Merge pull request #918 from MicrosoftDocs/webapps-devops

Added AAF DevOps considerations to basic web apps/appService RAs

docs/reference-architectures/app-service-web-app/app-monitoring.md

@@ -48,7 +48,9 @@ This scenario uses a managed Azure environment to host an application and data t
 - [Azure Monitor][azure-monitor] provides base-level infrastructure [metrics and logs][metrics] for most services in Azure. You can interact with the metrics in several ways, including charting them in Azure portal, accessing them through the REST API, or querying them using PowerShell or CLI. Azure Monitor also offers its data directly into [Log Analytics and other services], where you can query and combine it with data from other sources on premises or in the cloud.
 - [Log Analytics][log-analytics] helps correlate the usage and performance data collected by Application Insights with configuration and performance data across the Azure resources that support the app. This scenario uses the [Azure Log Analytics agent][Azure Log Analytics agent] to push SQL Server audit logs into Log Analytics. You can write queries and view data in the Log Analytics blade of the Azure portal.
 
-## Monitoring considerations
+## DevOps considerations
+
+### Monitoring
 
 A recommended practice is adding Application Insights to your code during development using the [Application Insights SDKs][Application Insights SDKs], and customizing per application. These open-source SDKs are available for most application frameworks. To enrich and control the data you collect, incorporate the use of the SDKs both for testing and production deployments into your development process. The main requirement is for the app to have a direct or indirect line of sight to the Applications Insights ingestion endpoint hosted with an Internet-facing address. You can then add telemetry or enrich an existing telemetry collection.
 
@@ -60,7 +62,8 @@ Both Application Insights and Log Analytics use [Azure Log Analytics Query Langu
 
 Azure Monitor, Application Insights, and Log Analytics all send [alerts](https://docs.microsoft.com/azure/monitoring-and-diagnostics/monitoring-overview-alerts). For example, Azure Monitor alerts on platform-level metrics such as CPU utilization, while Application Insights alerts on application-level metrics such as server response time. Azure Monitor alerts on new events in the Azure Activity Log, while Log Analytics can issue alerts about metrics or event data for the services configured to use it. [Unified alerts in Azure Monitor](https://docs.microsoft.com/azure/monitoring-and-diagnostics/monitoring-overview-unified-alerts) is a new, unified alerting experience in Azure that uses a different taxonomy.
 
-### Alternatives
+
+#### Alternatives
 
 This article describes conveniently available monitoring options with popular features, but you have many choices, including the option to create your own logging mechanisms. A recommended practice is to add monitoring services as you build out tiers in a solution. Here are some possible extensions and alternatives:
 
@@ -70,6 +73,9 @@ This article describes conveniently available monitoring options with popular fe
 - Add communication with [ITSM solutions][ITSM solutions].
 - Extend Log Analytics with a [management solution][management solution].
 
+
+For more information see [Monitoring For DevOps][devops-monitoring] in the Azure Well-Architected Framework.
+
 ## Scalability and availability considerations
 
 This scenario focuses on PaaS solutions for monitoring in large part because they conveniently handle availability and scalability for you and are backed by service-level agreements (SLAs). For example, App Services provides a guaranteed [SLA][SLA] for its availability.

docs/reference-architectures/app-service-web-app/basic-web-app.md

@@ -138,6 +138,12 @@ When assigning resources to resource groups, consider the following:
 
 For more information, see [Azure Resource Manager overview](https://docs.microsoft.com/azure/azure-resource-manager/resource-group-overview).
 
+## DevOps considerations
+
+In this architecture you use an [Azure Resource Manager template][arm-template] for provisioning the Azure resources and its dependencies. Since this is a single web application, all the resources are isolated in the same basic workload, that makes it easier to associate the workload's specific resources to a team, so that the team can independently manage all aspects of those resources. This isolation enables the DevOps team to perform continuous integration and continuous delivery (CI/CD). Also, you can use different [Azure Resource Manager templates][arm-template] and integrate them with Azure DevOps Services to provision different environments in minutes, for example to replicate production like scenarios or load testing environments only when needed, saving cost.
+
+Provision multiple instances of the web application, so it does not depend on a single instance which could create a single point of failure. Also multiple instances improve resiliency and scalability.
+
 ### Deployment
 
 Deployment involves two steps:
@@ -181,6 +187,9 @@ Tips for troubleshooting your application:
 - The [Kudu dashboard][kudu] has several tools for monitoring and debugging your application. For more information, see [Azure Websites online tools you should know about][kudu] (blog post). You can reach the Kudu dashboard from the Azure portal. Open the blade for your app and click **Tools**, then click **Kudu**.
 - If you use Visual Studio, see the article [Troubleshoot a web app in Azure App Service using Visual Studio][troubleshoot-web-app] for debugging and troubleshooting tips.
 
+
+For more information, see the DevOps section in [Azure Well-Architected Framework][AAF-devops].
+
 ## Security considerations
 
 This section lists security considerations that are specific to the Azure services described in this article. It's not a complete list of security best practices. For some additional security considerations, see [Secure an app in Azure App Service][app-service-security].
@@ -242,6 +251,7 @@ For more information, see [Deploy resources with Azure Resource Manager template
 <!-- links -->
 
 [aad-auth]: https://docs.microsoft.com/azure/app-service-mobile/app-service-mobile-how-to-configure-active-directory-authentication
+[AAF-devops]: /azure/architecture/framework/devops/overview
 [app-insights]: https://docs.microsoft.com/azure/application-insights/app-insights-overview
 [app-insights-data-rate]: https://docs.microsoft.com/azure/application-insights/app-insights-pricing
 [app-service]: https://docs.microsoft.com/azure/app-service

docs/reference-architectures/app-service-web-app/multi-region.md

@@ -144,12 +144,21 @@ For more information, see the cost section in [Microsoft Azure Well-Architected
 
 If the primary database fails, perform a manual failover to the secondary database. See [Restore an Azure SQL Database or failover to a secondary][sql-failover]. The secondary database remains read-only until you fail over.
 
+
+## DevOps considerations
+
+This architecture follows the multi region deployment recommendation, described in the [DevOps section of the Azure Well Architected Framework][AAF-devops-deployment-multi-region].
+
+This architecture builds on the one shown in [Improve scalability in a web application][guidance-web-apps-scalability], see [DevOps considerations section][guidance-web-apps-scalability-devops].
+
 <!-- links -->
 
 [AFD-pricing]: https://azure.microsoft.com/pricing/details/frontdoor
+[AAF-devops-deployment-multi-region]: /azure/architecture/framework/devops/deployment#consider-deploying-across-multiple-regions
 [bandwidth-pricing]: https://azure.microsoft.com/pricing/details/bandwidth
 [cosmosdb-geo]: https://docs.microsoft.com/azure/cosmos-db/distribute-data-globally
 [guidance-web-apps-scalability]: ./scalable-web-app.md
+[guidance-web-apps-scalability-devops]: ./scalable-web-app.md#devops-considerations
 [pricing-calculator]: https://azure.microsoft.com/pricing/calculator
 [ra-grs]: https://docs.microsoft.com/azure/storage/common/storage-designing-ha-apps-with-ragrs
 [regional-pairs]: https://docs.microsoft.com/azure/best-practices-availability-paired-regions

docs/reference-architectures/app-service-web-app/scalable-web-app.md

@@ -145,6 +145,14 @@ App Services has built-in support for CORS, without needing to write any applica
 
 Use [Transparent Data Encryption][sql-encryption] if you need to encrypt data at rest in the database. This feature performs real-time encryption and decryption of an entire database (including backups and transaction log files) and requires no changes to the application. Encryption does add some latency, so it's a good practice to separate the data that must be secure into its own database and enable encryption only for that database.
 
+
+## DevOps considerations
+
+### Front-end deployment
+
+This architecture builds on the one shown in [Basic web application][basic-web-app], see the [DevOps considerations section][basic-web-app-devops].
+
+
 ## Next steps
 
 - [Run a web application in multiple Azure regions for high availability][web-app-multi-region]
@@ -162,6 +170,7 @@ Use [Transparent Data Encryption][sql-encryption] if you need to encrypt data at
 [azure-search]: https://docs.microsoft.com/azure/search
 [azure-search-scaling]: https://docs.microsoft.com/azure/search/search-capacity-planning
 [basic-web-app]: ./basic-web-app.md
+[basic-web-app-devops]: ./basic-web-app.md#devops-considerations
 [caching-guidance]: ../../best-practices/caching.md
 [cdn-app-service]: https://docs.microsoft.com/azure/app-service-web/cdn-websites-with-cdn
 [cdn-storage-account]: https://docs.microsoft.com/azure/cdn/cdn-create-a-storage-account-with-cdn