category
应用服务环境是Azure应用服务功能,它为大规模安全运行应用服务应用提供了一个完全隔离和专用的环境。与与其他客户共享支持基础设施的公共多租户产品相比,App Service Environment提供了增强的安全性、隔离性和网络访问控制。本文对App Service Environment v3的差异化特性与App Service的公共多租户产品进行了比较。
Hosting(托管)
Feature | App Service Environment v3 | App Service public multitenant |
---|---|---|
Hosting environment | Fully isolated and dedicated compute | Shared environment. Workers running your apps are dedicated, but the supporting infrastructure is shared with other customers. |
Hardware | Virtual Machine Scale Sets | Virtual Machine Scale Sets |
Available SKUs | Isolated v2 | Free, Basic, Standard, Premium v2, Premium v3 |
Dedicated host group | Available | No |
Remote file storage | Fully dedicated to the App Service Environment | Remote file storage for the application is dedicated, but the storage is hosted on a shared file server |
Private inbound configuration | Yes, using ILB App Service Environment variation | Yes, via private endpoint |
Planned maintenance | Manual upgrade preference is available | The platform handles maintenance |
Aggregate remote file share storage limit | 1 TB for all apps in an App Service Environment v3 | 250 GB for all apps in a single App Service plan. 500 GB for all apps across all App Service plans in a single resource group. |
缩放比例
App Service Environment v3和公共多租户产品都在虚拟机规模集上运行,这意味着这两种产品都受益于规模集提供的功能。然而,App Service Environment v3是一个专用环境,这意味着即使它可以扩展到比公共多租户产品更多的实例,但扩展到多个实例的速度也可能比公共多订阅者产品慢。
Feature | App Service Environment v3 | App Service public multitenant |
---|---|---|
Maximum instance count | 100 instances per App Service plan. Maximum of 200 instances across all plans in a single App Service Environment v3. | 30 instances per App Service plan. This limit is a hard limit that can't be raised. |
Scaling speed | Slower scaling times due to the dedicated nature of the environment | Faster scaling times due to the shared nature of the environment |
证书和域
Feature | App Service Environment v3 | App Service public multitenant |
---|---|---|
Custom domains | A custom domain suffix can be added to the App Service Environment and all apps inherit the domain suffix. Custom domains can also be added directly to the apps. | Custom domains can be added directly to the apps. |
Custom domain on private DNS (no domain verification required) | Yes, on an Internal Load Balancer (ILB) App Service Environment | No, the custom domain needs to resolve via public DNS |
Inbound TLS | Yes, you can manage SSL certificates directly within the environment, including the ability to upload and bind custom SSL certificates | Yes, you can bring your own certificate or use a certificate provided by Azure |
Inbound TLS using certificates issues by private certificate authority (CA) | Supported | No |
Outbound calls using client certificates issues by private CA | Supported only from custom code in Windows code-based apps. You can load your own root CA certificate into the trusted root store. | Not supported for source-code based deployments. Supported if deploying using either Windows containers or Linux containers (you can install arbitrary dependencies including private CA issued client certificates inside of a custom container for both platform variants). |
App Service Managed Certificates | No | Supported |
Certificates shared across apps | Yes | No, you must upload the certificate to every app |
Public certificate limit | 1,000 public certificates per App Service Plan | 1,000 public certificates per App Service Plan |
End to end TLS encryption for inbound calls | Supported | Supported in preview for Linux, not supported on Windows |
Change TLS cipher suite order | Supported | Supported with min TLS cipher suite feature |
Networking
Feature | App Service Environment v3 | App Service public multitenant |
---|---|---|
Virtual network integration | Yes, App Service Environment v3 is deployed into a subnet in your virtual network by default | Supported, must be explicitly enabled |
Private endpoint support | Yes, must be explicitly enabled on the App Service Environment | Yes, must be explicitly enabled |
IP access restrictions for inbound traffic | Yes, must be explicitly enabled | Yes, must be explicitly enabled |
Network security group (NSG) integration | Supports inbound and outbound traffic control | Can use NSG for inbound traffic control using the subnet that sourced the IP of a private endpoint (Note: requires private endpoints). Supports outbound network restrictions with NSG on the virtual network integration subnet. |
UDR integration | Supports outbound traffic routing, must be explicitly enabled | Supports outbound traffic routing, must be explicitly enabled |
Route outbound traffic over virtual network | Yes, all apps are in the same subnet and all outbound traffic is routed through the virtual network by default | Supported |
Block inbound traffic to App Service functionality hosted on non-HTTP ports | Supported, NSG can be used to block inbound traffic to non-HTTP ports | Not supported. In some cases (FTP and remote debugging), functionality can be explicitly disabled on a per-application basis. However, inbound network traffic can't be blocked using NSGs since the underlying App Service platform hosting infrastructure owns the listed ports. |
Pull Docker containers over virtual network | Supported, uses the App Service Environment's subnet | Supported |
Azure Functions storage account access over virtual network | Supported, uses the App Service Environment's subnet | Supported |
Backup/restore over a virtual network | Supported, uses the App Service Environment's subnet | Supported |
Maximum outbound TCP/IP connections per virtual machine instance | 16,000 | 1,920 per P1V3 instance. 3,968 per P2V3 instance. 8,064 per P3V3 instance |
Maximum SNAT ports per virtual machine instance | Dynamic: 256 - 1,024 depending on total instance count | 128 per instance |
定价
由于基础设施的专用性,App Service Environment v3往往比公共多租户产品更昂贵。对于这两种产品,您只需为您使用的资源付费。这两种产品都有预留实例和储蓄计划,以节省长期承诺的资金。
Feature | App Service Environment v3 | App Service public multitenant |
---|---|---|
Pricing | Pay per instance | Pay per instance |
Reserved instances | Available | Available |
Savings plans | Available | Available |
Availability zone pricing | There's a minimum charge of 18 cores. There's no added charge for availability zone support if you have 18 or more cores across your App Service plan instances. If you have fewer than 18 cores across your App Service plans in the zone redundant App Service Environment, the difference between 18 cores and the sum of the cores from the running instance count is charged as Windows I1v2 instances. | Three instance minimum enforced per App Service plan. |
常见问题解答
- 我怎么知道哪种产品适合我?
- 我可以同时使用App Service Environment v3和公共多租户产品吗?
- 我可以从公共多租户产品迁移到App Service Environment v3吗?
- 我可以将App Service Environment v3用于我的开发和测试环境吗?
- 如何开始使用App Service Environment v3?
- 我如何开始使用App Service公共多租户产品?
我怎么知道哪种产品适合我?
在App Service Environment v3和公共多租户产品之间做出选择取决于您的具体要求。在决定这两种产品时,有几个关键因素需要考虑。以下是一些常见的场景,可以帮助您决定哪种产品适合您。
如果你需要一个完全隔离和专用的环境来运行你的应用程序,那么App Service environment v3是你的正确选择。如果您不需要完全隔离的环境,并且可以与其他客户共享支持基础设施,那么公共多租户服务是您的正确选择。
如果您需要近乎即时的扩展时间,那么公共多租户产品是您的正确选择。如果你需要扩展到30个以上的实例,那么App Service Environment v3是你的正确选择。
如果您需要使用由私有CA颁发的客户端证书,那么App Service Environment v3是您的正确选择。如果您需要使用由私有CA颁发的客户端证书,并且您正在使用Windows容器或Linux容器进行部署,那么公共多租户产品也是可能的。
如果你想简化你的网络配置,并将所有应用程序都放在同一个子网中,那么App Service Environment v3是你的正确选择。如果你想使用虚拟网络集成、专用端点或IP访问限制,那么这两种产品都适合你,但你需要为公共多租户产品在每个应用程序的基础上启用这些功能。
我可以同时使用App Service Environment v3和公共多租户产品吗?
是的,您可以同时使用App Service Environment v3和公共多租户产品。您可以将App Service Environment v3用于需要完全隔离和专用环境的最关键的应用程序。您可以为不需要完全隔离环境的应用程序使用公共多租户产品。
我可以从公共多租户产品迁移到App Service Environment v3吗?
是的,您可以从公共多租户产品迁移到App Service Environment v3,反之亦然。您可以使用备份和还原功能迁移您的应用程序。
我可以将App Service Environment v3用于我的开发和测试环境吗?
是的,您可以将App Service Environment v3用于您的开发和测试环境。但是,请记住,App Service Environment v3比公共多租户产品更昂贵,因此您可能希望在开发和测试环境中使用公共多租户服务来节省资金。
如何开始使用App Service Environment v3?
要开始使用App Service Environment v3,请参阅Azure App Service着陆区加速器。
我如何开始使用App Service公共多租户产品?
要开始使用应用服务公共多租户产品,请参阅Azure应用服务入门。
- 登录 发表评论
- 5 次浏览
Tags
最新内容
- 2 days 5 hours ago
- 2 days 7 hours ago
- 2 days 7 hours ago
- 4 days 23 hours ago
- 5 days 6 hours ago
- 5 days 7 hours ago
- 5 days 7 hours ago
- 5 days 7 hours ago
- 1 week 2 days ago
- 1 week 2 days ago