As we see the upswing in customers moving their application to Microsoft Azure Platform as a Service (PaaS) there is often questions around public IP addresses. It’s true that App Service Plans have a public IP. But most have never heard of the Azure App Service Environment (ASE). The ASE is way to deploy your PaaS services in a locked down manner. The ASE sits on a subnet in your Azure VNET and you can control who has access to the App Services (via Network Security Groups) deployed to the ASE. The ASE is fully isolated and allows you to run your App Services (Web apps, API Apps, Mobile apps and WebJobs) with the full elastic scale available in Azure.
Think of an ASE as your own co-lo inside Azure. The App Services deployed into an ASE are not multitenant, all your compute resources are dedicated to your subscription. Of course this feature is reflected in a higher cost. All App Service plans deployed to an ASE are required to be premium instances. An ASE can be configured with up to 50 compute resources. This allows any size enterprise access to needed scale. With this you can have your Azure App Services available through VPN/Express Route to your corporate network. This means that your services running in the ASE can safely and securely reach back to your corporate resources on premises.
Currently, Hanu is engaged with a large Healthcare enterprise to move a group of web applications to Azure. These applications are ASP.NET MVC apps, but only one of the apps requires a public facing IP address, the rest are required to be locked down so they are accessible only from their corporate network. ASE is the key technology that allows this project to be migrated to Azure PaaS. Without ASE the locked down applications would need to be deployed with an IaaS solution. The customer wants Azure PaaS be used as much as possible in their cloud solutions.
Hanu can help you architect a solution and deploy your apps securely in an Azure App Service Environment. Please contact us if you are interested in making the move to Azure PaaS.