可調整規模的 Web 應用程式

內容傳遞網路
認知搜尋
Cosmos DB
DNS
Front Door
函式
搜尋
儲存體
SQL Database

此參考架構顯示經過證實的改善 Azure App Service Web 應用程式延展性和效能的作法。This reference architecture shows proven practices for improving scalability and performance in an Azure App Service web application.

GitHub 標誌您 可在 github上取得此架構的參考實行。GitHub logo A reference implementation for this architecture is available on GitHub.

Azure 中 Web 應用程式的延展性改善

下載這個架構的 Visio 檔案Download a Visio file of this architecture.

架構Architecture

此架構是根據基本 Web 應用程式中的架構建置的。This architecture builds on the one shown in Basic web application. 包括下列元件:It includes the following components:

  • Web 應用程式Web app. 典型的現代應用程式可能包含一個網站以及一個或多個符合 REST 的 Web API。A typical modern application might include both a website and one or more RESTful web APIs. 瀏覽器用戶端透過 AJAX、原生用戶端應用程式或伺服器端應用程式耗用 Web API。A web API might be consumed by browser clients through AJAX, by native client applications, or by server-side applications. 如需 Web API 的設計考量,請參閱 API 指導方針For considerations on designing web APIs, see API design guidance.
  • Front DoorFront Door. Front Door 是第7層負載平衡器。Front Door is a layer 7 load balancer. 在此架構中,它會將 HTTP 要求路由傳送至 Web 前端。In this architecture, it routes HTTP requests to the web front end. Front Door 也提供 web 應用程式防火牆 (WAF) ,可保護應用程式免于遭受常見的惡意探索和弱點攻擊。Front Door also provides a web application firewall (WAF) that protects the application from common exploits and vulnerabilities.
  • 函數應用程式Function App. 使用函式應用程式執行背景工作。Use Function Apps to run background tasks. 函式由觸發程序叫用,例如計時器事件或位於佇列上的訊息。Functions are invoked by a trigger, such as a timer event or a message being placed on queue. 對於長時間執行具狀態的工作,使用 Durable FunctionsFor long-running stateful tasks, use Durable Functions.
  • 佇列Queue. 在此處的架構中,應用程式將訊息放到 Azure 佇列儲存體佇列上,藉此將背景工作排入佇列。In the architecture shown here, the application queues background tasks by putting a message onto an Azure Queue storage queue. 訊息會觸發函式應用程式。The message triggers a function app. 或者,也可以使用服務匯流排佇列。Alternatively, you can use Service Bus queues. 如需兩者的比較,請參閱 Azure 佇列和服務匯流排佇列 - 異同比較For a comparison, see Azure Queues and Service Bus queues - compared and contrasted.
  • 取。Cache. 將半靜態資料儲存在 Azure Cache for Redis中。Store semi-static data in Azure Cache for Redis.
  • CDNCDN. 使用 Azure 內容傳遞網路 (CDN) 快取公開可用的內容,以降低延遲而且更快速傳遞內容。Use Azure Content Delivery Network (CDN) to cache publicly available content for lower latency and faster delivery of content.
  • 資料儲存體Data storage. 使用 SQL Database 儲存關聯式資料。Use Azure SQL Database for relational data. 針對非關聯式資料,請考慮 Cosmos DBFor non-relational data, consider Cosmos DB.
  • Azure 認知搜尋Azure Cognitive Search. 使用 Azure 認知搜尋 來新增搜尋功能,例如搜尋建議、模糊搜尋和特定語言的搜尋。Use Azure Cognitive Search to add search functionality such as search suggestions, fuzzy search, and language-specific search. Azure 搜尋服務通會搭配其他資料存放區,特別是當主要資料存放區需要嚴格的一致性。Azure Search is typically used in conjunction with another data store, especially if the primary data store requires strict consistency. 這種方式會將授權的資料儲存在 Azure 搜尋服務中的另一個資料存放區和搜尋索引。In this approach, store authoritative data in the other data store and the search index in Azure Search. Azure 搜尋服務也可用於合併多個資料存放區中的單一搜尋索引。Azure Search can also be used to consolidate a single search index from multiple data stores.
  • Azure DNSAzure DNS. Azure DNS 是 DNS 網域的主機服務,採用 Microsoft Azure 基礎結構提供名稱解析。Azure DNS is a hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure. 只要將您的網域裝載於 Azure,就可以像管理其他 Azure 服務一樣,使用相同的認證、API、工具和計費方式來管理 DNS 記錄。By hosting your domains in Azure, you can manage your DNS records using the same credentials, APIs, tools, and billing as your other Azure services.

建議Recommendations

您的需求可能和此處所述的架構不同。Your requirements might differ from the architecture described here. 以本節的建議作為起點。Use the recommendations in this section as a starting point.

App Service 應用程式App Service apps

建議您將 Web 應用程式和 Web API 建立為不同的 App Service 應用程式。We recommend creating the web application and the web API as separate App Service apps. 此設計可讓您在個別的 App Service 方案中執行它們,使它們可以獨立調整規模。This design lets you run them in separate App Service plans so they can be scaled independently. 如果您一開始不需要這種程度的延展性,可以將應用程式部署到相同的方案中,之後有需要時再將它們移到別的方案。If you don't need that level of scalability initially, you can deploy the apps into the same plan and move them into separate plans later if necessary.

注意

在基本、標準和進階方案中,是依照方案中的 VM 執行個體計費,而不是依照應用程式。For the Basic, Standard, and Premium plans, you are billed for the VM instances in the plan, not per app. 查看 App Service 定價See App Service Pricing

快取Cache

您可以使用 Azure Cache for Redis 快取某些資料,以改善效能和擴充性。You can improve performance and scalability by using Azure Cache for Redis to cache some data. 請考慮使用 Azure Cache for Redis:Consider using Azure Cache for Redis for:

  • 半靜態交易資料。Semi-static transaction data.
  • 工作階段狀態。Session state.
  • HTML 輸出。HTML output. 這對於要呈現複雜 HTML 輸出的應用程式很實用。This can be useful in applications that render complex HTML output.

如需設計快取策略的詳細指引,請參閱快取指引For more detailed guidance on designing a caching strategy, see Caching guidance.

CDNCDN

使用 Azure CDN 快取靜態內容。Use Azure CDN to cache static content. CDN 的主要優點是可以為使用者降低延遲,因為是在地理位置接近使用者的邊緣伺服器快取內容。The main benefit of a CDN is to reduce latency for users, because content is cached at an edge server that is geographically close to the user. CDN 也可以減少應用程式的負載,因為流量不是由應用程式處理。CDN can also reduce load on the application, because that traffic is not being handled by the application.

如果您的應用程式大部分是靜態網頁,請考慮使用 CDN 快取整個應用程式If your app consists mostly of static pages, consider using CDN to cache the entire app. 否則,將靜態內容 (例如影像、CSS、HTML 檔案) 放在 Azure 儲存體,並使用 CDN 快取這些檔案Otherwise, put static content such as images, CSS, and HTML files, into Azure Storage and use CDN to cache those files.

注意

Azure CDN 無法服務需要驗證的內容。Azure CDN cannot serve content that requires authentication.

如需詳細指引,請參閱內容傳遞網路 (CDN) 指引For more detailed guidance, see Content Delivery Network (CDN) guidance.

儲存體Storage

現代應用程式通常要處理大量的資料。Modern applications often process large amounts of data. 為了能針對雲端調整規模,請務必選擇正確的儲存體類型。In order to scale for the cloud, it's important to choose the right storage type. 以下是一些基準建議。Here are some baseline recommendations.

您想要儲存的內容What you want to store 範例Example 建議的儲存體Recommended storage
檔案Files 影像、文件、PDFImages, documents, PDFs Azure Blob 儲存體Azure Blob Storage
索引鍵/值組Key/Value pairs 依使用者識別碼查閱的使用者設定檔資料User profile data looked up by user ID Azure 資料表儲存體Azure Table storage
用來觸發進一步處理的簡訊Short messages intended to trigger further processing 訂單要求Order requests Azure 佇列儲存體、服務匯流排佇列或服務匯流排主題Azure Queue storage, Service Bus queue, or Service Bus topic
具有彈性結構描述且需要基本查詢的非關聯式資料Non-relational data with a flexible schema requiring basic querying 產品目錄Product catalog 文件資料庫,例如 Azure Cosmos DB、MongoDB 或 Apache CouchDBDocument database, such as Azure Cosmos DB, MongoDB, or Apache CouchDB
需要更豐富查詢支援、嚴格結構描述,及/或強式一致性的關聯式資料Relational data requiring richer query support, strict schema, and/or strong consistency 產品庫存Product inventory Azure SQL DatabaseAzure SQL Database

請參閱選擇正確的資料存放區See Choose the right data store.

成本考量Cost considerations

您可以使用快取來減少伺服器的負載,以提供不常變更的內容。Use caching to reduce the load on servers that serve content that doesn't change frequently. 頁面的每個轉譯週期都會影響成本,因為它會耗用計算、記憶體和頻寬。Every render cycle of a page can impact cost because it consumes compute, memory, and bandwidth. 使用快取可大幅降低這些成本,特別是針對靜態內容服務,例如 JavaScript 單頁應用程式和媒體串流內容。Those costs can be reduced significantly by using caching, especially for static content services, such as JavaScript single-page apps and media streaming content.

如果您的應用程式有靜態內容,請使用 CDN 減少前端伺服器的負載。If your app has static content, use CDN to decrease the load on the front end servers. 對於不常變更的資料,請使用 Azure Cache for Redis。For data that doesn't change frequently, use Azure Cache for Redis.

設定自動調整的無狀態應用程式比具狀態應用程式更符合成本效益。Stateless apps that are configured for autoscaling are more cost effective than stateful apps. 針對 ASP.NET 應用程式,請使用 Azure Cache for Redis 將會話狀態儲存在記憶體中。For an ASP.NET application, store your session state in-memory with Azure Cache for Redis. 如需詳細資訊,請參閱 Azure Cache for Redis 的 ASP.NET 會話狀態提供者For more information, see ASP.NET Session State Provider for Azure Cache for Redis. 另一個選項是透過會話狀態提供者,使用 Cosmos DB 作為後端狀態存放區。Another option is to use Cosmos DB as a backend state store through a session state provider. 請參閱 支援 Azure Cosmos DB 和 Azure RedisSee Support Azure Cosmos DB and Azure Redis.

如需詳細資訊,請參閱 Microsoft Azure Well-Architected 架構中的「成本」一節。For more information, see the cost section in the Microsoft Azure Well-Architected Framework.

請考慮將函式應用程式放入專用的 App Service 方案中,讓背景工作不會在處理 HTTP 要求的相同實例上執行。Consider placing a function app into a dedicated App Service plan so that background tasks don't run on the same instances that handle HTTP requests. 如果背景工作會間歇性地執行,請考慮使用使用情況方案,該方案是依據執行次數來計費,而不是每小時計費。If background tasks run intermittently, consider using a consumption plan, which is billed based on the number of executions, rather than hourly.

使用 定價計算機 來預估成本。Use the pricing calculator to estimate costs.

延展性考量Scalability considerations

Azure App Service 的主要優點是能夠根據負載調整應用程式規模。A major benefit of Azure App Service is the ability to scale your application based on load. 以下是規劃調整應用程式時,應記住的一些考量。Here are some considerations to keep in mind when planning to scale your application.

App Service 應用程式App Service app

如果您的解決方案包含數個 App Service 應用程式,考慮將它們部署在不同的 App Service 方案中。If your solution includes several App Service apps, consider deploying them to separate App Service plans. 這種做法可讓您分別調整它們,因為它們在不同的執行個體上執行。This approach enables you to scale them independently because they run on separate instances.

SQL DatabaseSQL Database

藉由將資料庫「分區」,提高 SQL 資料庫的延展性。Increase scalability of a SQL database by sharding the database. 分區是指以水平方式分割資料庫。Sharding refers to partitioning the database horizontally. 分區可讓您使用彈性資料庫工具以水平方式相應放大資料庫。Sharding allows you to scale out the database horizontally using Elastic Database tools. 分區的潛在優點包括:Potential benefits of sharding include:

  • 較佳的交易輸送量。Better transaction throughput.
  • 對資料子集合執行的查詢可以更快速。Queries can run faster over a subset of the data.

Azure Front DoorAzure Front Door

Front Door 可以執行 SSL 卸載,也可減少與後端 web 應用程式的 TCP 連線總數。Front Door can perform SSL offload and also reduces the total number of TCP connections with the backend web app. 這可改善擴充性,因為 web 應用程式會管理較少量的 SSL 交握和 TCP 連接。This improves scalability because the web app manages a smaller volume of SSL handshakes and TCP connections. 即使您將要求以 HTTPS 形式轉送至 web 應用程式,也會產生這些效能提升,因為這是最高層級的連接重複使用。These performance gains apply even if you forward the requests to the web app as HTTPS, due to the high level of connection reuse.

Azure 搜尋服務替主要資料存放區省去了執行複雜資料搜尋的額外負荷,而且可加以調整以處理負載。Azure Search removes the overhead of performing complex data searches from the primary data store, and it can scale to handle load. 請參閱在 Azure 搜尋服務中調整適用於查詢和編製索引工作負載的資源等級See Scale resource levels for query and indexing workloads in Azure Search.

安全性考量Security considerations

本節列出 Azure 服務專屬的安全性考量,This section lists security considerations that are specific to the Azure services described in this article. 這並不是 web 應用程式的安全性最佳作法的完整清單。It's not a complete list of security best practices for web applications. 如需其他安全性考慮,請參閱 Azure App Service 中的保護應用程式For additional security considerations, see Secure an app in Azure App Service.

限制連入流量Restrict incoming traffic

將應用程式設定為只接受來自 Front Door 的流量。Configure the application to accept traffic only from Front Door. 這可確保所有流量都會經過 WAF,然後才會到達應用程式。This ensures that all traffic goes through the WAF before reaching the app. 如需詳細資訊,請參閱 如何? 將我的後端存取權鎖定為僅 Azure Front Door?For more information, see How do I lock down the access to my backend to only Azure Front Door?

跨原始來源資源分享 (CORS)Cross-Origin Resource Sharing (CORS)

如果您將網站和 Web API 建立為不同的應用程式,則網站無法對 API 進行用戶端 AJAX 呼叫,除非您啟用 CORS。If you create a website and web API as separate apps, the website cannot make client-side AJAX calls to the API unless you enable CORS.

注意

瀏覽器安全性可防止網頁對另一個網域提出 AJAX 要求。Browser security prevents a web page from making AJAX requests to another domain. 這項限制也稱為同源原則,可防止惡意網站從另一個網站讀取敏感性資料。This restriction is called the same-origin policy, and prevents a malicious site from reading sensitive data from another site. 跨原始來源資源共用 (CORS) 是 W3C 標準,可讓伺服器放寬同源原則,允許一些跨來源要求,並拒絕其他要求。CORS is a W3C standard that allows a server to relax the same-origin policy and allow some cross-origin requests while rejecting others.

App Service 已內建 CORS 支援,不需要再撰寫任何應用程式程式碼。App Services has built-in support for CORS, without needing to write any application code. 請參閱使用 CORS 從 JavaScript 取用 API 應用程式See Consume an API app from JavaScript using CORS. 將網站新增至 API 允許的來源清單。Add the website to the list of allowed origins for the API.

SQL Database 加密SQL Database encryption

如果您要加密資料庫中的靜止資料,使用透明資料加密Use Transparent Data Encryption if you need to encrypt data at rest in the database. 這個功能可執行整個資料庫 (包括備份和交易記錄) 的即時加密和解密,不需變更應用程式。This feature performs real-time encryption and decryption of an entire database (including backups and transaction log files) and requires no changes to the application. 加密會增加一些延遲,所以最好的作法是將必須保護的資料另外放在它自己的資料庫中,只啟用該資料庫的加密。Encryption does add some latency, so it's a good practice to separate the data that must be secure into its own database and enable encryption only for that database.

DevOps 考量DevOps considerations

前端部署Front-end deployment

此架構是以 基本 web 應用程式中顯示的架構為基礎,請參閱 DevOps 考慮一節This architecture builds on the one shown in Basic web application, see the DevOps considerations section.

後續步驟Next steps