ASEv3 VS ASEv2 - Difference Overview

Published Apr 07 2022 02:21 AM 2,133 Views
Microsoft

The App Service Environment v3 (ASEv3) has become GA since 2021/07. Both ASEv1 and ASEv2 will be retired on 2024/08/31.

App Service Environment v3 provides advantages and feature differences over earlier versions. We suggest to review the supported features of App Service Environment v3 before migrating to reduce the risk of an unexpected application issue.

 

We've received several customers feedback and questions regarding ASEv3's changes. This blog will focus on the difference between ASE different versions.

 

Migration:

ASEv2 -> ASEv3 automate migration(certain regions support): https://docs.microsoft.com/en-us/azure/app-service/environment/migrate

ASEv1 -> ASEv3 manual migration: manual migration options documentation

 

Public documentation:

ASEv1: https://docs.microsoft.com/en-us/azure/app-service/environment/app-service-app-service-environment-i...

ASEv2: https://docs.microsoft.com/en-us/azure/app-service/environment/intro

ASEv3(latest): https://docs.microsoft.com/en-us/azure/app-service/environment/overview

 

Difference Overview:

Features

 

ASEv1                                        

ASEv2

(If needed, search ASEv2 to create)

ASEv3

(Default ASE creation )

Mange resources manually

(Frontend,workers, IP addresses for IP-based TLS/SSL bindings)

YES

NO

NO

Worker pool concept

(Scale worker pool before scale ASP)

YES

NO

NO

NSG should allow network dependencies/management traffic

YES

YES

NO need

Manual Front-end scaling

YES

YES

NO need

Scaling blocks other scale operations

YES

YES

NO

Allow private endpoint for app services

NO

NO

YES

Availability Zone redundancy

NO

Zone pinning to one zone

Zone redundancy

Spread instances to all three zones in that region

(Set only during  ASE creation, not for all the regions)

Deploy ASE on dedicated host group

NO

NO

YES

(Not compatible with zone redundancy)

Reach apps in an ILB ASE v3 across global peering

NO

NO

YES

Faster scaling

Low

Medium

High

 

Limitations

(Under developing)

     

ASEv1                                        

 

ASEv2

(If needed, search ASEv2 to create)

ASEv3

(Default ASE creation )

FTP(S)

(Need to enable)

YES

YES

YES

(since April)

Remote debug

(Need to enable)

YES

YES

YES

 (since April)

SMTP traffic

YES

YES

IN PROGRESS

Network watcher or NSG flow logs to monitor traffic

YES

YES

IN PROGRESS

 

IP-based Transport Layer Security (TLS) or Secure Sockets Layer (SSL) binding with your apps

YES

YES

NO

Configure a custom domain suffix

YES

NO

NO

 

Perform a backup and restore operation on a storage account behind a firewall

YES

YES

Not yet

 

Pricing changes

(Under developing)

ASEv1

 

ASEv2

(If needed, search ASEv2 to create)

ASEv3

(Default ASE creation )

MAX ASE instance count

55 hosts

(default front-ends+workers)

ASP: 100

Total(ASPs):200

ASP: 100

Total(ASPs):200

Pricing

Pay for each vCPU

(including workers which that aren't hosting workloads)

Stamp fee + ASP fee

ASP fee

(If empty ASE without ASP, pay for one instance)

Plan type

Pay for each vCPU

(including workers which that aren't hosting workloads)

Isolated

Isolated v2

Stamp fee

YES

YES

NO

1-year/3-year reserved instance pricing

NA

NA

YES

 

What didn't get changed:

  1. You'll have fine-grained control over inbound and outbound application network traffic as always.
  2. High scale/Isolation and secure network access/High memory utilization/High requests per second (RPS)
  3. We recommend to create ASE in /24 subnet with 256 address to ensure enough addresses to support production scale. /27 (32 addresses) is the minimal size.
  4. App Service managed certificates aren't supported on apps that are hosted in an App Service Environment.
  5. External VIP ASE's DNS will be automatically put into public DNS. Internal VIP ASE's DNS needs your manual configuration.
  6. ……

 

QnA:

1. What does it mean "no networking dependencies on customer's VNET"?

In ASEv3, you don't need to set inbound/outbound rules explicitly for management/dependency traffic. Profiting from the underlying infrastructure change, those traffic will go from Azure backbone network rather than your own VNET.

 

The minimum required rule you need to set will be for your application traffic.

  • Inbound
    • Allow /80,443 from VNET to ASE's subnet -> allow app traffic
    • Allow /80 from Azure Load balancer to ASE's subnet -> allow Internal health check ping
  • Outbound
    • Depending on which external resources your application will call

XinyuShan_0-1649147379514.png

 

XinyuShan_1-1649147379518.png

 

 

2. Why we could not perform a backup and restore operation on a storage account behind a firewall?

This is a result of the underlying infrastructure change. As we've isolated all the management traffic out of customer's VNET, they will go through Azure backbone network.

Backup is a management operation which will be performed by a internal controller role, which will use an IP of Azure infrastructure VNET to access your storage account, and whitelist the ASE subnet IP range will not help in this case.

 

3. Not supported to configure an IP-based Transport Layer Security (TLS) or Secure Sockets Layer (SSL) binding with your apps.
What does it mean ? I see that
certificates are still supported. Does not being able to use IP-based binding prevent some common scenario?

SNI based binding is always supported. IP-based SSL binding is supported in ASEv1 ASEv2, not yet supported in ASEv3.

In multi-tenant env, we purchase IP-based SSL binding in order to have a dedicated inbound IP for app service which is not shared with other customers. But in ASE, it’s already a single tenant env with an unshared inbound IP.

In ASEv1, you need to manage all of the resources manually, and you could obtain several IP SSL address for apps in ASE. Changing the number of IP addresses in the ASE that are available for IP SSL usage is one of the scale operation.

 

XinyuShan_0-1649149510892.png

In ASEv2, it's also supported but has some requirements to pay attention.

But in ASEv3, all the app’s inbound IP will be the same, one and only. So far we didn't have an ETA to get it supported in ASEv3.

 

 

4. Configure a custom domain suffix. We can configure custom domains for app service. What is the "custom domain suffix" feature referring to?

The custom domain suffix is for ASE, different from custom domain binding on app service.

Custom domain suffix is only supported in ASEv1, got removed in ASEv2 and ASEv3.

 

For example, in ASEv1 you could configure the ASE’s root domain to internal-contoso.com, SCM site could be <app>.scm.internal-contoso.com.

But in ASEv2 and v3, all ASE’s default root domain will be <XXX>.appserviceenvironment.net. The SCM site is only available at <APPNAME>.scm.<ASENAME>.appserviceenvironment.net.

 

But this is not a regression in ASEv2/v3:

 “The DNS settings for the default domain suffix of your App Service Environment don't restrict your apps to only being accessible by those names. You can set a custom domain name without any validation on your apps in an App Service Environment. If you then want to create a zone named contoso.net, you can do so and point it to the inbound IP address. The custom domain name works for app requests, but doesn't work for the SCM site. The SCM site is only available at <APPNAME>.scm.<ASENAME>.appserviceenvironment.net.”

 

 

If you have any other questions, feel free to comment below!

%3CLINGO-SUB%20id%3D%22lingo-sub-3276225%22%20slang%3D%22en-US%22%3EASEv3%20VS%20ASEv2%20-%20Difference%20Overview%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3276225%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20App%20Service%20Environment%20v3%20(ASEv3)%20has%20become%20GA%20since%202021%2F07.%20Both%20ASEv1%20and%20ASEv2%20will%20%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fzh-cn%2Fupdates%2Fapp-service-environment-v1-and-v2-retirement-announcement%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ebe%20retired%20on%202024%2F08%2F31.%20%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EApp%20Service%20Environment%20v3%20provides%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Foverview%23feature-differences%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eadvantages%20and%20feature%20differences%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Eover%20earlier%20versions.%20We%20suggest%20to%20review%20the%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Foverview%23feature-differences%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Esupported%20features%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Eof%20App%20Service%20Environment%20v3%20before%20migrating%20to%20reduce%20the%20risk%20of%20an%20unexpected%20application%20issue.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe've%20received%20several%20customers%20feedback%20and%20questions%20regarding%20ASEv3's%20changes.%20This%20blog%20will%20focus%20on%20the%20difference%20between%20ASE%20different%20versions.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1403135848%22%20id%3D%22toc-hId--1381059727%22%3E%3CSTRONG%3EMigration%3A%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CP%3EASEv2%20-%26gt%3B%20ASEv3%20automate%20migration(certain%20regions%20support)%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fmigrate%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fmigrate%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EASEv1%20-%26gt%3B%20ASEv3%20manual%20migration%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fmigration-alternatives%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Emanual%20migration%20options%20documentation%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1084376985%22%20id%3D%22toc-hId-1106453106%22%3E%3CSTRONG%3EPublic%20documentation%3A%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CP%3EASEv1%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fapp-service-app-service-environment-intro%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fapp-service-app-service-environment-intro%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EASEv2%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fintro%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fintro%3C%2FA%3E%3C%2FP%3E%0A%3CP%3EASEv3(latest)%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Foverview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Foverview%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--723077478%22%20id%3D%22toc-hId--701001357%22%3E%3CSTRONG%3EDifference%20Overview%3A%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22365px%22%3E%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3EFeatures%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22160px%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3EASEv1%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22185px%22%3E%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3EASEv2%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3E(If%20needed%2C%20search%20ASEv2%20to%20create)%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22262px%22%3E%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3EASEv3%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3E(Default%20ASE%20creation%20)%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22365px%22%3E%3CP%3EMange%20resources%20manually%3C%2FP%3E%0A%3CP%3E(Frontend%2Cworkers%2C%20IP%20addresses%20for%20IP-based%20TLS%2FSSL%20bindings)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22160px%22%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22185px%22%3E%3CP%3ENO%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22262px%22%3E%3CP%3ENO%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22365px%22%3E%3CP%3EWorker%20pool%20concept%3C%2FP%3E%0A%3CP%3E(Scale%20worker%20pool%20before%20scale%20ASP)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22160px%22%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22185px%22%3E%3CP%3ENO%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22262px%22%3E%3CP%3ENO%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22365px%22%3E%3CP%3E%3CSTRONG%3ENSG%20should%20allow%20network%20dependencies%2Fmanagement%20traffic%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22160px%22%3E%3CP%3E%3CSTRONG%3EYES%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22185px%22%3E%3CP%3E%3CSTRONG%3EYES%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22262px%22%3E%3CP%3E%3CSTRONG%3ENO%20need%3C%2FSTRONG%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22365px%22%3E%3CP%3EManual%20Front-end%20scaling%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22160px%22%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22185px%22%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22262px%22%3E%3CP%3ENO%20need%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22365px%22%3E%3CP%3EScaling%20blocks%20other%20scale%20operations%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22160px%22%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22185px%22%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22262px%22%3E%3CP%3ENO%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22365px%22%3E%3CP%3EAllow%20private%20endpoint%20for%20app%20services%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22160px%22%3E%3CP%3ENO%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22185px%22%3E%3CP%3ENO%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22262px%22%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22365px%22%3E%3CP%3EAvailability%20Zone%20redundancy%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22160px%22%3E%3CP%3ENO%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22185px%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fzone-redundancy%23%3A~%3Atext%3DApp%2520Service%2520Environment%2520v2%2520%2528ASE%2529%2520can%2520be%2520deployed%2CAZ%252C%2520or%2520deployed%2520in%2520a%2520zone%2520redundant%2520manner%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EZone%20pinning%3C%2FA%3E%20to%20one%20zone%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22262px%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Foverview-zone-redundancy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EZone%20redundancy%3C%2FA%3E%3C%2FP%3E%0A%3CP%3ESpread%20instances%20to%20all%20three%20zones%20in%20that%20region%3C%2FP%3E%0A%3CP%3E(Set%20only%20during%26nbsp%3B%20ASE%20creation%2C%20not%20for%20all%20the%20regions)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22365px%22%3E%3CP%3EDeploy%20ASE%20on%20dedicated%20host%20group%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22160px%22%3E%3CP%3ENO%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22185px%22%3E%3CP%3ENO%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22262px%22%3E%3CP%3EYES%3C%2FP%3E%0A%3CP%3E(Not%20compatible%20with%20zone%20redundancy)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22365px%22%3E%3CP%3EReach%20apps%20in%20an%20ILB%20ASE%20v3%20across%20global%20peering%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22160px%22%3E%3CP%3ENO%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22185px%22%3E%3CP%3ENO%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22262px%22%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%22365px%22%3E%3CP%3EFaster%20scaling%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22160px%22%3E%3CP%3ELow%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22185px%22%3E%3CP%3EMedium%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%22262px%22%3E%3CP%3EHigh%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3ELimitations%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3E(Under%20developing)%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3EASEv1%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%26nbsp%3B%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3EASEv2%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3E(If%20needed%2C%20search%20ASEv2%20to%20create)%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3EASEv3%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3E(Default%20ASE%20creation%20)%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EFTP(S)%3C%2FP%3E%0A%3CP%3E(Need%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fconfigure-network-settings%23ftp-access%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eenable%3C%2FA%3E)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EYES%3C%2FP%3E%0A%3CP%3E(since%20April)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3ERemote%20debug%3C%2FP%3E%0A%3CP%3E(Need%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fconfigure-network-settings%23remote-debugging-access%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eenable%3C%2FA%3E)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EYES%3C%2FP%3E%0A%3CP%3E%26nbsp%3B(since%20April)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3ESMTP%20traffic%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EIN%20PROGRESS%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3ENetwork%20watcher%20or%20NSG%20flow%20logs%20to%20monitor%20traffic%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EIN%20PROGRESS%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EIP-based%20Transport%20Layer%20Security%20(TLS)%20or%20Secure%20Sockets%20Layer%20(SSL)%20binding%20with%20your%20apps%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3ENO%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EConfigure%20a%20custom%20domain%20suffix%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3ENO%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3ENO%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EPerform%20a%20backup%20and%20restore%20operation%20on%20a%20storage%20account%20behind%20a%20firewall%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3ENot%20yet%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3EPricing%20changes%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3E(Under%20developing)%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3EASEv1%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3EASEv2%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3E(If%20needed%2C%20search%20ASEv2%20to%20create)%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3EASEv3%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3E(Default%20ASE%20creation%20)%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EMAX%20ASE%20instance%20count%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E55%20hosts%3C%2FP%3E%0A%3CP%3E(default%20front-ends%2Bworkers)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EASP%3A%20100%3C%2FP%3E%0A%3CP%3ETotal(ASPs)%3A200%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EASP%3A%20100%3C%2FP%3E%0A%3CP%3ETotal(ASPs)%3A200%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EPricing%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EPay%20for%20each%20vCPU%3C%2FP%3E%0A%3CP%3E(including%20workers%20which%20that%20aren't%20hosting%20workloads)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EStamp%20fee%20%2B%20ASP%20fee%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EASP%20fee%3C%2FP%3E%0A%3CP%3E(If%20empty%20ASE%20without%20ASP%2C%20pay%20for%20one%20instance)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EPlan%20type%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EPay%20for%20each%20vCPU%3C%2FP%3E%0A%3CP%3E(including%20workers%20which%20that%20aren't%20hosting%20workloads)%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EIsolated%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EIsolated%20v2%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EStamp%20fee%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3ENO%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3E1-year%2F3-year%20reserved%20instance%20pricing%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3ENA%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3ENA%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EYES%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CH3%20id%3D%22toc-hId-1764435355%22%20id%3D%22toc-hId-1786511476%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId--43019108%22%20id%3D%22toc-hId--20942987%22%3E%3CSTRONG%3EWhat%20didn't%20get%20changed%3A%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3COL%3E%0A%3CLI%3EYou'll%20have%20fine-grained%20control%20over%20inbound%20and%20outbound%20application%20network%20traffic%20as%20always.%3C%2FLI%3E%0A%3CLI%3EHigh%20scale%2FIsolation%20and%20secure%20network%20access%2FHigh%20memory%20utilization%2FHigh%20requests%20per%20second%20(RPS)%3C%2FLI%3E%0A%3CLI%3EWe%20recommend%20to%20create%20ASE%20in%20%3CSTRONG%3E%2F24%3C%2FSTRONG%3E%20subnet%20with%20256%20address%20to%20ensure%20enough%20addresses%20to%20support%20production%20scale.%20%2F27%20(32%20addresses)%20is%20the%20minimal%20size.%3C%2FLI%3E%0A%3CLI%3EApp%20Service%20managed%20certificates%20aren't%20supported%20on%20apps%20that%20are%20hosted%20in%20an%20App%20Service%20Environment.%3C%2FLI%3E%0A%3CLI%3EExternal%20VIP%20ASE's%20DNS%20will%20be%20automatically%20put%20into%20public%20DNS.%20Internal%20VIP%20ASE's%20DNS%20needs%20your%20manual%20configuration.%3C%2FLI%3E%0A%3CLI%3E%E2%80%A6%E2%80%A6%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--1850473571%22%20id%3D%22toc-hId--1828397450%22%3E%3CSTRONG%3EQnA%3A%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3E1.%20What%20does%20it%20mean%20%22no%20networking%20dependencies%20on%20customer's%20VNET%22%3F%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CLI-WRAPPER%3E%3C%2FLI-WRAPPER%3E%3C%2FP%3E%0A%3CP%3EIn%20ASEv3%2C%20you%20don't%20need%20to%20set%20inbound%2Foutbound%20rules%20explicitly%20for%20management%2Fdependency%20traffic.%20Profiting%20from%20the%20underlying%20infrastructure%20change%2C%20those%20traffic%20will%20go%20from%20Azure%20backbone%20network%20rather%20than%20your%20own%20VNET.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20minimum%20required%20rule%20you%20need%20to%20set%20will%20be%20for%20your%20%3CSTRONG%3Eapplication%20traffic%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EInbound%3C%2FLI%3E%0A%3CUL%3E%0A%3CLI%3EAllow%20%2F80%2C443%20from%20VNET%20to%20ASE's%20subnet%20-%26gt%3B%20allow%20app%20traffic%3C%2FLI%3E%0A%3CLI%3EAllow%20%2F80%20from%20Azure%20Load%20balancer%20to%20ASE's%20subnet%20-%26gt%3B%20allow%20Internal%20health%20check%20ping%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CLI%3EOutbound%3C%2FLI%3E%0A%3CUL%3E%0A%3CLI%3EDepending%20on%20which%20external%20resources%20your%20application%20will%20call%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22XinyuShan_0-1649147379514.png%22%20style%3D%22width%3A%20806px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F361358i477CFB7F0D8ACF1C%2Fimage-dimensions%2F806x385%3Fv%3Dv2%22%20width%3D%22806%22%20height%3D%22385%22%20role%3D%22button%22%20title%3D%22XinyuShan_0-1649147379514.png%22%20alt%3D%22XinyuShan_0-1649147379514.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22XinyuShan_1-1649147379518.png%22%20style%3D%22width%3A%20812px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F361359i3DA3582302E9F951%2Fimage-dimensions%2F812x442%3Fv%3Dv2%22%20width%3D%22812%22%20height%3D%22442%22%20role%3D%22button%22%20title%3D%22XinyuShan_1-1649147379518.png%22%20alt%3D%22XinyuShan_1-1649147379518.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EASEv2%20NSG%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fnetwork-info%23inbound-and-outbound-dependencies%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fnetwork-info%23inbound-and-outbound-dependencies%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EASEv3%20NSG%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fnetworking%23ports-and-network-restrictions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fnetworking%23ports-and-network-restrictions%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3E2.%20Why%20we%20could%20not%20perform%20a%20backup%20and%20restore%20operation%20on%20a%20storage%20account%20behind%20a%20firewall%3F%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3EThis%20is%20a%20result%20of%20the%20underlying%20infrastructure%20change.%20As%20we've%20isolated%20all%20the%20management%20traffic%20out%20of%20customer's%20VNET%2C%20they%20will%20go%20through%20Azure%20backbone%20network.%3C%2FP%3E%0A%3CP%3EBackup%20is%20a%20management%20operation%20which%20will%20be%20performed%20by%20a%20internal%20controller%20role%2C%20which%20will%20use%20an%20%3CSTRONG%3EIP%20of%20Azure%20infrastructure%20VNET%20to%20access%20your%20storage%20account%3C%2FSTRONG%3E%2C%20and%20whitelist%20the%20ASE%20subnet%20IP%20range%20will%20not%20help%20in%20this%20case.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3E3.%20Not%20supported%20to%20configure%20an%20IP-based%20Transport%20Layer%20Security%20(TLS)%20or%20Secure%20Sockets%20Layer%20(SSL)%20binding%20with%20your%20apps.%3CBR%20%2F%3EWhat%20does%20it%20mean%20%3F%20I%20see%20that%20%3C%2FSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Foverview-certificates%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSTRONG%3Ecertificates%3C%2FSTRONG%3E%3C%2FA%3E%3CSTRONG%3E%20are%20still%20supported.%20Does%20not%20being%20able%20to%20use%20IP-based%20binding%20prevent%20some%20common%20scenario%3F%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3ESNI%20based%20binding%20is%20always%20supported.%20IP-based%20SSL%20binding%20is%20supported%20in%20ASEv1%20ASEv2%2C%20not%20yet%20supported%20in%20ASEv3.%3C%2FP%3E%0A%3CP%3EIn%20multi-tenant%20env%2C%20we%20purchase%20%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fdetails%2Fapp-service%2Fwindows%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EIP-based%20SSL%20binding%3C%2FA%3E%20in%20order%20to%20have%20a%20%3CSTRONG%3Ededicated%20inbound%20IP%3C%2FSTRONG%3E%20for%20app%20service%20which%20is%20%3CSTRONG%3Enot%20shared%3C%2FSTRONG%3E%20with%20other%20customers.%20But%20in%20ASE%2C%20it%E2%80%99s%20already%20a%20single%20tenant%20env%20with%20an%20unshared%20inbound%20IP.%3C%2FP%3E%0A%3CP%3EIn%20ASEv1%2C%20you%20need%20to%20manage%20all%20of%20the%20resources%20manually%2C%20and%20you%20could%20obtain%20several%20IP%20SSL%20address%20for%20apps%20in%20ASE.%20Changing%20the%20number%20of%20IP%20addresses%20in%20the%20ASE%20that%20are%20available%20for%20IP%20SSL%20usage%20is%20one%20of%20the%20%3CSTRONG%3Escale%20operation%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22XinyuShan_0-1649149510892.png%22%20style%3D%22width%3A%20737px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F361366i2B7542B06E82A5D6%2Fimage-dimensions%2F737x100%3Fv%3Dv2%22%20width%3D%22737%22%20height%3D%22100%22%20role%3D%22button%22%20title%3D%22XinyuShan_0-1649149510892.png%22%20alt%3D%22XinyuShan_0-1649149510892.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EIn%20ASEv2%2C%20it's%20also%20supported%20but%20has%20some%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fnetwork-info%23app-assigned-ip-addresses%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Erequirements%3C%2FA%3E%20to%20pay%20attention.%3C%2FP%3E%0A%3CP%3EBut%20in%20ASEv3%2C%20all%20the%20app%E2%80%99s%20inbound%20IP%20will%20be%20the%20same%2C%20one%20and%20only.%20So%20far%20we%20didn't%20have%20an%20ETA%20to%20get%20it%20supported%20in%20ASEv3.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EASEv1%20multiple%20IP%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fapp-service-web-configure-an-app-service-environment%23settings%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fapp-service-web-configure-an-app-service-environment%23settings%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EASEv2%20Assign%20IP%20to%20app%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fnetwork-info%23app-assigned-ip-addresses%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fnetwork-info%23app-assigned-ip-addresses%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%232574A9%22%3E%3CSTRONG%3E4.%20Configure%20a%20custom%20domain%20suffix.%20We%20can%20configure%20custom%20domains%20for%20app%20service.%20What%20is%20the%20%3C%2FSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2F%2522custom%2520domain%2520suffix%2522%22%20target%3D%22_blank%22%3E%3CSTRONG%3E%22custom%20domain%20suffix%22%3C%2FSTRONG%3E%3C%2FA%3E%3CSTRONG%3E%20feature%20referring%20to%3F%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3EThe%20custom%20domain%20suffix%20is%20for%20ASE%2C%20different%20from%20custom%20domain%20binding%20on%20app%20service.%3C%2FP%3E%0A%3CP%3ECustom%20domain%20suffix%20is%20only%20supported%20in%20ASEv1%2C%20got%20removed%20in%20ASEv2%20and%20ASEv3.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20example%2C%20in%20ASEv1%20you%20could%20configure%20the%20%3CSTRONG%3EASE%E2%80%99s%20root%20domain%3C%2FSTRONG%3E%20to%20%3CSTRONG%3Einternal-contoso.com%3C%2FSTRONG%3E%2C%20SCM%20site%20could%20be%20%3CSTRONG%3E%3CAPP%3E.scm.internal-contoso.com%3C%2FAPP%3E%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3EBut%20in%20ASEv2%20and%20v3%2C%20all%20%3CSTRONG%3EASE%E2%80%99s%20default%20root%20domain%3C%2FSTRONG%3E%20will%20be%20%3CXXX%3E%3CSTRONG%3E.appserviceenvironment.net%3C%2FSTRONG%3E%3CSTRONG%3E.%20%3C%2FSTRONG%3EThe%20SCM%20site%20is%20only%20available%20at%20%3CSTRONG%3E%3CAPPNAME%3E.scm.%3CASENAME%3E.appserviceenvironment.net%3C%2FASENAME%3E%3C%2FAPPNAME%3E%3C%2FSTRONG%3E.%3C%2FXXX%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBut%20this%20is%20not%20a%20regression%20in%20ASEv2%2Fv3%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3CI%3E%E2%80%9CThe%20DNS%20settings%20for%20the%20default%20domain%20suffix%20of%20your%20App%20Service%20Environment%20don't%20restrict%20your%20apps%20to%20only%20being%20accessible%20by%20those%20names.%20You%20can%20set%20a%20custom%20domain%20name%20without%20any%20validation%20on%20your%20apps%20in%20an%20App%20Service%20Environment.%20%3C%2FI%3E%3CSTRONG%3E%3CI%3EIf%20you%20then%20want%20to%20create%20a%20zone%20named%20contoso.net%2C%20you%20can%20do%20so%20and%20point%20it%20to%20the%20inbound%20IP%20address%3C%2FI%3E%3C%2FSTRONG%3E%3CI%3E.%20The%20custom%20domain%20name%20works%20for%20app%20requests%2C%20but%20doesn't%20work%20for%20the%20SCM%20site.%20The%20SCM%20site%20is%20only%20available%20at%20%3CAPPNAME%3E.scm.%3CASENAME%3E.appserviceenvironment.net.%E2%80%9D%3C%2FASENAME%3E%3C%2FAPPNAME%3E%3C%2FI%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EASEv1%20custom%20DNS%20Suffix%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fapp-service-app-service-environment-create-ilb-ase-resourcemanager%23creating-the-base-ilb-ase%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fapp-service-app-service-environment-create-ilb-ase-resourcemanager%23creating-the-base-ilb-ase%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3EASEv2%2Fv3%20default%20domain%20suffix%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fusing%23app-access%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fapp-service%2Fenvironment%2Fusing%23app-access%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20have%20any%20other%20questions%2C%20feel%20free%20to%20comment%20below!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3276225%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20App%20Service%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWeb%20Apps%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Co-Authors
Version history
Last update:
‎Apr 21 2022 08:58 PM
Updated by: