This content is part of the Conference Coverage: Microsoft Ignite 2017 conference coverage
News Stay informed about the latest enterprise technology news and product updates.

Azure App Service Isolated caters to enterprise security concerns

Azure App Service Isolated brings dedicated space and broadens the reach of Microsoft's PaaS offering to assuage enterprises wary of public cloud.

Microsoft has added PaaS isolation capabilities to Azure, in yet another step to make public cloud more palatable...

to its existing customer base.

Azure App Service Isolated simplifies the use of dedicated virtual networks for Microsoft's platform as a service (PaaS) layer. Azure App Service is built for web, mobile and API applications; the isolation capabilities could attract traditional enterprises wary of using the public cloud for compliance or performance reasons.

The Isolated tier to Azure App Service enables internal application development to work alongside the types of web-facing applications the PaaS offering specifically targets. For example, if a company wants to run a banking or health application, it could link a front-end application to the isolated back-end app to act as a firewall from the public internet and protect customers' personally identifiable information.

For regulated companies, this barrier between layers is essentially a requirement, so this update from Microsoft fills that gap for newer applications, said Carl Mazzanti, CEO of eMazzanti Technologies, a Hoboken, N.J., IT consultancy and Microsoft partner.

"This gives sensitive companies that stamp of compliance," he said. And the dedicated network gives users the consistent performance they're accustomed to on premises, he added.

Microsoft added isolation capabilities to the PaaS tool in 2015 with App Service Environment (ASE). The Isolated tier is essentially a more approachable, second generation of ASE -- with better power and scalability. The new isolation feature removes the need to manage or scale resource pools, and customers can scale out by adding instances or scale up by choosing a larger plan. The standard App Service Isolated plan has a default maximum of 100 instances, so customers could use it to run multiple applications.

It also adds Azure's Dv2-based machines to App Service; these instance types come with faster chips, SSD storage and twice the memory per core compared to the first generation of dedicated App Service tools. Those Dv2 machines, previously limited to infrastructure as a service (IaaS) on Azure, are also incorporated into a new Premium V2 tier of App Service now in public preview.

Microsoft has made significant strides to fill the gaps in its services compared to Amazon Web Services (AWS), which offers similar isolation through a combination of its Virtual Private Cloud and Elastic Beanstalk. While the isolation of networks for App Service was possible before, this automates the tasks and makes it easier to consume by enterprises, said Larry Carvalho, an analyst at IDC.

"Being able to isolate yet scale when you need to is very useful for new applications for digital transformation and other web apps," he said.

Luring enterprises to cloud with familiar features

Unlike AWS, Microsoft must protect its legacy user base, which sometimes means pulling customers to the cloud rather than having them embrace Azure independently. The most notable effort to get enterprise IT organizations comfortable with the public cloud is the long-delayed Azure Stack, which lets customers essentially run a scaled-down version of Azure inside their data centers.

The ultimate goal is to let you dip your toe in the cloud and then [they] pull your whole leg in.
Steve MordueCEO, Forceworks

These tools are almost like a gateway drug, where Microsoft provides a familiar environment with the ultimate goal to lure customers to its cloud, said Steve Mordue, CEO of Forceworks, a Microsoft partner in Tampa, Fla.

"They do that with a lot of products in the cloud and on-premises integrations that other companies can't do," Mordue said. "The ultimate goal is to let you dip your toe in the cloud and then [they] pull your whole leg in."

But where Azure Stack could fit with traditional workloads, Azure App Service Isolated targets more modern applications that get away from the IaaS model that defined the early wave of public cloud adoption.

"It's a very natural evolution but, in some ways, it's a little bit of a solution to a problem that people are still discovering that they have," said John Peluso, senior vice president of product management at AvePoint, an independent service provider in Jersey City, N.J. "I would be surprised if people were clamoring for something like this, as opposed to seeing it as a new option that makes sense but they hadn't really been able to consider before."

AvePoint hosts all the applications it sells and develops on Azure, but it has moved its development higher up the stack with services such as App Service. This can ease the security validation process with large clients, because it puts that burden on Microsoft, which has far more resources to address those concerns.

"It's a mindset shift for development, but there's a lot of value once you make that mental adjustment," Peluso said.

AWS has the lead in the cloud market and entrenched development at the IaaS layer, but in PaaS, Microsoft will try to compete and out-innovate Amazon, Peluso said. He sees the Isolated tier as a step in that direction, as it makes Azure App Service more attractive for internal development -- not just web-facing apps.

Trevor Jones is a news writer with SearchCloudComputing and SearchAWS. Contact him at [email protected].

Next Steps

Assess Microsoft's Azure Security Center

Can your Azure deployment withstand an attack?

Hybrid cloud to thrive behind the firewall

Dig Deeper on PaaS and other cloud development platforms