Blog Post

Apps on Azure Blog
4 MIN READ

Announcing App Service Environment v3 GA

ChristinaCompy's avatar
Jul 07, 2021

We are happy to announce the GA of App Service Environment v3 (ASEv3) along with Isolated V2.  The ASEv3 was developed in response to customer feedback and has many improvements over the earlier versions while still providing an isolated single tenant web application hosting platform. As part of the Azure App Service, the ASEv3 provides a PaaS experience to host your Windows or Linux applications. You can deploy Windows or Linux applications as code and Microsoft will manage the OS your applications run in. If you want greater control over your app, you have the ability to host Linux containers as well.

 

Just like with earlier versions, the ASEv3 deploys into a subnet in one of your Azure Virtual Networks (VNets). You can choose to deploy the ASE with an internal VIP in your VNet or with an external VIP that faces the internet. Apps that are deployed into an ASEv3 can access resources within the same VNet without any additional configuration. The inbound and outbound traffic to your apps can be controlled completely with Network Security Groups (NSGs) or any supported type of routes.

 

Pricing

Applications are hosted in App Service plans which are created in an App Service Environment. The App Service plan is essentially a provisioning profile for an application host. As you scale your App Service plan out, you create more application hosts with all of the apps in that App Service plan on each host. Pricing for ASEv3 is centered on the App Service plan Isolated v2 pricing with some variation based on deployment type. This is an improvement over the App Service Environment v2, which carried a stamp fee in addition to the App Service plan rate. While there is no stamp fee, there is a minimum charge for your ASEv3 based on the deployment type. These are minimum charges though and are not additive. Beyond selecting if you want an internal or external VIP, an ASEv3 can be deployed in one of three ways:

  • Default ASEv3: If ASE is empty there is a charge as if you had one ASP with one instance of Windows I1v2. This is not an additive charge but only applies if the ASEv3 is totally empty. If the ASEv3 has one or more instances, you just pay for your Isolated v2 App Service plans.
  • Availability Zone ASEv3: An AZ ASEv3 requires a minimum 9 Windows I1v2 instance charge. This is not an added charge but only applies if you have fewer than 9 total App Service plan instances. All App Service plans in an AZ ASEv3 have a minimum instance count of three. This ensures that customer workloads are zone redundant and are spread across each availability zone.
  • Dedicated host ASEv3:  With the dedicated host option, you pay for two dedicated hosts with a small percentage of the Isolated V2 per core charge as you scale. The dedicated host deployment does not support availability zone based deployments.

The App Service plan size options in ASEv3 are: 2 core 8 GB RAM, 4 core 16 GB RAM, 8 core 32 GB RAM. The larger sizes handle larger applications but also allows for holding more apps within a single App Service plan. Availability zone support is only available in select regions where all of the App Service dependencies are deployed zone redundant. Reserved instance pricing is available for Isolated v2 App Service plans. With reserved instance pricing you have 1 year and 3 year options that substantially reduce costs. For more information on pricing, please read App Service Pricing 

 

Networking differences between multi-tenant and ASEv3

In the multi-tenant App Service, there are a number of networking features that enable apps to be exposed on a private address or access resources within a VNet. Those features need to be enabled on at an app by app basis. If you want to enforce network access control on your app, then you need to configure that on each app that this is desired upon. In ASEv3 you do not need to enable anything on your apps for them to be in your VNet. All apps that are in Isolated v2 plans are already in your VNet. 

 

With ASEv3 you can enforce your network access external to the application. Unlike the earlier versions of the App Service Environment (ASE), with ASEv3 there are no networking dependencies in your VNet. While it was possible to control application traffic with earlier versions of the ASE, you always needed to allow for the dependency traffic. With ASEv3 you can completely control your VNet making it far easier to manage.

 

If you have used earlier versions of the ASE, you will find that scaling is improved. While it isn't as fast as in the multi-tenant service, it is substantially faster than earlier versions. Scaling now will only block other scale operations of the same OS and App Service plan size combination. You can simultaneously scale a Windows small I1v2 and a Linux medium I1v2 for example. There is also no need to manage the front end scaling as with earlier ASE versions. In ASEv3, the front ends that handle inbound HTTP/HTTPS are automatically scaled without any customer adjustment required.

 

The ASEv3 is available in most commercial regions now and will soon be in all commercial regions. To learn more about the App Service Environment v3, read:

Updated Jul 07, 2021
Version 3.0
  • Brant_Boyd Migration tooling and guidance for ASEv1/v2 to ASEv3 will be available for public preview in mid January 2022. Updates and notifications will go out closer to that date.

  • softwarecraft's avatar
    softwarecraft
    Brass Contributor

    Awesome news, really looking forward to using ASE V3 full potential, flexibility and ease of use. Great work Microsoft! Thank you Marc-Andre Poitras for the link.

  • Brant_Boyd's avatar
    Brant_Boyd
    Copper Contributor

    It is my understanding that an upgrade path from ASEv2 to ASEv3 is still pending, is that correct? Do we yet have an ETA on when that guidance or any tools will be available to perform such upgrades?

  • Brant_Boyd - we are looking to enable the majority of those features for ASEv3. For custom domain suffix, there will be announcements in the coming weeks so be on the lookout for updates!

  • Brant_Boyd's avatar
    Brant_Boyd
    Copper Contributor

    New day, new question...the App Service Environment documentation located here https://docs.microsoft.com/en-us/azure/app-service/environment/overview states:

     

    A few features that were available in earlier versions of App Service Environment aren't available in App Service Environment v3. For example, you can no longer do the following:

    Send SMTP traffic. You can still have email triggered alerts but your app can't send outbound traffic on port 25.
    Monitor your traffic with Network Watcher or network security group (NSG) flow logs.
    Configure an IP-based Transport Layer Security (TLS) or Secure Sockets Layer (SSL) binding with your apps.
    Configure a custom domain suffix.
    Perform a backup and restore operation on a storage account behind a firewall.

    My question pertains to the "Configure a customer domain suffix" bullet...is that a current limitation or a feature that will NOT ever be supported in an ASEv3? And if not, why not?