DTU stands for Database Throughput Unit.
DTUs are based on a combination of CPU usage, memory, reads, and writes. It's a way to measure performance with a single number.
A resource group is a logical collection of assets. For instance, you'd have at least one resource group per application.
To create a resource group:
(as of Sept. 2019)
1) Open Azure console
2) In the left-hand menu > click Resource Groups > Create Resource Group
3) Fill in the form
4) Click Review + Create
To create a SQL database hosted on Azure:
(as of Sept. 2019)
1) Open your Azure console
2) Click Create a Resource > SQL databases > Create SQL Database
3) Fill in the form
- During this, you have the option of loading the database from an Azure backup file
4) Create
5) Wait for the backend processes to set up your database
By default, an Azure database is not available publicly.
To edit Azure Server Firewall rules
- go to Azure Portal > go to the database > Set Server Firewall
- OR open SSMS > try to connect to the Azure database > in the New Firewall Rule popup, log into Azure > use the popup to setup the Firewall rule
It is recommended to only allow administrators this access
To set database-specific firewall rules, you must first enable the server-level firewall access and then use T-SQL to setup the database rules.
Log into the Azure database with SSMS.
-- must be in master database to make the LOGIN
CREATE LOGIN test
WITH PASSWORD = 'SuperSecret!'
-- must be in your database to create the USER
CREATE USER [test]
FOR LOGIN [test]
WITH DEFAULT_SCHEMA = dbo;
-- must be in your database to alter ROLES for USER
ALTER ROLE db_datareader ADD MEMBER [test];
ALTER ROLE db_datawriter ADD MEMBER [test];
--grant execute permission for specific stored procedures
GRANT EXEC ON dbo.OBJECT_NAME TO [test];
*.csdef is your Cloud Service Definition file.
Naming convention: ServiceDefinition.csdef.
It is an XML file.
It defines the service model and the number of roles.
The definition cannot be altered after you upload it.
Each ServiceDefinition must contain 1 to 25 roles (WebRole or WorkerRole).
Example:
<?xml version="1.0" encoding="utf-8"?>
<ServiceDefinition name="MyServiceName" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition">
<WebRole name="WebRole1" vmsize="Medium">
<Sites>
<Site name="Web">
<Bindings>
<Binding name="HttpIn" endpointName="HttpIn" />
</Bindings>
</Site>
</Sites>
<Endpoints>
<InputEndpoint name="HttpIn" protocol="http" port="80" />
<InternalEndpoint name="InternalHttpIn" protocol="http" />
</Endpoints>
<Certificates>
<Certificate name="Certificate1" storeLocation="LocalMachine" storeName="My" />
</Certificates>
<Imports>
<Import moduleName="Connect" />
<Import moduleName="Diagnostics" />
<Import moduleName="RemoteAccess" />
<Import moduleName="RemoteForwarder" />
</Imports>
<LocalResources>
<LocalStorage name="localStoreOne" sizeInMB="10" />
<LocalStorage name="localStoreTwo" sizeInMB="10" cleanOnRoleRecycle="false" />
</LocalResources>
<Startup>
<Task commandLine="Startup.cmd" executionContext="limited" taskType="simple" />
</Startup>
</WebRole>
<WorkerRole name="WorkerRole1">
<ConfigurationSettings>
<Setting name="DiagnosticsConnectionString" />
</ConfigurationSettings>
<Imports>
<Import moduleName="RemoteAccess" />
<Import moduleName="RemoteForwarder" />
</Imports>
<Endpoints>
<InputEndpoint name="Endpoint1" protocol="tcp" port="10000" />
<InternalEndpoint name="Endpoint2" protocol="tcp" />
</Endpoints>
</WorkerRole>
</ServiceDefinition>
Sites: websites or web applications hosted in IIS7
InputEndpoints: endpoints for contacting this service
InternapEndpoints: endpoints used by this service's role instances to communicate with each other
ConfigurationSettings: settings for a specific role
Certificates: certificates needed to a role
LocalResources: a local directory in which a role is running
Imports: imported modules
Startup: tasks to run when a role starts
*.cscfg is your Cloud Service Configuration file.
Naming convention: ServiceConfig.cscfg.
It is an XML file.
It provides settings to the service, individual roles, and the number of role instances.
The configuration can be altered after you upload it.
*.cspkg is your Service Package.
It is a zip file.
It contains the application code and model.
The model is made up of the *.csdef and *.cscfg files.
Create a new cloud service
Upload (deploy) a cloud service package
If you already have your service ready to upload, you can do all the Quick Create steps at once here.
1) Create a web service
2) In Visual Studio > right-click on project > Publish Web App (VS 2017) or Publish (VS 2015)
3) Select target Microsoft Azure App Service
4) (if not already) log into Microsoft Azure
5) Select an existing Web App (or create a new one)
6) Check the publish form is filled out correctly > Publish
7) Watch of the Success message in the output panel
- Did not work from 2015 Community - got error about "No registered provider found" for App version 2.0.
- Works fine from 2017 Community.
8) In Azure > select the App Service you just published to > Deployment Center tab
9) Select a deployment option (Instructions continue for Manual Deploy From FTP) > click Dashboard
10) for User Credentials, the username format is "appName\userName"
- enter User Credentials
11) In Visual Studio > right-click on project > Publish
Possible error: the publish succeeded but navigating to the page shows message "Your app service is up and running. Time to take the next step and deploy your code."
- One recommendation was to go to Azure Portal > your App Service > Configuration > Default Documents > and make sure your default page in the list, above "hostingstart.html". This did not work for me. But saving changes to Default Document caused the service to restart and it started working.
- Another said "In my case the app was failing to start up due to an unhandled exception thrown in my startup code."
Azure Portal > your App Service > Configuration > Connection Strings
These connection strings will override the ones in your Web.config, based on the connection string name.
You can verify the connection string in the code with
using System.Configuration; //include reference in project
return ConfigurationManager.ConnectionStrings["ConnectionStringName"].ConnectionString;
You'll need to give this service access through the database's firewall.
- Get you App Service IP Address as Azure Portal > your App Service > Properties > Virutal IP Address
- go to Azure Portal > SQL Server (not the database resource) > Security > Firewalls And Virtual Networks
- add a firewall rule for the App Service IP Address > Save Changes
It may take a few minutes for this change to take affect.
I'm able to use WcfTestClient to connect to my Azure service, but my Azure site cannot connect to it. No help so far from Stackoverflow on how that can happen.
So I'm setting up both service and site with a domain name.
- Get a domain name
- Have your Azure service(s) set up on a paid tier
- Prove you own the domain and map the CNAME record so aliases resolve
- Add CNAME domain as a Custom Domain on the Azure service
- Map the A record so the ip address resolves
- Add A domain as a Custom Domain on the Azure service
- Wait an hour or two for all the DNS servers to get updated
You can't map the same domain names (or aliases) to multiple services/sites. So I did the following:
- CNAME "service.domainname.com" points to "domainname.com"
- "service.domainname.com" is mapped to service
- CNAME "www.domainname.com" points to "domainname.com"
- "www.domainname.com" and "domainname.com" are mapped to site
- A "@.domainname.com" points to the ip address of service/site (same ip address)
It took most of a day for all the DNS records to get updated so this would all work
This is a useful tool for checking what DNS servers have received your updates:
MVC Sites used to be published as "Web Sites" but are now published as "App Services".
Assumes you already have the MVC Site and an Azure account.
1) Create the new AppService on your Azure account OR use the Publish dialog to create it
2) open the project in Visual Studio > right-click project in Solution Explorer > Publish
- select "App Service"
- for new Apps, set the App Name and select from existing Subscriptions, Resource Groups, and Hosting Plans
To upload a SQL Server database to Azure:
(as of Sept. 2019)
1) You'll need an Azure Server setup to deploy to
2) Open your database in SSMS (SQL Server Management Studio)
3) Right-click database > Tasks > Deploy Database to Microsoft Azure SQL Database
4) Fill in the form
- You will need to allow access to Azure through your firewall
- You cannot deploy to a pre-existing Azure database, it must be a new one
Azure secrets manager
"Azure Key Vault is a cloud service used to manage keys, secrets, and certificates."
In Azure Portal, search for "Key Vault" to add one
You cannot edit secrets from the Azure Portal; use the CLI instead.
Once you create secrets, you can see the secret names in Azure Portal > your Key Vault > Secrets
Grant your App Services access to the Key Vault.
- Key Vault > Access Policies > Search for your web app by its name and add it the same way you grant users access
If you just need to protect your connection strings, use Azure Portal > your App Service > Configuration > Connection Strings
https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest
List all key vaults
az keyvault list
Add a secret
az keyvault secret set --vault-name "vault name" --name "secret name" --value "secret value"
View a secret
az keyvault secret show --vault-name "vault name" --name "secret name"