部部署資源。If you deploy the ASE in a virtual network that has a VPN connection to the on-premises network, the apps in the ASE can access the on-premises resources. 無論 VPN 是站對站Azure ExpressRoute VPN,此功能都可適用。This capability is true regardless of whether the VPN is a site-to-site or Azure ExpressRoute VPN.

如需有關 ASE 與虛擬網路和內部部署網路搭配運作方式的詳細資訊,請參閱 App Service Environment 的網路考量For more information on how ASEs work with virtual networks and on-premises networks, see App Service Environment network considerations.

App Service 環境 v1App Service Environment v1

App Service 環境有兩個版本:ASEv1 和 ASEv2。App Service Environment has two versions: ASEv1 and ASEv2. 前述資訊架構在 ASEv2 上。The preceding information was based on ASEv2. 本節說明 ASEv1 與 ASEv2 之間的差異。This section shows you the differences between ASEv1 and ASEv2.

在 ASEv1 中,您必須手動管理所有資源。In ASEv1, you need to manage all of the resources manually. 其中包括前端、背景工作角色和用於 IP 型 SSL 的 IP 位址。That includes the front ends, workers, and IP addresses used for IP-based SSL. 首先,您必須將想要在其中裝載的背景工作角色集區擴增,才能擴增 App Service 方案。Before you can scale out your App Service plan, you need to first scale out the worker pool where you want to host it.

ASEv1 使用與 ASEv2 不同的定價模式。ASEv1 uses a different pricing model from ASEv2. 在 ASEv1 中,您需要支付每個配置的 vCPU。In ASEv1, you pay for each vCPU allocated. 其中包括用於前端或未裝載任何工作負載之背景工作角色的 vCPU。That includes vCPUs used for front ends or workers that aren't hosting any workloads. 在 ASEv1 中,ASE 的預設最大調整大小總計是 55 個主機,In ASEv1, the default maximum-scale size of an ASE is 55 total hosts. 包括背景工作角色與前端。That includes workers and front ends. ASEv1 的其中一個優點,是可以部署在傳統虛擬網路和 Resource Manager虛擬網路中。One advantage to ASEv1 is that it can be deployed in a classic virtual network and a Resource Manager virtual network. 若要深入了解 ASEv1,請參閱 App Service 環境 v1 簡介To learn more about ASEv1, see App Service Environment v1 introduction.