Description
As a Managed Cloud customer, you can request App Service Environment (ASE) deployment with an internal load balancer (ILB) and get all advantages of a fully isolated and dedicated environment that does not share any infrastructure resources with other Azure customers.
ILB ASE is deployed with Web Application Firewall (WAF), which helps to secure your web applications by inspecting and blocking inbound web traffic, such as:
- SQL injections
- Cross-site scripting
- Malware uploads
- Application DDoS
- Other attacks
It also inspects the responses from the back-end web servers for Data Loss Prevention (DLP).
The deployment of Sitecore with ILB ASE + WAF in Managed Cloud has the following architecture:
Note: Web Apps that are deployed in an ASE are not publicly available from the internet by default (except Sitecore CD instance). There are several ways of providing access to the Web Apps in an ASE:
| Technology and Approach | When you should use it |
| A virtual machine (also known as a Jumpbox) that is deployed to the same vNet as the ASE. | If you need to run the software within the environment. |
| Express route or site-to-site connections. | If you need to connect one vNet to another. |
| Application Gateway. | If you need to connect to ASE from outside to access other resources. |
For more information about how to use VPN technologies to connect a vNet with your on-premise networks, see Microsoft's documentation.
The process of requesting a Managed Cloud ILB ASE + WAF deployment is described here.