70-533

Implementing Microsoft Azure

Infrastructure Solutions

Contents
MS Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions................................................. 5
Implement websites ..................................................................................................................................... 5
Deploy websites ........................................................................................................................................ 5
To Add a Deployment Slot to a Website ................................................................................................... 6
About Configuration for Deployment Slots .............................................................................................. 9
To Swap Deployment Slots ..................................................................................................................... 10
To Rollback a Production Site to Staging ................................................................................................ 10
To Delete a Site Slot ................................................................................................................................ 11
Azure PowerShell cmdlets for Site Slots ................................................................................................. 11
Get-AzureWebsite............................................................................................................................... 11
New-AzureWebsite ............................................................................................................................. 12
Publish-AzureWebsiteProject ............................................................................................................. 12
Show-AzureWebsite............................................................................................................................ 12
Switch-AzureWebsiteSlot.................................................................................................................... 12
Remove-AzureWebsite ....................................................................................................................... 12
Azure Cross-Platform Command-Line Interface (xplat-cli) commands for Site Slots ............................. 13
azure site list ....................................................................................................................................... 13
azure site create.................................................................................................................................. 13
azure site swap.................................................................................................................................... 13
azure site delete.................................................................................................................................. 13
Azure Websites Backups ............................................................................................................................. 14
What Gets Backed Up ............................................................................................................................. 14
Requirements and Restrictions ............................................................................................................... 14
To Create a Manual Backup .................................................................................................................... 14
To Configure Automated Backups .......................................................................................................... 16
How Backups Are Stored......................................................................................................................... 19
Notes ....................................................................................................................................................... 20
Restore a Microsoft Azure website............................................................................................................. 20
To Restore an Azure website from a previously made backup .............................................................. 20
To Restore an Azure website directly from a storage account ............................................................... 21
Choose Your Website Restore Settings and Start the Restore Operation .............................................. 24
View the Operation Logs......................................................................................................................... 29
How to Deploy an Azure Website ............................................................................................................... 31
Deploying from a cloud-hosted source control system .......................................................................... 32

Visual Studio Online (VSO) .................................................................................................................. 32

Repository websites using Git ............................................................................................................. 32
Repository websites using Mercurial .................................................................................................. 33
Dropbox............................................................................................................................................... 33
Deploying from an IDE ............................................................................................................................ 33
Visual Studio........................................................................................................................................ 33
WebMatrix .......................................................................................................................................... 34
Deploying by using an FTP utility ............................................................................................................ 34
Deploying from an on-premises source control system ......................................................................... 35
Team Foundation Server (TFS) ............................................................................................................ 35
On-premises Git or Mercurial repositories ......................................................................................... 35
Using command-line tools and the Azure REST management API ......................................................... 35
MSBuild ............................................................................................................................................... 35
FTP scripts ........................................................................................................................................... 36
Windows PowerShell .......................................................................................................................... 36
.NET management API ........................................................................................................................ 36
Cross-platform command line (xpat-cli) ............................................................................................. 37
Web Deploy command line................................................................................................................. 37
Use WebJobs to run background tasks in Azure Websites ......................................................................... 37
Acceptable File Types for Scripts or Programs........................................................................................ 37
Create an On Demand Task .................................................................................................................... 38
Create a Continuously Running Task ...................................................................................................... 39
Create a Scheduled Task ......................................................................................................................... 40
Scheduled jobs and Azure Scheduler .................................................................................................. 45
View the Job History ............................................................................................................................... 48
Configure websites ................................................................................................................................. 50
How to Configure Websites ........................................................................................................................ 50
ow to: Change configuration options for a website ............................................................................... 50
General................................................................................................................................................ 51
Certificates .......................................................................................................................................... 51
Domain names .................................................................................................................................... 52
SSL Bindings......................................................................................................................................... 52
Deployments ....................................................................................................................................... 52
Application diagnostics ....................................................................................................................... 52
Site diagnostics ................................................................................................................................... 53

Monitoring .......................................................................................................................................... 53
Developer analytics ............................................................................................................................. 54
App settings ........................................................................................................................................ 54
Connection strings .............................................................................................................................. 54
Default documents.............................................................................................................................. 55
Handler mappings ............................................................................................................................... 55
Virtual applications and directories .................................................................................................... 55
How to: Configure a website to use a SQL database .............................................................................. 55
Overview ................................................................................................................................................. 62
DNS record types .................................................................................................................................... 62
Find the virtual IP address ...................................................................................................................... 63
Create the DNS records........................................................................................................................... 64
Create an awverify record (A records only)......................................................................................... 65
Enable the domain name on your website ............................................................................................. 65
Enable HTTPS for an Azure website ............................................................................................................ 67
HTTPS for the *.azurewebsites.net domain............................................................................................ 67
Enable SSL for your custom domain ....................................................................................................... 67
Get an SSL certificate .............................................................................................................................. 68
Get a certificate using Certreq.exe (Windows only) ........................................................................... 69
Get a certificate using OpenSSL .......................................................................................................... 74
Get a certificate using the IIS Manager............................................................................................... 76
Get a SubjectAltName certificate using OpenSSL ............................................................................... 77
Generate a self-signed certificate (for testing only) ........................................................................... 79
Configure Standard mode ....................................................................................................................... 81
Configure SSL .......................................................................................................................................... 82
Enforce HTTPS on your Azure website.................................................................................................... 84
.NET ..................................................................................................................................................... 86
PHP ...................................................................................................................................................... 86
Node.js, Python Django, and Java ....................................................................................................... 86
Create Your Sites ................................................................................................................................. 87
Create Your ATM Profile ..................................................................................................................... 87
Adding Endpoints ................................................................................................................................ 88
Configuring Your ATM Profile ............................................................................................................. 89
Testing Things So Far........................................................................................................................... 91
Using a Custom Domain ...................................................................................................................... 92

Load Balancing Methods ..................................................................................................................... 93

Configure diagnostics, monitoring, and analytics ................................................................................... 93
Configure scale and resilience ................................................................................................................ 93
How to Scale Websites................................................................................................................................ 94
Scaling to Shared or Basic Plan mode ..................................................................................................... 94
Scaling to Standard Plan Mode ............................................................................................................... 98
Scaling a SQL Server Database connected to your site ......................................................................... 103
Developer Features ............................................................................................................................... 104
Manage hosting plans ........................................................................................................................... 104
What is a Web Hosting Plan? .................................................................................................................... 104
Features in Web Hosting Plans ............................................................................................................. 104
Web Hosting Plans and Capacity .......................................................................................................... 105
Web Hosting Plans and the new Azure Preview Portal .................................................................... 105
Azure Websites Web Hosting Plans In-Depth Overview........................................................................... 110
Websites, Web Hosting Plans, and Resource Groups ........................................................................... 110
When should I create a new resource group and when should I create a new web hosting plan? ..... 111
Existing resources group in the Azure Preview portal .......................................................................... 113
Web Hosting Plan F.A.Q. ....................................................................................................................... 115

MS Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions

This book particularly focus in following areas.
1.
2.
3.
4.
5.
6.

Implement websites
Implement virtual machines
Implement cloud services
Implement storage
Implement an Azure Active Directory
Implement virtual networks

Following are some of the general links, for your references. You can explore about the exam, its
pattern and learn more on the topic from these links.

Azure Subscription and Service Limits, Quotas, and Constraints

http://azure.microsoft.com/en-us/documentation/articles/azure-subscription-service-limits/
Azure Documentation Center
http://azure.microsoft.com/en-us/documentation/
Azure Free Trial
http://azure.microsoft.com/en-us/pricing/free-trial/
Microsoft Azure Developer Camp: Build a Cloud-Native App
http://www.microsoftvirtualacademy.com/training-courses/microsoft-azure-developer-campbuild-a-cloud-native-app
Enterprise Developer Camp Jump Start
http://www.microsoftvirtualacademy.com/training-courses/enterprise-developer-camp-jumpstart

Implement websites
Deploy websites
Define deployment slots; roll back deployments, configure and deploy packages, deploy web
jobs, schedule web jobs

Staged Deployment on Microsoft Azure Websites

When you deploy your application to Azure Websites, you can deploy to a separate deployment
slot instead of the default production slot, which are actually live sites with their own hostnames.
This option is available in the Standard web hosting plan. Furthermore, you can swap the sites
and site configurations between two deployment slots, including the production slot. Deploying
your application to a deployment slot has the following benefits:

You can validate website changes in a staging deployment slot before swapping it with
the production slot.
After a swap, the slot with previously staged site now has the previous production site. If
the changes swapped into the production slot are not as you expected, you can perform
the same swap immediately to get your "last known good site" back.

Deploying a site to a slot first and swapping it into production ensures that all instances
of the slot are warmed up before being swapped into production. This eliminates
downtime when you deploy your site. The traffic redirection is seamless, and no requests
are dropped as a result of swap operations.

Four deployment slots in addition to the production slot are supported for each website in the
Standard plan.

To Add a Deployment Slot to a Website

The website must be running in the Standard hosting plan to enable multiple deployment slots.
1. On the Quick Start page, or in the Quick Glance section of the Dashboard page for your
website, click Add a new deployment slot.

NOTE:

If the website is not already in Standard mode, you will receive the message You must
be in the standard mode to enable staged publishing. At this point, you have the
option to select Upgrade and navigate to the Scale tab of your website before continuing.
2. In the Add New Deployment Slot dialog, give the slot a name, and select whether to
clone website configuration from another existing deployment slot. Click the check mark
to continue.

The first time you create a slot, you will only have two choices: clone configuration from
the default slot in production or not at all.
After you have created several slots, you will be able to clone configuration from a slot
other than the one in production:

3. In the list of websites, expand the mark to the left of your website name to reveal the
deployment slot. It will have the website name followed by the deployment slot name.

4. When you click the name of the deployment site slot, a page will open with a set of tabs
just like any other website. your-website-name(deployment-slot-name) will appear at the
top of the portal page to remind you that you are viewing the deployment site slot.

5. Click the site URL in the dashboard view. Notice the the deployment slot has its own
hostname and is also a live site. To limit public access to the deployment slot, see Azure
Web Sites block web access to non-production deployment slots.
o

There is no content. You can deploy to the slot from a different repository branch, or an
altogether different repository. You can also change the slot's configuration. Use the publish
profile or deployment credentials associated with the deployment slot for content updates. For
example, you can publish to this slot with git.

About Configuration for Deployment Slots

When you clone configuration from another deployment slot, the cloned configuration is
editable. The following lists show the configuration that will change when you swap slots.
Configuration that will change on slot swap:

General settings
Connection strings
Handler mappings
Monitoring and diagnostic settings

Configuration that will not change on slot swap:

Publishing endpoints
Custom Domain Names
SSL certificates and bindings
Scale settings

Notes:

Multiple deployment slots are only available for sites in the Standard web hosting plan.
When you site has multiple slots, you cannot change the hosting plan.
A slot that you intend to swap into production needs to be configured exactly as you want
to have it in production.
By default, a deployment slot will point to the same database as the production site.
However, you can configure the deployment slot to point to an alternate database by
changing the database connection string(s) for the deployment slot. You can then restore
the original database connection string(s) on the deployment slot right before you swap it
into production.

To Swap Deployment Slots

1. To swap deployment slots, select the deployment slot in the websites list that you want to
swap and click the Swap button in the command bar.

2. The Swap Deployments dialog appears. The dialog lets you choose which site slot should
be the source and which site should be the destination.

3. Click the checkmark to complete the operation. When the operation finishes, the site slots
have been swapped.

To Rollback a Production Site to Staging

If any errors are identified in production after a slot swap, roll the slots back to their pre-swap
states by swapping the same two slots immediately.

To Delete a Site Slot

In the command bar at the bottom of the Azure Websites portal page, click Delete. You will be
given the option to delete the website and all deployment slots, or delete only the deployment
slot.

Notes:

Scaling is not available for non-production slots. It is only available for production slots.
Linked resource management is not supported for non-production slots.
You can still publish directly to your production slot if you wish.
By default, your deployment slots (sites) share the same resources as your production
slots (sites) and run on the same VMs. If you run stress testing on a stage slot, your
production environment will experience a comparable stress load.
NOTE:

In the Azure Preview Portal only, you can avoid this potential impact on a production slot
by temporarily moving the non-production slot to a different Web Hosting Plan. Note that
the test and production slots must once again share the same Web Hosting Plan before
you can swap the test slot into production.

Azure PowerShell cmdlets for Site Slots

Azure PowerShell is a module that provides cmdlets to manage Azure through Windows
PowerShell, including support for managing Azure Websites deployment slots.

For information on installing and configuring Azure PowerShell, and on authenticating

Azure PowerShell with your Windows Azure subscription, see How to install and
configure Windows Azure PowerShell.
To list the cmdlets available for Azure Websites in PowerShell, call help
AzureWebsite.

Get-AzureWebsite
The Get-AzureWebsite cmdlet presents information about Azure websites for the current
subscription, as in the following example.

Get-AzureWebsite siteslotstest

New-AzureWebsite
You can create a site slot for any website in Standard mode by using the New-AzureWebsite
cmdlet and specifying the names of both the site and slot. Also indicate the same region as the
site for deployment slot creation, as in the following example.
New-AzureWebsite siteslotstest -Slot staging -Location "West US"

Publish-AzureWebsiteProject
You can use the Publish-AzureWebsiteProject cmdlet for content deployment, as in the
following example.
Publish-AzureWebsiteProject -Name siteslotstest -Slot staging -Package
[path].zip

Show-AzureWebsite
After content and configuration updates have been applied to the new slot, you can validate the
updates by browsing to the slot using the Show-AzureWebsite cmdlet, as in the following
example.
Show-AzureWebsite -Name siteslotstest -Slot staging

Switch-AzureWebsiteSlot
The Switch-AzureWebsiteSlot cmdlet can perform a swap operation to make the updated
deployment slot the production site, as in the following example. The production site will not
experience any down time, nor will it undergo a cold start.
Switch-AzureWebsiteSlot -Name siteslotstest

Remove-AzureWebsite
If a deployment slot is no longer needed, it can be deleted by using the Remove-AzureWebsite
cmdlet, as in the following example.
Remove-AzureWebsite -Name siteslotstest -Slot staging

Azure Cross-Platform Command-Line Interface (xplat-cli) commands for Site Slots

The Azure Cross-Platform Command-Line Interface (xplat-cli) provides cross-platform
commands for working with Azure, including support for managing deployment slots on Azure
Websites.

For instructions on installing and configuring the xplat-cli, including information on how
to connect xplat-cli to your Azure subscription, see Install and Configure the Azure
Cross-Platform Command-Line Interface.
To list the commands available for Azure Websites in the xplat-cli, call azure site -h.

azure site list

For information about the Azure websites in the current subscription, call azure site list, as in
the following example.
azure site list siteslotstest

azure site create

To create a site slot for any website in Standard mode, call azure site create and specify the
name of an existing site and the name of the slot to create, as in the following example.
azure site create siteslotstest --slot staging

To enable source control for the new slot, use the --git option, as in the following example.
azure site create --git siteslotstest --slot staging

azure site swap

To make the updated deployment slot the production site, use the azure site swap command to
perform a swap operation, as in the following example. The production site will not experience
any down time, nor will it undergo a cold start.
azure site swap siteslotstest

azure site delete

To delete a deployment slot that is no longer needed, use the azure site delete command, as in
the following example.

azure site delete siteslotstest --slot staging

Azure Websites Backups

The Azure Websites Backup and Restore feature lets you easily create website backups manually
or automatically. You can restore your website to a previous state, or create a new website based
on one of your original site's backups.

What Gets Backed Up

Azure Websites backs up the following information:

Website configuration
Website file content
Any SQL Server or MySQL databases connected to your site (you can choose which ones to
include in the backup)

This information is backed up to the Azure storage account that you specify.
NOTE:

Each backup is a complete offline copy of your website, not an incremental update.

Requirements and Restrictions

The Backup and Restore feature requires the site to be in a Standard tier. For more
information about scaling your website use a Standard tier, see How to Scale Web Sites.
The Backup and Restore feature requires an Azure storage account that must belong to
the same subscription as the website that you are going to back up. If you do not yet have
a storage account, you can create one by clicking the Storage button (grid icon) in the
left pane of the Azure portal, and then choosing New in the command bar at the bottom.
For more information on Azure storage accounts, see the links at the end of this article.

To Create a Manual Backup

1. In the Azure portal for your website, choose the Backups tab.

2. Select the storage account to which you want to back up your website. The storage
account must belong to the same subscription as the website that you are going to back
up.

3. In the Included Databases option, select the databases that are connected to your website
(SQL Server or MySQL) that you want to back up.

NOTE:

For a database to appear in this list, its connection string must exist in the Connection
Strings section of the Configure tab in the portal.
4. In the command bar, click Backup Now.

You will see a progress message during the backup process:

You can make a manual backup at any time. During Preview, no more than 2 manual backups
can be made in a 24-hour period (subject to change).

To Configure Automated Backups

1. On the Backups page, set Automated Backup to ON.

2. Select the storage account to which you want to back up your website. The storage
account must belong to the same subscription as the website that you are going to back
up.

3. In the Frequency box, specify how often you want automated backups to be made.
(During Preview, the number of days is the only time unit available.)

The number of days must be between 1 and 90, inclusive (from once a day to once every
90 days).
4. Use the Start Date option to specify a date and time when you want the automated
backups to begin.

Times are available in half-hour increments.

NOTE:

Azure stores backup times in UTC format, but displays them in accordance with the
system time on the computer that you are using to display the portal.

5. In the Included Databases section, select the databases that are connected to your
website (SQL Server or MySQL) that you want to back up. For a database to appear in
the list, its connection string must exist in the Connection Strings section of the
Configure tab in the portal.

NOTE:

If you choose to include one or more databases in the backup and have specified a
Frequency of less than 7 days, you will be warned that frequent backups can increase
your database costs.
6. In the command bar, click the Save button to save your configuration changes (or choose
Discard if you decide not to save them).

How Backups Are Stored

After you have made one or more backups, they will be visible on the Containers tab of your
storage account. Your backups will be in a container called websitebackups. Each backup
consists of a .zip file that contains the backed up data and an .xml file that contains a manifest of
the .zip file contents.
The .zip and .xml backup file names consist of your website name followed by an underscore
and a time stamp of when the backup was taken. The time stamp contains the date in the format
YYYYMMDD (in digits with no spaces) plus the 24-hour time in UTC format (for example,
fabrikam_201402152300.zip). The content of these files can be unzipped and browsed in case
you want to access your backups without actually performing a website restore.
The XML file that is stored with the zip file indicates the database file name under
backupdescription > databases > databasebackupdescription > filename.

The database backup file itself is stored in the root of the .zip file. For a SQL database, this is a
BACPAC file (no file extension) and can be imported. To create a new SQL database based on
the BACPAC export, you can follow the steps in the article Import a BACPAC File to Create a
New User Database.
For information on restoring an Azure website (including databases) by using the Azure
management portal, see Restore a Microsoft Azure web site.
NOTE:

Altering any of the files in your websitebackups container can cause the backup to become
invalid and therefore non-restorable.

Notes

Make sure that you set up the connection strings for each of your databases properly on the
Configure tab of the website so that the Backup and Restore feature can include your databases.
During Preview, you are responsible for managing the backed up content saved to your storage
account. If you delete a backup from your storage account and have not made a copy
elsewhere, you will not be able to restore the backup later.
Although you can back up more than one website to the same storage account, for ease of
maintenance, consider creating a separate storage account for each website.
During Preview, backup and restore operations are available only through the Azure
Management Portal.

Restore a Microsoft Azure website

This article shows you how to restore a website that you have previously backed up by using the
Azure Websites Backup feature. For more information, see Microsoft Azure Web Sites Backups.
The Azure Websites Restore feature lets restore your website on-demand to a previous state, or
create a new website based on one of your original site's backups. Creating a new website that
runs in parallel to the latest version can be useful for A/B testing.
The Restore feature, available on the Backups tab in the Azure Websites portal, is available only
in Standard mode.

To Restore an Azure website from a previously made backup

1. On the Backups tab, click Restore Now in the command bar at the bottom of the portal
page. The Restore Now dialog box appears.

2. Under Choose backup source, select Previous Backup for this Website.
3. Select the date of the backup that you want to restore, and then click the right arrow to
continue.
4. Follow the steps in the Choose Your Web Site Restore Settings section later in this
article.

To Restore an Azure website directly from a storage account

1. On the Backups tab, click Restore Now in the command bar at the bottom of the portal
page. The Restore Now dialog box appears.

2. Under Choose backup source, select Storage Account File. Here you can directly
specify the URL for the storage account file, or click the folder icon to navigate to blob
storage and specify the backup file. This example chooses the folder icon.

3. Click the folder icon to open the Browse Cloud Storage dialog box.

4. Expand the name of the storage account that you want to use, and then select
websitebackups, which contains your backups.
5. Select the zip file containing the backup that you want to restore, and then click Open.
6. The Storage account file has been selected and shows in the storage account box. Click
the right arrow to continue.

7. Continue with the section that follows, Choose Your Web Site Restore Settings and Start
the Restore Operation.

Choose Your Website Restore Settings and Start the Restore Operation
1. Under Choose your website restore settings, Restore To, select either Current website
or New website instance.

If you select Current website, your existing website will be overwritten by the backup
that you selected (destructive restore). All changes you have made to the website since
the time of the chosen backup will be permanently removed, and the restore operation
cannot be undone. During the restore operation, your current website will be temporarily
unavailable, and you will be warned to this effect.
If you select New website instance, a new website will be created in the same region
with the name that you specify. (By default, the new name is restored-oldWebSiteName.)
The site that you restore will contain the same content and configuration that were made
in the portal for the original site. It will also include any databases that you choose to
include in the next step.
2. If you want to restore a database along with your website, under Included Databases,
select the name of the database server that you want to restore the database to by using
the dropdown under Restore To. You can also choose to create a new database server to
restore to, or choose Don't Restore to not restore the database, which is the default.
After you have chosen the server name, specify the name of the target database for the
restore in the Database Name box.
If your restore includes one or more databases, you can select Automatically adjust
connection strings to update your connection strings stored in the backup to point to
your new database, or database server, as appropriate. You should verify that all
functionality related to databases works as expected after the restore completes.

NOTE:

You cannot restore a SQL database with the same name to the same SQL Server. You
must choose either a different database name or a different SQL Server host to restore the
database to.
[WACOM.NOTE] You can restore a MySQL database with the same name to the same
server, but be aware that this will clear out the existing content stored in the MySQL
database.

3. If you choose to restore an existing database, you will need to provide a user name and
password. If you choose to restore to a new database, you will need to provide a new
database name:

Click the right arrow to continue.

4. If you chose to create a new database, you will need to provide credentials and other
initial configuration information for the database in the next dialog. The example here
shows a new SQL database. (The options for a new MySQL database are somewhat
different.)

5. Click the check mark to start the restore operation. When it completes, the new website
instance (if that is the restore option you chose) will be visible in the list of websites in
the portal.

View the Operation Logs

1. To see details about the success or failure of the website restore operation, go to the
website's Dashboard tab. In the Quick Glance section, under Management Services,
click Operation Logs.

2. You are taken to the Management Services portal Operation Logs page, where you can
see the log for your restore operation in the list of operation logs:

3. To view details about the operation, select the operation in the list, and then click the
Details button in the command bar.

When you do so, the Operations Details window opens and shows you the copiable
contents of the log file:

How to Deploy an Azure Website

You have many options for deploying your own content to an Azure Website. This topic
provides a brief overview of each option and links to more information.

Deploying from a cloud-hosted source control system

o Visual Studio Online (VSO)
o Repository websites using Git
o Repository websites using Mercurial
o Dropbox
Deploying from an IDE
o Visual Studio
o WebMatrix
Deploying by using an FTP utility
Deploying from an on-premises source control system
o Team Foundation Server (TFS)
o On-premises Git or Mercurial repositories
Using command-line tools and the Azure REST management API
o MSBuild
o FTP scripts
o Windows PowerShell

o
o
o

.NET management API

Cross-platform command line (xpat-cli)
Web Deploy command line

Deploying from a cloud-hosted source control system

The best way to deploy a website is to set up a continuous delivery workflow integrated with
your source control system. Automation not only makes the development process more efficient
but also can make your backup and restore processes more manageable and reliable.
If you don't have source control set up yet, the easiest way to get started is to use a cloud-hosted
source control system.
Visual Studio Online (VSO)
Visual Studio Online (formerly Team Foundation Service) is Microsoft's cloud-based solution
for source control and team collaboration. The service is free for a team of up to 5 developers.
You can set up VSO to do continuous delivery to an Azure Website, and your repository can use
either Git or TFVC.
For more information, see the following resources:

Deliver to Azure Continuously using VSO and TFVC. Brief step-by-step tutorial that shows how to
set up continuous delivery from VSO to an Azure Website, using TFVC. TFVC is the centralized
source control option in VSO, as opposed to Git, which is the distributed source control option.
Continuous delivery to Azure using VSO and TFVC. Similar to the previous tutorial, but this one
also goes through the steps for signing up for a VSO account and checking in a project to source
control.
Continuous delivery to Azure using Visual Studio Online and Git. Similar to the previous tutorial
but uses Git instead of TFVC.

Repository websites using Git

Git is a popular distributed source control system. Azure has built-in features that make it easy to
automate deployment to an Azure Website from popular web-based repository sites that store Git
repositories, including GitHub, CodePlex, and BitBucket. An advantage of using Git to deploy is
that it's relatively easy to roll back to an earlier deployment if that ever becomes necessary.
For more information, see the following resources:

Publishing from Source Control to Azure Web Sites. How to use Git to publish directly from your
local computer to an Azure Website (in Azure, this method of publishing is called Local Git). Also
shows how to enable continuous deployment of Git repositories from GitHub, CodePlex, or
BitBucket.
Deploying to Web Sites with GitHub using Kudu. Video by Scott Hanselman and David Ebbo that
shows how to deploy a website directly from GitHub to an Azure Website.
Azure Forum for Git, Mercurial, and Dropbox.

Repository websites using Mercurial

If you use Mercurial as your source control system and store your repository in CodePlex or
BitBucket, you can use built-in features in Azure Websites to automatically deploy your content.
For information about how to deploy using Mercurial, see the following resources:

Publishing from Source Control to Azure Web Sites. Although this tutorial shows how to publish
a Git repository, the process for Mercurial repositories hosted in CodePlex or BitBucket is
similar.
Azure Forum for Git, Mercurial, and Dropbox.

Dropbox
Dropbox is not a source control system, but if you store your source code in Dropbox you can
automate deployment from your Dropbox account.

Deploy To Windows Azure Using Dropbox. How to use the Azure Management Portal to set up
Dropbox deployment.
Dropbox and Azure Web Sites. This video walks through the process of connecting a Dropbox
folder to an Azure Website, and shows how quickly you can get a website up and running or
maintain it using simple drag-and-drop deployment.
Azure Forum for Git, Mercurial, and Dropbox.

Deploying from an IDE

Visual Studio and WebMatrix are Microsoft IDEs (integrated development environments) that
you can use for web development. Both provide built-in features that make it easy to deploy to
Azure Websites. Both can use Web Deploy to automate additional deployment-related tasks such
as database deployment and connection string changes. Both can also deploy by using FTP or
FTPS).
WebMatrix is quick to install and easy to learn, but Visual Studio offers many more features for
working with Azure Websites. From within the Visual Studio IDE you can create, stop, start, and
delete Azure Websites, you can view logs as they are created in real-time, you can debug
remotely, and much more. Visual Studio also integrates with source control systems such as
Visual Studio Online, Team Foundation Server, and Git repositories.
Visual Studio
For information about how to deploy to Azure Websites from Visual Studio, see the following
resources:

Get started with Azure and ASP.NET. How to create and deploy a simple ASP.NET MVC web
project by using Visual Studio and Web Deploy.

How to Deploy Azure WebJobs to Azure Websites. How to configure Console Application
projects so that they deploy as WebJobs.
Deploy a Secure ASP.NET MVC 5 app with Membership, OAuth, and SQL Database to an Azure
Web Site. How to create and deploy an ASP.NET MVC web project with a SQL database, by using
Visual Studio, Web Deploy, and Entity Framework Code First Migrations.
Web Deployment Overview for Visual Studio and ASP.NET. A basic introduction to web
deployment using Visual Studio. Dated but includes information that is still relevant, including
an overview of options for deploying a database along with the web application and a list of
additional deployment tasks you might have to do or manually configure Visual Studio to do for
you. This topic is about deployment in general, not just about deployment to Azure Websites.
ASP.NET Web Deployment using Visual Studio. A 12-part tutorial series that covers a more
complete range of deployment tasks than the others in this list.
Deploying an ASP.NET Website to Azure in Visual Studio 2012 from a Git Repository directly.
Explains how to deploy an ASP.NET web project in Visual Studio, using the Git plug-in to commit
the code to Git and connecting Azure to the Git repository.

WebMatrix
For information about how to deploy to Azure Websites from WebMatrix, see the following
resources:

Develop and deploy a web site with Microsoft WebMatrix. How to create a simple ASP.NET
website by using a WebMatrix template and deploy it to an Azure Website by using WebMatrix
and Web Deploy.
Build and deploy a Node.js web site to Azure using WebMatrix.
Create and deploy a PHP-MySQL Azure Web Site using WebMatrix.
WebMatrix 3: Integrated Git and Deployment to Azure. How to use WebMatrix to deploy from a
Git source control repository.

Deploying by using an FTP utility

Regardless of what IDE you use, you can also deploy content to your site by using FTP to copy
files. It's easy to create FTP credentials for an Azure Website, and you can use them in any
application that works with FTP, including browsers such as Internet Explorer and full-featured
free utilities such as FileZilla. Azure Websites also support the more secure FTPS protocol.
Although it's easy to copy your website's files to Azure using FTP utilities, they don't
automatically take care of or coordinate related deployment tasks such as deploying a database or
changing connection strings. Also, many FTP tools don't compare source and destination files in
order to skip copying files that haven't changed. For large sites, always copying all files can
result in long deployment times even for minor updates since all files are always copied.
For more information, see the following resources:

Create a PHP-MySQL Azure Web Site and Deploy Using FTP.

How to Manage Web Sites. Includes additional information not included in the PHP tutorial
about how to set FTP credentials.

Deploying from an on-premises source control system

If you are using TFS, Git, or Mercurial in an on-premises (not cloud-hosted) repository, you can
deploy directly from your repository to Azure Websites.
Team Foundation Server (TFS)
Team Foundation Server is Microsoft's on-premises solution for source control and team
collaboration. You can set up TFS to do continuous delivery to an Azure Website.
For more information, see the following resource:

Continuous Delivery for Cloud Services in Azure. This document is for an Azure Cloud Service,
but some of its content is relevant to Websites.

On-premises Git or Mercurial repositories

In Azure you can enter the URL of any repository that uses Git or Mercurial in order to deploy
from that location. You can also directly push from a local Git repository to an Azure Website.
For more information, see the following resources:

Publishing from Source Control to Azure Web Sites. How to use Git to publish directly from your
local computer to an Azure Website (in Azure, this method of publishing is called Local Git). Also
shows how to enable continuous deployment of Git repositories from GitHub, CodePlex, or
BitBucket.
Publishing to Azure Web Sites from any git/hg repo. Blog by David Ebbo that explains the
"External Repository" feature in Azure Websites.
Azure Forum for Git, Mercurial, and Dropbox.
Deploying TWO websites to Azure from one Git Repository. Blog post by Scott Hanselman.

Using command-line tools and the Azure REST management API

It's always best to automate your development workflow, but if you can't do that directly in your
source control system, you can set it up manually by using command-line tools. This generally
involves the use of more than one tool or framework, as deployment often involves performing
site management functions as well as copying content.
Azure simplifies site management tasks that you might have to do for deployment by providing a
REST management API and several frameworks that make it easier to work with the API.
MSBuild
If you use the Visual Studio IDE for development, you can use MSBuild to automate anything
you can do in your IDE. You can configure MSBuild to use either Web Deploy or FTP/FTPS to

copy files. Web Deploy can also automate many other deployment-related tasks, such as
deploying databases.
For more information about command-line deployment using MSBuild, see the following
resources:

ASP.NET Web Deployment using Visual Studio: Command Line Deployment. Tenth in a series of
tutorials about deployment to Azure using Visual Studio. Shows how to use the command line to
deploy after setting up publish profiles in Visual Studio.
Inside the Microsoft Build Engine: Using MSBuild and Team Foundation Build. Hard-copy book
that includes chapters on how to use MSBuild for deployment.

FTP scripts
It's easy to create FTP/FTPS credentials for an Azure Website, and you can then use those
credentials with FTP batch scripts.
For more information, see the following resource:

Using FTP Batch Scripts.

Windows PowerShell
You can perform MSBuild or FTP deployment functions from Windows PowerShell. If you do
that, you can also use a collection of Windows PowerShell cmdlets that make the Azure REST
management API easy to call.
For more information, see the following resource:

Building Real-World Cloud Apps with Azure - Automate Everything. E-book chapter that explains
how the sample application shown in the e-book uses Windows PowerShell scripts to create an
Azure test environment and deploy to it. See the Resources section for links to additional Azure
PowerShell documentation.

.NET management API

You can write C# code to perform MSBuild or FTP functions for deployment. If you do that, you
can access the Azure management REST API to perform site management functions.
For more information, see the following resource:

Automating everything with the Azure Management Libraries and .NET. Introduction to the .NET
management API and links to more documentation.

Cross-platform command line (xpat-cli)

You can use the command line in Mac or Linux machines to deploy by using FTP. If you do that,
you can also access the Azure REST management API using the Azure cross-platform
command-line interface (xpat-cli). The xpat-cli can also be used on Windows machines.
For more information, see the following resource:

Command line tools. Portal page in WindowsAzure.com for command line tool information.

Web Deploy command line

Web Deploy is Microsoft software for deployment to IIS that not only provides intelligent file
sync features but also can perform or coordinate many other deployment-related tasks that can't
be automated when you use FTP. For example, Web Deploy can deploy a new database or
database updates along with your website. Web Deploy can also minimize the time required to
update an existing site since it can intelligently copy only changed files. Microsoft WebMatrix,
Visual Studio, Visual Studio Online, and Team Foundation Server have support for Web Deploy
built-in, but you can also use Web Deploy directly from the command line to automate
deployment. Web Deploy commands are very powerful but the learning curve can be steep.
For more information, see the following resource:

Web Deployment Tool. Official documentation on the Microsoft TechNet site. Dated but still a
good place to start.
Using Web Deploy. Official documentation on the Microsoft IIS.NET site. Also dated but a good
place to start.
StackOverflow. The best place to go for more current information about how to use Web Deploy
from the command line.
ASP.NET Web Deployment using Visual Studio: Command Line Deployment. MSBuild is the build
engine used by Visual Studio, and it can also be used from the command line to deploy web
applications to Azure Websites. This tutorial is part of a series that is mainly about Visual Studio
deployment.

Use WebJobs to run background tasks in Azure Websites

Azure Websites enables you to run programs or scripts in your website in three ways: on
demand, continuously, or on a schedule. There is no additional cost to use Microsoft Azure
WebJobs.

Acceptable File Types for Scripts or Programs

The following file types are accepted:

.cmd, .bat, .exe (using windows cmd)

.ps1 (using powershell)

.sh (using bash)

.php (using php)
.py (using python)
.js (using node)

Create an On Demand Task

1. In the command bar of the WebJobs page, click Add. The New Job dialog appears.

2. Under Name, provide a name for the task. The name must start with a letter or a number
and cannot contain any special characters other than "-" and "_".
3. In the Content (Zip Files - 100MB Max) box, browse to the zip file that contains your
script. The zip file should contain your executable (.exe .cmd .bat .sh .php .py .js) as well
as any supporting files needed to run the program or script.
4. In the How to Run box, choose Run on Demand.
5. Check the check mark on the bottom right of the dialog to upload the script to your
website. The name you specified for the task appears in the list:

6. To run the script, select its name in the list and click Run Once in the command bar at
the bottom of the portal page.

Create a Continuously Running Task

1. To create a continuously executing task, follow the same steps for creating a task that
runs once, but in the How to Run box, choose Run continuously.

2. To start or stop a continuously running task, select the task in the list and click Start or
Stop in the command bar.
NOTE:

If your website runs on more than one instance, a continuously running task will run on all of
your instances. On-demand and scheduled tasks run on a single instance selected for load
balancing by Microsoft Azure.
[WACOM.NOTE] For continuous tasks, it is recommended that you enable Always On on the
Configure page for your website. The Always On feature, available in Basic and Standard mode,
prevents websites from being unloaded, even if they have been idle for some time. If your
website is always loaded, your continuously running task may run more reliably.

Create a Scheduled Task

1. To create a scheduled task, follow the same steps as before, but in the How to Run box,
choose Run on a schedule.

2. Choose the Scheduler Region for your job, and then click the arrow on the bottom right
of the dialog to proceed to the next screen.
3. In the Create Job dialog, choose the type of Recurrence you want: One-time job or
Recurring job.

4. Also choose a Starting time: Now or At a specific time.

5. If you want to start at a specific time, choose your starting time values under Starting
On.

6. If you chose a recurring job, you have the Recur Every option to specify the frequency
of occurrence and the Ending On option to specify an ending time.

7. If you choose Weeks, you can select the On a Particular Schedule box and specify the
days of the week that you want the job to run.

8. If you choose Months and select the On a Particular Schedule box, you can set the job
to run on particular numbered Days in the month.

9. If you choose Week Days, you can select which day or days of the week in the month
you want the job to run on.

10. Finally, you can also use the Occurrences option to choose which week in the month
(first, second, third etc.) you want the job to run on the week days you specified.

11. After you have created one or more jobs, their names will appear on the WebJobs tab
with their status, schedule type, and other information. Historical information for the last
30 tasks is maintained.

Scheduled jobs and Azure Scheduler

Scheduled jobs can be further configured in the Azure Scheduler portal.
1. On the WebJobs page, click the job's schedule link to navigate to the Azure Scheduler
portal page.

2. On the Scheduler page, click the job.

3. The Job Action page opens, where you can further configure the job.

View the Job History

1. To view the execution history of a job, including jobs created with the WebJobs SDK,
click its corresponding link under the Logs column. (You can use the clipboard icon to
copy the URL of the log file page to the clipboard if you wish.)

2. Clicking the link opens the web jobs details page for the task. This page shows you the
name of the command run, the last times it ran, and its success or failure. Under Recent
job runs, click a time to see further details.

3. The WebJob Run Details page appears. Click Toggle Output to see the text of the log
contents. The output log is in text format.

4. To see the output text in a separate browser window, click the download link. To
download the text itself, right-click the link and use your browser options to save the file
contents.

5. The WebJobs link at the top of the page provides a convenient way to get to a list of web
jobs on the history dashboard.

Clicking one of these links takes you to the WebJob Details page for the job you selected.

Configure websites
Configure app settings, connection strings, handlers, and virtual directories; configure
certificates, custom domains, and traffic manager; configure SSL bindings and runtime
configurations; manage websites by using Windows PowerShell and Xplat-CLI

How to Configure Websites

In the Azure Management Portal, you can change the configuration options for websites and link
to other Azure resources, such as a database.

ow to: Change configuration options for a website

To set configuration options for a website:
1. In the Management Portal, open the website's management pages.

2. Click the Configure tab.

The Configure tab has the following sections:

General
Framework versions. Set these options if your app uses any these frameworks:

.NET Framework: Set the .NET framework version.

PHP: Set the PHP version, or **OFF **to disable PHP.
Java: Select the displayed version to enable Java, or OFF to disable Java.
If you enable Java, use the Web Container option to choose between Tomcat and Jetty versions.
Python: Select the Python version, or OFF to disable Python.

For technical reasons, enabling Java for your website disables the .NET, PHP, and Python
options.
Managed Pipeline Mode. Sets the IIS pipeline mode. Leave this set to Integrated (the default)
unless you have a legacy website that requires an older version of IIS.
Platform. Selects whether your application runs in a 32-bit or 64-bit environment. The 64-bit
environment requires Basic or Standard mode. Free and Shared modes always run in a 32-bit
environment.
Web Sockets. Set ON to enable the WebSocket protocol; for example, if your website uses
ASP.NET SignalR or socket.io.
Always On. By default, websites are unloaded if they are idle for some period of time. This lets
the system conserve resources. In Basic or Standard mode, you can enable Always On to keep
the site loaded all the time. If your site runs continuous web jobs, you should enable Always On,
or the web jobs may not run reliably
Edit in Visual Studio Online. Enables live code editing with Visual Studio Online. If enabled,
the Dashboard tab will show a link called Edit in Visual Studio Online, under the Quick
Glance section. Click this link to edit your website directly online. If you need to authenticate,
you can use your basic deployment credentials.
Note: If you enable deployment from source control, it is possible for a deployment to overwrite
changes you make in the Visual Studio Online editor.
Certificates
In Basic or Standard mode, you can upload SSL certificates for a custom domain. For more
information,, see Enable HTTPS for an Azure website.

Your uploaded certificates are listed here. After you upload a certificate, you can assign it to any
website in your subscription and region. Wildcard certificates can be used for any site within the
domain for which it is valid. A certificate can be deleted only if there are no active bindings for
that certificate.
Domain names
View or add additional domain names for the website. For more information, see Configuring a
custom domain name for an Azure website.
SSL Bindings
If you uploaded SSL certificates, you can bind them to custom domain names. For more
information,, see Enable HTTPS for an Azure website
Deployments
This section appears only if you have enabled deployment from source control. Use these
settings to configure deployments.

Git URL. If you have created a Git repository for your Azure website, this is the URL where you
push your content.
Deployment Trigger URL. This URL can be set on a GitHub, CodePlex, Bitbucket, or other
repository to trigger the deployment when a commit is pushed to the repository.
Branch to Deploy. Specifies the branch that will be deployed when you push content.

To set up deployment from source control, view the Dashboard tab, and click Set up
deployment from source control.
Application diagnostics
Options for writing diagnostic logs from a web application that supports logging:

File System. Writes logs to the website's file system. File system logging lasts for a period of 12
hours. You can access the logs from the FTP share for the website. (See FTP Credentials).
Table Storage. Writes logs to Azure table storage. There is no time limit, and logging stays
enabled until you disable it.
Blob Storage. Writes logs to Azure blob storage. There is no time limit, and logging stays
enabled until you disable it.

Logging Level. When logging is enabled, this option specifies the amount of information that
will be recorded (Error, Warning, Information, or Verbose).
Manage table storage. When table storage is enabled, click this button to set the storage account
and table name.

Manage blob storage. When blob storage is enabled, click this button to set the storage account
and blob storage name.
Site diagnostics
Options for gathering diagnostic information for your website.
Web Server Logging. Enables web server logging. Logs are saved in the W3C extended log file
format. You can save the logs to Azure Storage or to the website's file System.

If you choose File System, logs are saved to the FTP site listed under "FTP Diagnostic Logs" on
the Dashboard page. (See FTP Credentials.)
If you choose File System, use the Quota box to set the maximum amount of disk space for the
log files. The minimum is 25MB and the maximum is 100MB. The default is 35MB. When the
quota is reached, the oldest files are successively overwritten by the newest ones. If you need to
retain more history 100MB, use Azure Storage, which has a much greater storage capacity.
Optionally, click Set Retention to automatically delete files after a period of time. By default,
logs are never deleted.

Detailed Error Messages. If enabled, detailed error messages are saved as .htm files. To view
the files, go to the FTP site listed under "FTP Diagnostic Logs" on the Dashboard page. The files
are saved under /LogFiles/DetailedErrors in the FTP site. (See FTP Credentials.)
Failed Request Tracing. If enabled, failed requests are logged to XML files. To view the files,
go to the FTP site listed under "FTP Diagnostic Logs" on the Dashboard page. (See FTP
Credentials.) The files are saved under /LogFiles/W3SVCxxx, where xxx is a unique identifier.
This folder contains an XSL file and one or more XML files. Make sure to download the XSL
file, because it provides functionality for formatting and filtering the contents of the XML files.
Remote Debugging Enables remote debugging. When enabled, you can use the remote debugger
in Visual Studio to connect directly to your Azure website. Remote debugging will remain
enabled for 48 hours.
Note: Remote debugging will not work with a site name or user name that is longer than 20
characters.
Monitoring
In Basic or Standard mode, you can test the availability of HTTP or HTTPS endpoints, from up
to three geo-distributed locations. A monitoring test fails if the HTTP response code is an error
(4xx or 5xx) or the response takes more than 30 seconds. An endpoint is considered available if
the monitoring tests succeed from all the specified locations.
For more information, see How to: Monitor web endpoint status.

Developer analytics
Choose Add-on to select an analytics add-on from a list, or to go to the Azure store to choose
one. Choose Custom to select an analytics provider such as New Relic from a list. If you use a
custom provider, you must enter the license key in the Provider Key box.
For more information on using New Relic with Azure Websites, see New Relic Application
Performance Management on Azure Websites.
App settings
Name/value pairs that will be loaded by your web application on start up.

For .NET sites, these settings are injected into your .NET configuration AppSettings at
runtime, overriding existing settings.
PHP, Python, Java and Node applications can access these settings as environment
variables at runtime. For each app setting, two environment variables are created; one
with the name specified by the app setting entry, and another with a prefix of
APPSETTING_. Both contain the same value.

Connection strings
Connection strings for linked resources.
For .NET sites, these connection strings are be injected into your .NET configuration
connectionStrings settings at runtime, overriding existing entries where the key equals the linked
database name.
For PHP, Python, Java and Node applications, these settings will be available as environment
variables at runtime, prefixed with the connection type. The environment variable prefixes are as
follows:

SQL Server: SQLCONNSTR_

MySQL: MYSQLCONNSTR_
SQL Database: SQLAZURECONNSTR_
Custom: CUSTOMCONNSTR_

For example, if a MySql connection string were named connectionstring1, it would be accessed
through the environment variable MYSQLCONNSTR_connectionString1.
Note: Connection strings are also created when you link a database resource to a website.
Connection strings created this way are read only when viewed on the configuration
management page.

Default documents
A website's default document is the web page that is displayed does not specify a particular page
on the website. If your website contains more than one of the files in the list, make sure to put
your default document at the top of the list.
Web applications might use modules that route based on the URL, rather than serving static
content, in which case there is no default document as such.
Handler mappings
Use this area to add custom script processors to handle requests for specific file extensions.

Extension. The file extension to be handled, such as *.php or handler.fcgi.

Script Processor Path. The absolute path of the script processor. Requests to files that match
the file extension will be processed by the script processor. Use the path
D:\home\site\wwwroot to refer to your site's root directory.
Additional Arguments. Optional command-line arguments for the script processor

Virtual applications and directories

To configure virtual applications and directories associated with your website, specify each
virtual directory and its corresponding physical path relative to the site root. Optionally, you can
select the Application checkbox to mark a virtual directory as an application in site
configuration.

How to: Configure a website to use a SQL database

Follow these steps to link a website to a SQL Database:
1. In the Management Portal, select Websites to display the list of websites created by the
currently logged on account.
2. Select a website from the list of websites to open the website's Management pages.
3. Click the Linked Resources tab and a message will be displayed on the Linked
Resources page indicating You have no linked resources.
4. Click Link a Resource to open the Link a Resource wizard.
5. Click Create a new resource to display a list of resources types that can be linked to
your website.
6. Click SQL Database to display the Link Database wizard.
7. Complete required fields on pages 3 and 4 of the Link Database wizard and then click
the Finish checkmark on page 4.
Azure will create a SQL database with the specified parameters and link the database to the
website.

Windows Azure Webs Sites: How Application Strings and Connection Strings Work

Windows Azure Web Sites has a handy capability whereby developers can store key-value string
pairs in Azure as part of the configuration information associated with a website. At runtime,
Windows Azure Web Sites automatically retrieves these values for you and makes them
available to code running in your website. Developers can store plain vanilla key-value pairs as
well as key-value pairs that will be used as connection strings.
Since the key-value pairs are stored behind the scenes in the Windows Azure Web Sites
configuration store, the key-value pairs dont need to be stored in the file content of your web
application. From a security perspective that is a nice side benefit since sensitive information
such as Sql connection strings with passwords never show up as cleartext in a web.config or
php.ini file.
You can enter key-value pairs from Configure tab for your website in the Azure portal. The
screenshot below shows the two places on this tab where you can enter keys and associated
values:

You can enter key-value pairs as either app settings or connection strings. The only
difference is that a connection string includes a little extra metadata telling Windows Azure Web
Sites that the string value is a database connection string. That can be useful for downstream
code running in a website to special case some behavior for connection strings.
Retrieving Key-Value Pairs as Environment Variables

Once a developer has entered key-value pairs for their website, the data can be retrieved at
runtime by code running inside of a website.
The most generic way that Windows Azure Web Sites provides these values to a running website
is through environment variables. For example, using the data shown in the earlier screenshot,
the following is a code snippet from ASP.NET that dumps out the data using environment
variables:

Here is what the example page output looks from the previous code snippet:

[Note: The interesting parts of the Sql connection string are intentionally blanked out in this post
with asterisks. However, at runtime rest assured you will retrieve the full connection string
including server name, database name, user name, and password.]
Since the key-value pairs for both app settings and connection strings are stored in
environment variables, developers can easily retrieve these values from any of the web
application frameworks supported in Windows Azure Web Sites. For example, the following is
a code snippet showing how to retrieve the same settings using php:

From the previous examples you will have noticed a naming pattern for referencing the
individual keys. For app settings the name of the corresponding environment variable is
prepended with APPSETTING_.
For connection strings, there is a naming convention used to prepend the environment variable
depending on the type of database you selected in the databases dropdown. The sample code is
using SQLAZURECONNSTR_ since the connection string that was configured had Sql
Databases selected in the dropdown.
The full list of database connection string types and the prepended string used for naming
environment variables is shown below:
If you select Sql Databases, the prepended string is SQLAZURECONNSTR_
If you select SQL Server the prepended string is SQLCONNSTR_
If you select MySQL the prepended string is MYSQLCONNSTR_
If you select Custom the prepended string is CUSTOMCONNSTR_

Retrieving Key-Value Pairs in ASP.NET

So far we have shown how the key-value pairs entered in the portal flow through to a web
application via environment variables. For ASP.NET web applications, there is some extra
runtime magic that is available as well. If looking at the names of the different key-value types
seems familiar to a .NET developer that is intentional. App settings neatly map to the .NET
Frameworks appSettings configuration. Similarly connection strings correspond to the .NET
Frameworks connectionStrings collection.
Here is another ASP.NET code snippet showing how an app setting can be referenced using
System.Configuration types:

Notice how the value entered into the portal earlier just automatically appears as part of the
AppSettings collection. If the application setting(s) happen to already exist in your web.config
file, Windows Azure Web Sites will automatically override them at runtime using the values
associated with your website.
Connection strings work in a similar fashion, with a small additional requirement. Remember
from earlier that there is a connection string called example-config_db that has been associated
with the website. If the websites web.config file references the same connection string in the
<connectionStrings /> configuration section, then Windows Azure Web Sites will automatically
update the connection string at runtime using the value shown in the portal.
However, if Windows Azure Web Sites cannot find a connection string with a matching name
from the web.config, then the connection string entered in the portal will only be available as an
environment variable (as shown earlier).
As an example, assume a web.config entry like the following:

A website can reference this connection string in an environment-agnostic fashion with the
following code snippet:

When this code runs on a developers local machine, the value returned will be the one from the
web.config file. However when this code runs in Windows Azure Web Sites, the value returned
will instead be overridden with the value entered in the portal:

This is a really useful feature since it neatly solves the age-old developer problem of ensuring the
correct connection string information is used by an application regardless of where the
application is deployed.
Configuring Key-Value Pairs from the Command-line

As an alternative to maintaining app settings and connection strings in the portal, developers can
also use either the PowerShell cmdlets or the cross-platform command line tools to retrieve and
modify both types of key-value pairs.
For example, the following PowerShell commands define a hashtable of multiple app settings,
and then stores them in Azure using the Set-AzureWebsite cmdlet, associating them with a
website called example-config.

Running the following code snippet in ASP.NET shows that the value for the original app setting
(some-key-here) has been updated, and a second key-value pair (some-other-key) has also
been added.

Sample HTML output showing the changes taking effect:

some-other-key <> a-different-value
some-key-here <> changed-this-value
Updating connection strings works in a similar fashion, though the syntax is slightly different
since internally the PowerShell cmdlets handle connection strings as a List<T> of
ConnStringInfo objects
(Microsoft.WindowsAzure.Management.Utilities.Websites.Services.WebEntities.ConnStringInfo
to be precise).
The following PowerShell commands show how to define a new connection string, add it to the
list of connection strings associated with the website, and then store all of the connection strings
back in Azure.

Note that for the property $cs.Type, you can use any of the following strings to define the
type: Custom, SQLAzure, SQLServer, and MySql.
Running the following code snippet in ASP.NET lists out all of the connection strings for the
website.

Remember though that for Windows Azure Web Sites to override a connection string and
materialize it in the .NET Frameworks connection string configuration collection, the
connection string must already be defined in the web.config. For this example website, the
web.config has been updated as shown below:

Now when the ASP.NET page is run, it shows that both connection string values have been overridden using the values stored via PowerShell (sensitive parts of the first connection string are
intentionally blanked out with asterisks):

Summary

You have seen in this post how to easily associate simple key-value pairs of configuration data
with your website, and retrieve them at runtime as environment variables. With this
functionality web developers can safely and securely store configuration data without having this
data show up as clear-text in a website configuration file. And if you happen to be using
ASP.NET, there is a little extra configuration magic that also automatically materializes the
values as values in the .NET AppSettings and ConnectionStrings configuration collections.

Configuring a custom domain name for an Azure Website

When you create a website, Azure assigns it to a subdomain of azurewebsites.net. For example,
if your website is named contoso, the URL is contoso.azurewebsites.net. Azure also assigns a
virtual IP address.

For a production website, you probably want users to see a custom domain name. This article
explains how to configure a custom domain with Azure Websites. (This article provides generic
instructions for any domain registrar. The tabs at the top of this article link to some articles for
specific registrars.)
NOTE:

This article is for Azure Websites; for Cloud Services, see Configuring a Custom Domain
Name in Azure.
For instructions on using Traffic Manager to load balance traffic to websites, use the
selector at the top of this article to select the Traffic Manager specific steps.
Custom domain names cannot be used with Free websites. You must configure your websites
for Shared, Basic, or Standard mode, which may change how much you are billed for your
subscription. See Websites Pricing Details for more information.
In this article:

Overview
DNS record types
Find the virtual IP address
Create the DNS records
Create an awverify record (A records only)
Enable the domain name on your website

Overview
Here are the general steps to configure a custom domain name:
1. Reserve your domain name. This article does not cover that process. There are many domain
registrars to choose from. When you sign up, their site will walk you through the process.
2. Create DNS records that map the domain to your Azure website.
3. Add the domain name inside the Azure Management Portal.

Within this basic outline, there are specific cases to consider:

Mapping your root domain. The root domain is the domain that you reserved with the domain
registrar. For example, contoso.com.
Mapping a subdomain. For example, blogs.contoso.com. You can map different subdomains to
different websites.
Mapping a wildcard. For example, *.contoso.com. A wildcard entry applies to all subdomains of
your domain.

Setting a custom domain name is only available for the Shared, Basic and Standard modes for
Azure Websites. Before switching a website from the Free website mode to the Shared, Basic or
Standard mode, you must first remove spending caps in place for your Website subscription.
For more information on the Website modes, including how to change the mode of your site, see
How to scale web sites.

DNS record types

The Domain Name System (DNS) uses data records to map domain names into IP addresses.
There are several types of DNS records. For websites, youll create either an A record or a
CNAME record.

An A (Address) record maps a domain name to an IP address.

A CNAME (Canonical Name) record maps a domain name to another domain name. DNS uses
the second name to look up the address. Users still see the first domain name in their browser.
For example, you could map contoso.com to <yoursite>.azurewebsites.net.

If the IP address changes, a CNAME entry is still valid, whereas an A record must be updated.
However, some domain registrars do not allow CNAME records for the root domain or for
wildcard domains. In that case, you must use an A record.
NOTE:

The IP address may change if you delete and recreate your website, or change the website mode
back to free.

Find the virtual IP address

Skip this step if you are creating a CNAME record. To create an A record, you need the virtual
IP address of your website. To get the IP address:
1. In your browser, open the Azure Management Portal.
2. In the Websites tab, click the name of your site and select Dashboard.

3. Select Manage Domains from the bottom of the page. (If this option is disabled, make
sure you are using Shared, Basic, or Standard mode. For more information, see How to
scale websites.)

4. The IP address is listed toward the bottom of the dialog.

Create the DNS records

Log in to your domain registrar and use their tool to add an A record or CNAME record. Every
registrars website is slightly different, but here are some general guidelines.
1. Find the page for managing DNS records. Look for links or areas of the site labeled Domain
Name, DNS, or Name Server Management. Often the link can be found be viewing your account
information, and then looking for a link such as My domains.
2. When you find the management page, look for a link that lets you add or edit DNS records. This
might be listed as a Zone file, DNS Records, or as an Advanced configuration link.

The page might list A records and CNAME records separately, or else provide a drop-down to
select the record type. Also, it might use other names for the record types, such as IP Address
record instead of A record, or Alias Record instead of CNAME record. Usually the registrar
creates some records for you, so there may already be records for the root domain or common
subdomains, such as www.
When you create or edit a record, the fields will let you map your domain name to an IP address
(for A records) or another domain (for CNAME records). For a CNAME record, you will map
from your custom domain to your azurewebsites.net subdomain.

In many registrar tools, you will just type the subdomain portion of your domain, not the entire
domain name. Also, many tools use @ to mean the root domain. For example:
Host Record type
IP Address or URL
@
A (address) 127.0.0.1
www CNAME (alias) contoso.azurewebsites.net

Assuming the custom domain name is contoso.com, this would create the following records:

contoso.com mapped to 127.0.0.1.

www.contoso.com mapped to contoso.azurewebsites.net.

Create an awverify record (A records only)

If you create an A record, Azure websites also requires a special CNAME record, which is used
to verify that you own the domain you are attempting to use. This CNAME record must have the
following form.

If the A record maps the root domain or a wildcard domain: Create a CNAME record that maps
from awverify.<yourdomain> to awverify.<yourwebsitename>.azurewebsites.net. For
example, if the A record is for contoso.com, create a CNAME record for awverify.contoso.com.
If the A record maps a specific subdomain: Create a CNAME record that maps from
awverify.<subdomain> to awverify.<yourwebsitename>.azurewebsites.net. For example, if the
A record is for blogs.contoso.com, create a CNAME record for awverify.blogs.contoso.com.

Visitors to your site will not see the awverify subdomain; its only for Azure to verify your
domain.

Enable the domain name on your website

After the records for your domain name have propagated, you must associate them with your
website. Use the following steps to enable the domain names using your web browser.
NOTE:

It can take some time for CNAME records created in the previous steps to propagate through the
DNS system. You cannot add the domain name of to your Azure Website until the CNAME has
propagated. If you are using an A record, you cannot add the A record domain name to your
Azure Website until the awverify CNAME record created in the previous step has propagated.
You can use a service such as http://www.digwebinterface.com/ to verify that the CNAME is
available.
1. In your browser, open the Azure Management Portal.
2. In the Websites tab, click the name of your site, select Dashboard, and then select
Manage Domains from the bottom of the page.

3. Use the DOMAIN NAMES text boxes to enter the domain names to associate with this
website.

4. Click the check mark in the lower right corner to save the domain name configuration.
Once configuration has completed, the custom domain name will be listed in the domain
names section of the Configure page of your website.
At this point, you should be able to enter the custom domain name in your browser and see that it
successfully takes you to your Azure Website.
Enable HTTPS for an Azure Website

Enable HTTPS for an Azure website

NOTE:

Get going faster--use the NEW Azure guided walkthrough! It makes associating a custom
domain name AND securing communication (SSL) with Azure Cloud Services or Azure
Websites a snap.
You can secure the communication between the website and the browser with HTTPS, which
uses Secure Socket Layer (SSL) encryption. This is the most commonly used method of securing
data sent across the internet, and assures visitors that their transactions with your site are secure.
This article discusses how to configure HTTPS for an Azure Website.

HTTPS for the *.azurewebsites.net domain

If you are not planning on using a custom domain name, but are instead planning on using the
*.azurewebsites.net domain assigned to your website by Azure (for example,
contoso.azurewebsites.net,) theyn HTTPS is already enabled on your site with a certificate from
Microsoft. You can use https://mywebsite.azurewebsites.net to access your site. However,
*.azurewebsites.net is a wildcard domain. Like all wildcard domains, it is not as secure as using a
custom domain with your own certificate.
The rest of this document provides details on enabling HTTPS for custom domains, such as
contoso.com, www.contoso.com, or *.contoso.com

Enable SSL for your custom domain

To enable HTTPS for a custom domain, such as contoso.com, you must first register a custom
domain name with a domain name registrar. For more information on how to configure the
domain name of an Azure Website, see Configuring a custom domain name for an Azure Web
Site. Once you have registered a custom domain name and configured your website to respond to
the custom name, you must request an SSL certificate for the domain.
NOTE:

In order to enable HTTPS for custom domain names, you must configure your website for
Standard web hosting plan mode. This may incur additional costs if you are currently using free
or shared mode. For more information on shared and Standard pricing, see Pricing Details.
Once you have a valid custom domain, enabling HTTPS for your website consists of the
following steps:
1.
2.
3.
4.

Get an SSL certificate

Configure Standard mode
Configure SSL
Enforce HTTPS on your Azure website

Get an SSL certificate

Before requesting an SSL certificate you must first determine which domain names will be
secured by the certificate. This will determine what type of certificate you must obtain. If you
just need to secure a single domain name such as contoso.com or www.contoso.com a basic
certificate is sufficient. If you need to secure multiple domain names, such as contoso.com,
www.contoso.com, and mail.contoso.com, then you can get a wildcard certificate, or a
certificate with Subject Alternate Name (subjectAltName).
SSL certificates used with Azure Websites must be signed by a Certificate Authority (CA). If
you do not already have one, you will need to obtain one from a company that issues SSL
certificates. For a list of Certificate Authorities, see Windows and Windows Phone 8 SSL Root
Certificate Program (Members CAs) on the Microsoft TechNet Wiki.
The certificate must meet the following requirements for SSL certificates in Azure:

The certificate must contain a private key.

The certificate must be created for key exchange, exportable to a Personal Information
Exchange (.pfx) file.
The certificate's subject name must match the domain used to access the website. If you need
to serve multiple domains with this certificate, you will need to use a wildcard value or specify
subjectAltName values as discussed previously.
The certificate should use a minimum of 2048-bit encryption.
Certificates issued from private CA servers are not supported by Azure Websites.

To get an SSL certificate for use with Azure Websites, you submit a Certificate Signing Request
(CSR) to a Certificate Authority and then generate a .pfx file from the certificate you receive
back. You can do this using the tool of your choice. Below are some of the common ways to get
a certificate:

Get a certificate using Certreq.exe

Get a certificate using IIS Manager
Get a certificate using OpenSSL
Get a SubjectAltName certificate using OpenSSL
Generate self-signed certificates (for testing only)

NOTE:

When following the steps, you will be prompted to enter a Common Name, such as
www.contoso.com. For wildcard certificates, this value should be *.domainname (for example,
*.contoso.com). If you need to support both a wildcard name like *.contoso.com and a root
domain name like contoso.com, you can use a wildcard subjectAltName certificate.
[WACOM.NOTE] Elliptic Curve Cryptography (ECC) certificates are supported with Azure
Websites; however, they are relatively new and you should work with your CA on the exact
steps to create the CSR.

You may also need to obtain intermediate certificates (also known as chain certificates), if
these are used by your CA. The use of intermediate certificates is considered more secure than
'unchained certificates', so it is common for a CA to use them. Intermediate certificates are often
provided as a separate download from the CAs website. The steps in this article provide steps to
ensure that any intermediate certificates are merged with the certificate uploaded to your Azure
website.
Get a certificate using Certreq.exe (Windows only)
Certreq.exe is Windows utility for creating certificate requests. It has been part of the base
Windows installation since Windows XP/Windows Server 2000, so should be available on recent
Windows systems. Use the following steps to obtain an SSL certificate using certreq.exe.
1. Open Notepad and create a new document that contains the following. Replace
mysite.com on the Subject line with the custom domain name of your website. For
example, Subject = "CN=www.contoso.com".
2. [NewRequest]
3. Subject = "CN=mysite.com"
4. Exportable = TRUE
5. KeyLength = 2048
6. KeySpec = 1
7. KeyUsage = 0xA0
8. MachineKeySet = True
9. ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
10. ProviderType = 12
11. RequestType = CMC
12.
13. [EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1

For more information on the options specified above, as well as other available options,
see the Certreq reference documentationn.
14. Save the text file as myrequest.txt.
15. From the Start Screen or Start Menu, run cmd.exe.
16. From the command prompt, use the following command to create the certificate request
file:
certreq -new \path\to\myrequest.txt \path\to\create\myrequest.csr

Specify the path to the myrequest.txt file created in step 1, and the path to use when
creating the myrequest.csr file.
17. Submit the myrequest.csr to a Certificate Authority to obtain an SSL certificate. This
may involve uploading the file, or opening the file in Notepad and pasting the contents
directly into a web form.
For a list of Certificate Authorities, see Windows and Windows Phone 8 SSL Root
Certificate Program (Members CAs) on the Microsoft TechNet Wiki.

18. Once the Certificate Authority has provided you with a certificate (.CER) file, save this
file to the computer used to generate the request, and then use the following command to
accept the request and complete the certificate generation process.
certreq -accept -user mycert.cer

In this case, the mycert.cer certificate received from the Certificate Authority will be
used to complete the signature of the certificate. No file will be created; instead, the
certificate will be stored in the Windows certificate store.
19. If your CA uses intermediate certificates, you must install these certificates before
exporting the certificate in the next steps. Usually these certificates are provided as a
separate download from your CA, and are provided in several formats for different web
server types. Select the version that is provided for Microsoft IIS.
Once you have downloaded the certificate, right click on it in explorer and select Install
certificate. Use the default values in the Certificate Import Wizard, and continue
selecting Next until the import has completed.
20. To export the certificate from the certificate store, run certmgr.msc from the Start
Screen or Start Menu. When Certificate Manager appears, expand the Personal folder,
and then select Certificates. In the Issued To field, look for an entry with the custom
domain name you requested a certificate for. In the Issued By field, it should list the
Certificate Authority you used for this certificate.

21. Right click the certificate and select All Tasks, and then select Export. In the Certificate
Export Wizard, click Next and then select Yes, export the private key. Click Next.

22. Select Personal Information Exchange - PKCS #12, Include all certificates in the
certificate chain, and Export all extended properties. Click Next.

23. Select Password, and then enter and confirm the password. Click Next.

24. Provide a path and filename that will contain the exported certificate. The filename
should have an extension of .pfx. Click Next to complete the process.

You can now upload the exported PFX file to your Azure Website.
Get a certificate using OpenSSL
1. Generate a private key and Certificate Signing Request by using the following from a
command-line, bash or terminal session:
openssl req -new -nodes -keyout myserver.key -out server.csr -newkey
rsa:2048

2. When prompted, enter the appropriate information. For example:

3.
4.
5.
6.
7.
8.
9.

Country Name (2 letter code)

State or Province Name (full name) []: Washington
Locality Name (eg, city) []: Redmond
Organization Name (eg, company) []: Microsoft
Organizational Unit Name (eg, section) []: Azure
Common Name (eg, YOUR name) []: www.microsoft.com
Email Address []:

10.
11. Please enter the following 'extra' attributes to be sent with your
certificate request
12.
A challenge password []:

Once this process completes, you should have two files; myserver.key and server.csr.
The server.csr contains the Certificate Signing Request.
13. Submit your CSR to a Certificate Authority to obtain an SSL certificate. For a list of
Certificate Authorities, see Windows and Windows Phone 8 SSL Root Certificate
Program (Members CAs) on the Microsoft TechNet Wiki.
14. Once you have obtained a certificate from a CA, save it to a file named myserver.crt. If
your CA provided the certificate in a text format, simply paste the certificate text into the
myserver.crt file. The file contents should be similar to the following when viewed in a
text editor:
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.

-----BEGIN CERTIFICATE----MIIDJDCCAgwCCQCpCY4o1LBQuzANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJV
UzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1JlZG1vbmQxEDAOBgNVBAsTB0NvbnRv
c28xFDASBgNVBAMTC2NvbnRvc28uY29tMB4XDTE0MDExNjE1MzIyM1oXDTE1MDEx
NjE1MzIyM1owVDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdS
ZWRtb25kMRAwDgYDVQQLEwdDb250b3NvMRQwEgYDVQQDEwtjb250b3NvLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN96hBX5EDgULtWkCRK7DMM3
enae1LT9fXqGlbA7ScFvFivGvOLEqEPD//eLGsf15OYHFOQHK1hwgyfXa9sEDPMT
3AsF3iWyF7FiEoR/qV6LdKjeQicJ2cXjGwf3G5vPoIaYifI5r0lhgOUqBxzaBDZ4
xMgCh2yv7NavI17BHlWyQo90gS2X5glYGRhzY/fGp10BeUEgIs3Se0kQfBQOFUYb
ktA6802lod5K0OxlQy4Oc8kfxTDf8AF2SPQ6BL7xxWrNl/Q2DuEEemjuMnLNxmeA
Ik2+6Z6+WdvJoRxqHhleoL8ftOpWR20ToiZXCPo+fcmLod4ejsG5qjBlztVY4qsC
AwEAATANBgkqhkiG9w0BAQUFAAOCAQEAVcM9AeeNFv2li69qBZLGDuK0NDHD3zhK
Y0nDkqucgjE2QKUuvVSPodz8qwHnKoPwnSrTn8CRjW1gFq5qWEO50dGWgyLR8Wy1
F69DYsEzodG+shv/G+vHJZg9QzutsJTB/Q8OoUCSnQS1PSPZP7RbvDV9b7Gx+gtg
7kQ55j3A5vOrpI8N9CwdPuimtu6X8Ylw9ejWZsnyy0FMeOPpK3WTkDMxwwGxkU3Y
lCRTzkv6vnHrlYQxyBLOSafCB1RWinN/slcWSLHADB6R+HeMiVKkFpooT+ghtii1
A9PdUQIhK9bdaFicXPBYZ6AgNVuGtfwyuS5V6ucm7RE6+qf+QjXNFg==
-----END CERTIFICATE-----

Save the file.

33. From the command-line, Bash or terminal session, use the following command to convert
the myserver.key and myserver.crt into myserver.pfx, which is the format required by
Azure Websites:
openssl pkcs12 -export -out myserver.pfx -inkey myserver.key -in
myserver.crt

When prompted, enter a password to secure the .pfx file.

Note

If your CA uses intermediate certificates, you must install these certificates before
exporting the certificate in the next step. Usually these certificates are provided as a

separate download from your CA, and are provided in several formats for different web
server types. Select the version that is provided as a PEM file (.pem file extension.)
The follow command demonstrates how to create a .pfx file that includes intermediate
certificates, which are contained in the intermediate-cets.pem file:
openssl pkcs12 -export -out myserver.pfx -inkey myserver.key -in
myserver.crt -certfile intermediate-cets.pem

After running this command, you should have a myserver.pfx file suitable for use with
Azure Websites.
Get a certificate using the IIS Manager
If you are familiar with IIS Manager, you can use it to generate a certificate that can be used with
Azure Websites.
1. Generate a CSR with IIS Manager to send to the Certificate Authority. For more
information on generating a CSR, see Request an Internet Server Certificate (IIS 7).
2. Submit your CSR to a Certificate Authority to obtain an SSL certificate. For a list of
Certificate Authorities, see Windows and Windows Phone 8 SSL Root Certificate
Program (Members CAs) on the Microsoft TechNet Wiki.
3. Complete the CSR with the certificate provided by the Certificate Authority vendor. For
more information on completing the CSR, see Install an Internet Server Certificate (IIS
7).
4. If your CA uses intermediate certificates, you must install these certificates before
exporting the certificate in the next step. Usually these certificates are provided as a
separate download from your CA, and are provided in several formats for different web
server types. Select the version that is provided for Microsoft IIS.
Once you have downloaded the certificate, right click on it in explorer and select Install
certificate. Use the default values in the Certificate Import Wizard, and continue
selecting Next until the import has completed.
5. Export the certificate from IIS Manager For more information on exporting the
certificate, see Export a Server Certificate (IIS 7). The exported file will be used in later
steps to upload to Azure for use with your Azure Website.
Note

During the export process, be sure to select the option Yes, export the private key. This
will include the private key in the exported certificate.
Note

During the export process, be sure to select the option include all certs in the
certification path and and Export all extended properties. This will include any
intermediate certificates in the exported certificate.
Get a SubjectAltName certificate using OpenSSL
OpenSSL can be used to create a certificate request that uses the SubjectAltName extension to
support multiple domain names with a single certificate, however it requires a configuration file.
The following steps walk through creating a configuration file, and then using it to request a
certificate.
1. Create a new file named sancert.cnf and use the following as the contents of the file:
2. # -------------- BEGIN custom sancert.cnf ----3. HOME = .
4. oid_section = new_oids
5. [ new_oids ]
6. [ req ]
7. default_days = 730
8. distinguished_name = req_distinguished_name
9. encrypt_key = no
10. string_mask = nombstr
11. req_extensions = v3_req # Extensions to add to certificate request
12. [ req_distinguished_name ]
13. countryName = Country Name (2 letter code)
14. countryName_default =
15. stateOrProvinceName = State or Province Name (full name)
16. stateOrProvinceName_default =
17. localityName = Locality Name (eg, city)
18. localityName_default =
19. organizationalUnitName = Organizational Unit Name (eg, section)
20. organizationalUnitName_default =
21. commonName
= Your common name (eg, domain name)
22. commonName_default
= www.mydomain.com
23. commonName_max = 64
24. [ v3_req ]
25. subjectAltName=DNS:ftp.mydomain.com,DNS:blog.mydomain.com,DNS:*.mydoma
in.com
# -------------- END custom sancert.cnf -----

Note the line that begins with 'subjectAltName'. Replace the domain names currently
listed with domain names you wish to support in addition to the common name. For
example:
subjectAltName=DNS:sales.contoso.com,DNS:support.contoso.com,DNS:fabrik
am.com

You do not need to change the commonName_default field, as you will be prompted to
enter your common name in one of the following steps.
26. Save the sancert.cnf file.

27. Generate a private key and Certificate Signing Request by using the sancert.cnf
configuration file. From a bash or terminal session, use the following command:
openssl req -new -nodes -keyout myserver.key -out server.csr -newkey
rsa:2048 -config sancert.cnf

28. When prompted, enter the appropriate information. For example:

29.
30.
31.
32.

Country Name (2 letter code) []: US

State or Province Name (full name) []: Washington
Locality Name (eg, city) []: Redmond
Organizational Unit Name (eg, section) []: Azure
Your common name (eg, domain name) []: www.microsoft.com

Once this process completes, you should have two files; myserver.key and server.csr.
The server.csr contains the Certificate Signing Request.
33. Submit your CSR to a Certificate Authority to obtain an SSL certificate. For a list of
Certificate Authorities, see Windows and Windows Phone 8 SSL Root Certificate
Program (Members CAs) on the Microsoft TechNet Wiki.
34. Once you have obtained a certificate from a CA, save it to a file named myserver.crt. If
your CA provided the certificate in a text format, simply paste the certificate text into the
myserver.crt file. The file contents should be similar to the following when viewed in a
text editor:
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.

-----BEGIN CERTIFICATE----MIIDJDCCAgwCCQCpCY4o1LBQuzANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJV
UzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1JlZG1vbmQxEDAOBgNVBAsTB0NvbnRv
c28xFDASBgNVBAMTC2NvbnRvc28uY29tMB4XDTE0MDExNjE1MzIyM1oXDTE1MDEx
NjE1MzIyM1owVDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdS
ZWRtb25kMRAwDgYDVQQLEwdDb250b3NvMRQwEgYDVQQDEwtjb250b3NvLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN96hBX5EDgULtWkCRK7DMM3
enae1LT9fXqGlbA7ScFvFivGvOLEqEPD//eLGsf15OYHFOQHK1hwgyfXa9sEDPMT
3AsF3iWyF7FiEoR/qV6LdKjeQicJ2cXjGwf3G5vPoIaYifI5r0lhgOUqBxzaBDZ4
xMgCh2yv7NavI17BHlWyQo90gS2X5glYGRhzY/fGp10BeUEgIs3Se0kQfBQOFUYb
ktA6802lod5K0OxlQy4Oc8kfxTDf8AF2SPQ6BL7xxWrNl/Q2DuEEemjuMnLNxmeA
Ik2+6Z6+WdvJoRxqHhleoL8ftOpWR20ToiZXCPo+fcmLod4ejsG5qjBlztVY4qsC
AwEAATANBgkqhkiG9w0BAQUFAAOCAQEAVcM9AeeNFv2li69qBZLGDuK0NDHD3zhK
Y0nDkqucgjE2QKUuvVSPodz8qwHnKoPwnSrTn8CRjW1gFq5qWEO50dGWgyLR8Wy1
F69DYsEzodG+shv/G+vHJZg9QzutsJTB/Q8OoUCSnQS1PSPZP7RbvDV9b7Gx+gtg
7kQ55j3A5vOrpI8N9CwdPuimtu6X8Ylw9ejWZsnyy0FMeOPpK3WTkDMxwwGxkU3Y
lCRTzkv6vnHrlYQxyBLOSafCB1RWinN/slcWSLHADB6R+HeMiVKkFpooT+ghtii1
A9PdUQIhK9bdaFicXPBYZ6AgNVuGtfwyuS5V6ucm7RE6+qf+QjXNFg==
-----END CERTIFICATE-----

Save the file.

53. From the command-line, Bash or terminal session, use the following command to convert
the myserver.key and myserver.crt into myserver.pfx, which is the format required by
Azure Websites:
openssl pkcs12 -export -out myserver.pfx -inkey myserver.key -in
myserver.crt

When prompted, enter a password to secure the .pfx file.

Note

If your CA uses intermediate certificates, you must install these certificates before
exporting the certificate in the next step. Usually these certificates are provided as a
separate download from your CA, and are provided in several formats for different web
server types. Select the version that is provided as a PEM file (.pem file extension.)
The follow command demonstrates how to create a .pfx file that includes intermediate
certificates, which are contained in the intermediate-cets.pem file:
openssl pkcs12 -export -out myserver.pfx -inkey myserver.key -in
myserver.crt -certfile intermediate-cets.pem

After running this command, you should have a myserver.pfx file suitable for use with
Azure Websites.
Generate a self-signed certificate (for testing only)
In some cases you may wish to obtain a certificate for testing, and delay purchasing one from a
trusted CA until you go into production. Self-signed certificates can fill this gap. A self-signed
certificate is a certificate you create and sign as if you were a Certificate Authority. While this
certificate can be used to secure a website, most browsers will return errors when visiting the site
as the certificate was not signed by a trusted CA. Some browsers may even refuse to allow you
to view the site.

Generate a self-signed certificate using makecert

Generate a self-signed certificate using OpenSSL

Generate a self-signed certificate using makecert

You can create a test certificate from a Windows system that has Visual Studio installed by
performing the following steps:
1. From the Start Menu or Start Screen, search for Developer Command Prompt.
Finally, right-click Developer Command Prompt and select Run As Administrator.
If you receive a User Account Control dialog, select Yes to continue.
2. From the Developer Command Prompt, use the following command to create a new selfsigned certificate. You must substitute serverdnsname with the DNS of your website.
makecert -r -pe -b 01/01/2013 -e 01/01/2014 -eku 1.3.6.1.5.5.7.3.1 -ss
My -n CN=serverdnsname -sky exchange -sp "Microsoft RSA SChannel
Cryptographic Provider" -sy 12 -len 2048

This command will create a certificate that is good between the dates of 01/01/2013 and
01/01/2014, and will store the location in the CurrentUser certificate store.
3. From the Start Menu or Start Screen, search for Windows PowerShell and start this
application.
4. From the Windows PowerShell prompt, use the following commands to export the
certificate created previously:
5. $mypwd = ConvertTo-SecureString -String "password" -Force -AsPlainText
get-childitem cert:\currentuser\my -dnsname serverdnsname | exportpfxcertificate -filepath file-to-export-to.pfx -password $mypwd

This stores the specified password as a secure string in $mypwd, then finds the certificate
by using the DNS name specified by the dnsname parameter, and exports to the file
specified by the filepath parameter. The secure string containing the password is used to
secure the exported file.
Generate a self-signed certificate using OpenSSL

1. Create a new document named serverauth.cnf, using the following as the contents of this
file:
2. [ req ]
3. default_bits
= 2048
4. default_keyfile
= privkey.pem
5. distinguished_name
= req_distinguished_name
6. attributes
= req_attributes
7. x509_extensions
= v3_ca
8.
9. [ req_distinguished_name ]
10. countryName
= Country Name (2 letter code)
11. countryName_min
= 2
12. countryName_max
= 2
13. stateOrProvinceName
= State or Province Name (full name)
14. localityName
= Locality Name (eg, city)
15. 0.organizationName
= Organization Name (eg, company)
16. organizationalUnitName
= Organizational Unit Name (eg, section)
17. commonName
= Common Name (eg, your website's domain name)
18. commonName_max
= 64
19. emailAddress
= Email Address
20. emailAddress_max
= 40
21.
22. [ req_attributes ]
23. challengePassword
= A challenge password
24. challengePassword_min
= 4
25. challengePassword_max
= 20
26.
27. [ v3_ca ]
28.
subjectKeyIdentifier=hash
29.
authorityKeyIdentifier=keyid:always,issuer:always
30.
basicConstraints = CA:false
31.
keyUsage=nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth

This specifies the configuration settings required to produce an SSL certificate that can
be used by Azure Websites.
32. Generate a new self-signed certificate by using the following from a command-line, bash
or terminal session:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout
myserver.key -out myserver.crt -config serverauth.cnf

This creates a new certificate using the configuration settings specified in the
serverauth.cnf file.
33. To export the certificate to a .PFX file that can be uploaded to an Azure Website, use the
following command:
openssl pkcs12 -export -out myserver.pfx -inkey myserver.key -in
myserver.crt

When prompted, enter a password to secure the .pfx file.

The myserver.pfx produced by this command can be used to secure your Azure Website
for testing purposes.

Configure Standard mode

Enabling HTTPS for a custom domain is only available for the Standard web hosting plan mode
of Azure websites. Use the following steps to switch to Standard mode.
NOTE:

Before switching a website from the free website mode to Standard mode, you should remove
spending caps in place for your Website subscription, otherwise you risk your site becoming
unavailable if you reach your caps before the billing period ends. For more information on
shared and Standard mode pricing, see Pricing Details.
1. In your browser, open the Management Portal.
2. In the Websites tab, click the name of your website.

3. Click the SCALE tab.

4. In the general section, set the web hosting plan mode by clicking STANDARD.

5. Click Save. When prompted, click Yes.

NOTE:

If you receive a "Configuring scale for website '<site name>' failed" error you can use the
details button to get more information. You may receive a "Not enough available
standard instance servers to satisfy this request." error. If you receive this error, please
contact Azure support.

Configure SSL
Before performing the steps in this section, you must have associated a custom domain name
with your Azure Website. For more information, see Configuring a custom domain name for an
Azure Web Site.
1. In your browser, open the Azure Management Portal.
2. In the Websites tab, click the name of your site and then select the CONFIGURE tab.

3. In the certificates section, click upload a certificate

4. Using the Upload a certificate dialog, select the .pfx certificate file created earlier using
the IIS Manager or OpenSSL. Specify the password, if any, that was used to secure the
.pfx file. Finally, click the check to upload the certificate.

5. In the ssl bindings section of the CONFIGURE tab, use the dropdowns to select the
domain name to secure with SSL, and the certificate to use. You may also select whether
to use Server Name Indication (SNI) or IP based SSL.

IP based SSL associates a certificate with a domain name by mapping the dedicated
public IP address of the server to the domain name. This requires each domain name

(contoso.com, fabricam.com, etc.) associated with your service to have a dedicated IP

address. This is the traditional method of associating SSL certificates with a web server.
SNI based SSL is an extension to SSL and Transport Layer Security (TLS) that allows
multiple domains to share the same IP address, with separate security certificates for
each domain. Most modern browsers (including Internet Explorer, Chrome, Firefox and
Opera) support SNI, however older browsers may not support SNI. For more information
on SNI, see the Server Name Indication article on Wikipedia.

6. Click Save to save the changes and enable SSL.

NOTE:

If you selected IP based SSL and your custom domain is configured using an A record, you
must perform the following additional steps:
1. After you have configured an IP based SSL binding, a dedicated IP address is assigned to
your website. You can find this IP address on the Dashboard page of your website, in the
quick glance section. It will be listed as Virtual IP Address:

Note that this IP address will be different than the virtual IP address used previously to
configure the A record for your domain. If you are configured to use SNI based SSL, or
are not configured to use SSL, no address will be listed for this entry.
2. Using the tools provided by your domain name registrar, modify the A record for your
custom domain name to point to the IP address from the previous step.
At this point, you should be able to visit your website using HTTPS:// instead of HTTP:// to
verify that the certificate has been configured correctly.

Enforce HTTPS on your Azure website

Azure Websites do not enforce HTTPS. Visitors may still access your site using HTTP, which
may compromise your website's security. If you want to enforce HTTPS for your website, you
can use the URL Rewrite module. The URL Rewrite module is included with Azure Websites,
and enables you to define rules that are applied to incoming requests before the requests are
handed to your application. It can be used for applications written in any programming
language supported by Azure Websites.

NOTE:

.NET MVC applications should use the RequireHttps filter instead of URL Rewrite. For more
information on using RequireHttps, see Deploy a secure ASP.NET MVC 5 app to an Azure Web
Site.
For information on programmatic redirection of requests using other programming languages
and frameworks, consult the documentation for those technologies.
URL Rewrite rules are defined in a web.config file stored in the root of your application. The
following example contains a basic URL Rewrite rule that forces all incoming traffic to use
HTTPS.
URL Rewrite Example Web.Config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}"
appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

This rule works by returning an HTTP status code of 301 (permanent redirect) when the user
requests a page using HTTP. The 301 redirects the request to the same URL as the visitor
requested, but replaces the HTTP portion of the request with HTTPS. For example,
HTTP://contoso.com would be redirected to HTTPS://contoso.com.
NOTE:

If your application is written in Node.js, PHP, Python Django, or Java, it probably doesn't
include a web.config file. However Node.js, Python Django, and Java all actually do use a
web.config when hosted on Azure Websites - Azure creates the file automatically during
deployment, so you never see it. If you include one as part of your application, it will override
the one that Azure automatically generates.

.NET
For .NET applications, modify the web.config file for your application and add the <rewrite>
section from the example to the <system.WebServer> section.
If your web.config file already includes a <rewrite> section, add the <rule> from the example
as the first entry in the <rules> section.
PHP
For PHP applications, simply save the example as a web.config file in the root of your
application, then re-deploy the application to your Azure Website.
Node.js, Python Django, and Java
A web.config file is automatically created for Node.js, Python Django, and Java apps if they
don't already provide one, but it only exists on the server since it is created during deployment.
The automatically generated file contains settings that tell Azure how to host your application.
To retrieve and modify the auto-generated file from the Website, use the following steps.
1. Download the file using FTP (see Uploading/downloading files over FTP and collecting
diagnostics logs).
2. Add it to the root of your application.
3. Add the rewrite rules using the following information.
o Node.js and Python Django
The web.config file generated for Node.js and Python Django applications will
already have a <rewrite> section, containing <rule> entries that are required for
the proper functioning of the site. To force the site to use HTTPS, add the <rule>
from the example as the first entry in the <rules> section. This will force HTTPS,
while leaving the rest of the rules intact.
o

Java
The web.config file for Java applications using Apache Tomcat do not contain a
<rewrite> section, so you must add the <rewrite> section from the example into
the <system.webServer> section.

4. Redeploy the project (including the updated web.config,) to Azure

Once you deploy a web.config with a rewrite rule to force HTTPS, it should take effect
immediately and redirect all requests to HTTPS.
For more information on the IIS URL Rewrite module, see the URL Rewrite documentation.

Using Azure Traffic Manager with Azure Web Site

Azure Traffic Manager (ATM) is a DNS-based service for managing traffic to Azure services,
and its recently been made available to Web Sites users. You can use ATM to:

Route visitors to your site to a region that will provide the best performance.
Automatically route traffic to a secondary region if there is a problem in the primary region
where your site is hosted.
Spread load evenly across multiple copies of your website hosted in multiple regions.

In this post, Ill walk you through how you can configure ATM to work with Web Sites.
Create Your Sites
In order to use ATM with Web Sites, you will need to have two or more sites and each of them
must be running in a different region. You can only add one website per region to ATM, so this
requirement is important.
In the screenshot below, you can see that Ive created two sites, one in East US and one in Japan
West. Both of these sites are running in Standard mode. (You must run your sites in Standard
mode or Basic mode in order to use ATM with Web Sites.)

Create Your ATM Profile

ATM will route traffic based on a profile that you create. You can create a ATM profile from the
Azure portal. ATM is available as a node on the left side of the portal.

In the screenshot below, I am creating a new Traffic Manager profile. I have chosen cheshire
as my DNS prefix and you can see that my ATM URL will be cheshire.trafficmanager.net.

Ive selected Performance for my load balancing method. I can change the load balancing after
Ive created my ATM profile in case my needs change after I create the profile. (For details on
the different load balancing methods, see Load Balancing Methods later in this blog post.)
Adding Endpoints
Once youve created your ATM profile, youll want to add your endpoints. You can do that by
clicking on the ATM profile and then clicking the Endpoints link at the top of the portal. As you
can see in the screenshot below, Ive selected Web Site as the service type and then checked
each of the websites I want included in my ATM profile.

Its important to note that your endpoints can be a mix of websites and cloud services. Using this
method, you can have your application seamlessly transition from Web Sites to a Web Role or
vice versa.
Configuring Your ATM Profile
If you click the Configure link for your ATM profile in the portal, you can configure the settings
for the ATM profile. You can change settings such as the DNS time to live and the load
balancing method. You can also specify the protocol, port and path that you want the ATM
profile to use when monitoring your endpoint for availability.

One important note at this point. ATM will use the path in the Monitoring Settings section to
check the endpoints you configured. It performs that check once every 30 seconds, and only an
HTTP 200 status is considered healthy. Therefore, if your application is designed in a way that
causes a non-200 response to the root of the site (e.g. an ASP.NET forms authentication site that
might return a 302 redirect to the login page), youll want to configure a path and file name for
your ATM profile that points to an unprotected file so that a 200 response is returned.

Testing Things So Far

You now have a ATM profile that points to your sites running on Azure Web Sites. If you
browse to the ATM URL (cheshire.trafficmanager.net in my case), you will hit your Azure Web
Sites site. The specific site that your request is routed to depends on the load balancing method
that you have configured for your ATM profile.
Web Sites knows how to route the ATM URL to your site because it adds your ATM URL to the
custom domains for your site automatically. In the screenshot below, you can see that my ATM
URL is listed as a custom domain in my Azure Web Sites site. This was added automatically
when I added the site as an endpoint in my ATM profile.

You can see your ATM profile in action using any tool that does a DNS lookup. In my test, I
have configured ATM so that users will be automatically directed to the website with the best
performance. I can use nslookup to see how that works. Below is a DNS lookup from a client
that is in the United States. Notice that the yellow text shows that ATM returned a DNS location
of my website located in the East US data center.

Heres the same DNS lookup, but this time, its on a VM thats running in the Southeast Asia
Azure data center. Notice that the yellow text shows that a client in Asia is directed to the site
thats running in the Japan West region.

This test illustrates the DNS-based nature of ATM.

Using a Custom Domain
Youll likely want to use a custom domain name for your websites. This is quite easy to do when
using ATM. You will first need to create a www CNAME entry at your domain registrar that
points to your ATM URL. Youll then simply add your custom domain name to the Azure Web
Sites site.
In the screenshot below, you can see that Ive created a www CNAME record at my domain
registrar that points to my ATM URL, cheshire.trafficmanager.net.

Note: Your subdomain may not be www. In that case, create a CNAME record for the
subdomain you want to use. For example, you might want to use blog.mycustomdomain.com. In
that case, youd create a blog CNAME record that points to your ATM URL.
Once this change propagates, it will result in a 404 error page until I add my domain name to all
of the sites that are configured as endpoints in ATM. I can use the Manage Domains dialog
accessible from the Configure page for my site to do that. Notice here that Ive added my custom
domain to my site.

If youre already familiar with the process used for adding a custom domain to a site in Azure
Web Sites, its important to understand that the typical steps arent relevant when configuring a

custom domain for use with ATM. You do not have to (and should not) perform any steps other
than adding the domain name as I have in the screenshot above.
Note: ATM is CNAME based and doesnt support A records. Therefore, you cant use a naked
domain (mydomain.com) with ATM. It requires that you set up a CNAME record.
Load Balancing Methods
As I said before, you can change the load balancing method your ATM profile uses whenever
you choose. Here are the options that are available on the Configure page in the portal for your
WATM profile.

Performance When this method is used, ATM will send users to the region where he or she
will get the best performance. This prevents situations where, for example, a user who is in the
Central US region is directed to a site running in West Europe.
Failover This method will redirect traffic to a secondary region if there is a problem in the
primary region. For example, you may have a site in a backup region that doesnt handle any
traffic unless your primary site is offline for some reason.
Round Robin This method will evenly distribute traffic across the endpoints configured in your
ATM profile using a round robin load balancing methodology. You can use this method, for
example, to ramp up traffic to a particular endpoint without allowing it to receive all of your
traffic immediately. (In the future, ATM will include enhanced functionality to make this kind of
scenario even easier to configure.)
Managing Windows Azure Web Sites with PowerShell
http://channel9.msdn.com/Series/Windows-Azure-Web-Sites-Tutorials/Managing-WindowsAzure-Web-Sites-with-PowerShell

Install and Configure the Azure Cross-Platform Command-Line Interface

http://azure.microsoft.com/en-us/documentation/articles/xplat-cli/

Configure diagnostics, monitoring, and analytics

Retrieve diagnostics data; view streaming logs; configure endpoint monitoring, alerts, and
diagnostics; monitor website resources

How to Monitor Websites

http://azure.microsoft.com/en-us/documentation/articles/web-sites-monitor/
How to: Receive Alert Notifications and Manage Alert Rules in Azure
http://msdn.microsoft.com/library/azure/dn306638.aspx

Configure scale and resilience

Configure auto-scale using built-in and custom schedules; configure by metric; change the size
of an instance

How to Scale Websites

How to Scale Websites

For increased performance and throughput for your websites on Microsoft Azure, you can use
the Azure Management Portal to scale your Web Hosting Plan mode from Free to Shared, Basic,
or Standard.
Scaling up on Azure Websites involves two related actions: changing your Web Hosting Plan
mode to a higher level of service, and configuring certain settings after you have switched to the
higher level of service. Both topics are covered in this article. Higher service tiers like Standard
mode offer greater robustness and flexibility in determining how your resources on Azure are
used.
Changing modes and configuring them is easily done in the Scale tab of the management portal.
You can scale up or down as required. These changes take only seconds to apply and affect all
websites in your Web Hosting Plan. They do not require your code to be changed or your
applications to be redeployed.
For information about Web Hosting Plans, see What is a Web Hosting Plan? and Azure Websites
Web Hosting Plans In-Depth Overview. For information the pricing and features of individual
Web Hosting Plans, see Websites Pricing Details.
NOTE:

Before switching a website from a Free Web Hosting Plan mode to Basic or Standard Web
Hosting Plan mode, you must first remove the spending caps in place for your Azure Websites
subscription. To view or change options for your Microsoft Azure Websites subscription, see
Microsoft Azure Subscriptions.
In this article:

Scaling to Shared or Basic Plan mode

Scaling to Standard Plan mode
Scaling a SQL Server Database connected to your site
Developer Features
Other Features

Scaling to Shared or Basic Plan mode

1. In your browser, open the Management Portal.
2. In the Websites tab, select your website.

3. Click the Scale tab.

4. In the Web Hosting Plan Mode section, choose either SHARED or BASIC. The
example in the image chooses Basic.

The Web Hosting Plan Sites section shows a short list of sites in the current plan. All
sites in the current plan will be changed to the Web Hosting Plan Mode that you select.

5. In the Capacity section, choose the Instance Size. The available options are Small,
Medium or Large. The instance size option is not available in Shared mode. For more
information about these instance sizes, see Virtual Machine and Cloud Service Sizes for
Microsoft Azure.

6. Use the slider to choose the Instance Count that you want.

7. In the command bar, choose Save.

NOTE:

You can configure and save the Web Hosting Plan, Instance Size, and Instance Count
settings separately if you wish.
8. A confirmation message reminds you that sites in the same Web Hosting Plan as the
current website will also change to the new mode. Choose Yes to complete the change.
In the example, the plan mode has been changed to Basic:

Scaling to Standard Plan Mode

NOTE:

Before switching a Web Hosting Plan to Standard mode, you should remove spending caps in
place for your Microsoft Azure Websites subscription. Otherwise, you risk your site becoming
unavailable if you reach your caps before the billing period ends. To view or change options for
your Microsoft Azure Websites subscription, see Microsoft Azure Subscriptions.
1. To scale to Standard, follow the same initial steps as when scaling to Shared or Basic,
and then choose Standard for Web Hosting Plan Mode.

As before, the Web Hosting Plan Sites section shows a short list of sites in the current
plan. In this case, all sites in the current plan will be changed to Standard mode.
2. Selecting Standard expands the Capacity section to reveal the Instance Size and
Instance Count options, which are also available in Basic mode. The Edit Scale
Settings for Schedule and Scale by Metric options are available only in Standard mode.

3. Configure the Instance Size. The available options are Small, Medium or Large.

For more information about these instance sizes, see Virtual Machine and Cloud Service
Sizes for Microsoft Azure.
4. If you want to automatically scale (autoscale) resources based on daytime versus
nighttime, weekday versus weekend, and/or specific dates and times, choose Set up
schedule times in the Edit Scale Settings for Schedule option.

5. The Set up schedule times dialog provides a number of useful configuration choices.

6. Under Recurring Schedules, select Differing scale between Day and Night and/or
Differing Scale between Weekday and Weekend to scale resources based on separate
daytime and nighttime schedules and/or separate weekday and weekend schedules.
NOTE:

For the purposes of this feature, the weekend starts at the end of day Friday (8:00 PM by
default), and ends at the beginning of the day on Monday (8:00 AM by default). The
weekend profile uses the same day start and end that you will define in the Time setting.
7. Under Time, choose a start and end time for the day in half-hour increments, and a time
zone. By default, the day starts at 8:00 AM and ends at 8:00 PM. Daylight Savings Time
is respected for the time zone that you select.
8. Under Specific Dates, you can create one or more named time frames for which you
want to scale resources. For example, you may want to provide additional resources for a
sales or launch event during which you might have large peaks in web traffic.
9. After you have made your choices, click OK to close the Schedule Times dialog box.

10. The Edit Scale Settings for Schedule box now displays configurable schedules or events
based on the changes you made. Select one of the recurring schedules or specific dates to
configure it.

You can now use the Scale by Metric and the Instance Count features to fine tune the
scaling of resources for each schedule that you choose.
11. To dynamically adjust the number of instances that your website uses if its load changes,
enable the Scale by Metric option by choosing CPU.

The graph shows the number of instances that have been used over the past week. You
can use the graph to monitor scaling activity.

12. Scale by Metric modifies the Instance Count feature so that you can set the minimum
and maximum number of virtual machines to be used for automatic scaling. Azure will
never go above or below the limits that you set.

13. Scale by Metric also enables the Target CPU option so that you can specify a target
range for CPU usage. This range represents average CPU usage for your website.
Windows Azure will add or remove Standard instances to keep your website in this
range.

Note: When Scale by Metric is enabled, Microsoft Azure checks the CPU of your
website once every five minutes and adds instances as needed at that point in time. If
CPU usage is low, Microsoft Azure will remove instances once every two hours to ensure
that your website remains performant. Generally, putting the minimum instance count at
1 is appropriate. However, if you have sudden usage spikes on your website, be sure that
you have a sufficient minimum number of instances to handle the load. For example, if
you have a sudden spike of traffic during the 5 minute interval before Microsoft Azure
checks your CPU usage, your site might not be responsive during that time. If you expect
sudden, large amounts of traffic, set the minimum instance count higher to anticipate
these bursts.
14. After you have finished making changes to the items in the Edit Scale Settings for
Schedule list, click the Save icon in the command bar at the bottom of the page to save
all schedule settings at once (you do not have to save each schedule individually).
NOTE:

In the Azure Preview Portal, you can scale not only on CPU percentage, but also on the
additional metrics of Memory Percentage, Disk Queue Length, HTTP Queue Length, Data In,
and Data Out. You can also create one or more Scale up and Scale down rules that give you even
more custom control over scaling. For more information, see How to Scale a Website in the
Azure Preview Portal documentation.

Scaling a SQL Server Database connected to your site

If you have one or more SQL Server databases linked to your website (regardless of web hosting
plan mode), they will be listed under a Linked Resources section at the bottom of the Scaling
page.
1. To scale one of the databases, in the Linked Resources section, click the Manage scale
for this database link next to the name of the database.

2. The link takes you to the SQL Server tab of the Azure Management Portal, where you
can configure the Edition and Maximum Size of the database:

For Edition, choose Web or Business depending on the storage capacity that you
require. The Web edition offers a range of smaller capacities, while the Business edition
offers a range of larger capacities.

The value you choose for Max Size specifies an upper limit for the database. Database
charges are based on the amount of data that you actually store, so changing the Max
Size property does not by itself affect your database charges. For more information, see
Accounts and Billing in Microsoft Azure SQL Database.

Developer Features
Depending on the web hosting plan mode, the following developer-oriented features are
available:
Bitness

The Basic and Standard plan modes support 64-bit and 32-bit applications.
The Free and Shared plan modes support 32-bit applications only.

Debugger Support

Debugger support is available for the Free, Shared, and Basic web hosting plan modes at 1
concurrent connection per application.
Debugger support is available for the Standard web hosting plan mode at 5 concurrent
connections per application.

Manage hosting plans

Create hosting plans; migrate websites between hosting plans; create a website within a hosting
plan

What is a Web Hosting Plan?

Web hosting plans represent a set of features and capacity that you can share across your
websites. Web hosting plans support a few pricing tiers (e.g. Free, Shared, Basic, and Standard)
where each tier has its own capabilities. Sites in the same subscription, resource group, and
geographic location can share a web hosting plan.

Features in Web Hosting Plans

Each pricing tier (e.g. Free, Shared, Basic, and Standard) has its own set of features. Go here for
the latest feature and pricing info.
Here are some useful tips regarding web hosting plans and features:

You can change a web hosting plan's pricing tier at any time with zero downtime.
Sites in the same subscription, location, and resource group can all share a web hosting plan.
Features like auto scale work by targeting a web hosting plan. If you want to autoscale individual
sites then you should dedicate a web hosting plan to that site.

Learn more about managing web hosting plans.

Web Hosting Plans and Capacity

Web hosting plans in the Free and Shared tier provide sites with a shared infrastructure, meaning
that your sites share resources with other customers' sites.
Web hosting plans in the Basic and Standard tier provider sites with a dedicated infrastructure,
meaning that only the site or sites you choose to associate with this plan will be running on those
resources. At this tier you can configure your web hosting plan to use one or more virtual
machine instances. Small, medium, and large instances are supported. These virtual machines are
managed on your behalf, meaning you'll never need to worry about operating system updates or
anything like that.
A note about the Shared (preview) tier. For all tiers except 'Shared' you pay one price for the web
hosting plan based on the tier and your chosen capacity and there is no additional charge for each
site that uses the plan. Shared web hosting plans are different. Due to the nature of the shared
infrastructure you are charged separately for each site in the plan.
Web Hosting Plans and the new Azure Preview Portal
The new Azure Preview Portal lets you associate your existing or new websites with web hosting
plans. In fact, all existing websites have been automatically assigned to web hosting plans based
on their subscription, geographic location, and current pricing tier.
When creating a new site, the portal will ask you which web hosting plan to associate it with.
You can either create a new web hosting plan, or select an existing plan. To use an existing plan
your new site must live in the same subscription, geographic location, and resource group as the
existing plan. When creating a new empty website Azure will default to the last used web
hosting plan to help you make the best use of plans you've already created. When creating a
website with a database the option to re-use an existing plan will not be available.
You can see all of your web hosting plans across all of your subscriptions by using the Browse
button on the left menu bar and then clicking Everything in the top right of the activity pane that
appears on the screen.

You can also see which web hosting plan each website is associated with by looking at the
graphical representation of your resource group that appears at the top of your website blade.

Clicking on the plan will launch a blade that lets you manage your web hosting plan. Learn more
about managing web hosting plans.

Azure Websites Web Hosting Plans In-Depth Overview

Web hosting plans (WHPs) represent a set of features and capacity that you can share across
your websites. Web hosting plans support the 4 Azure Websites pricing tiers (Free, Shared,
Basic, and Standard) where each tier has its own capabilities and capacity. Sites in the same
subscription, resource group, and geographic location can share a web hosting plan. All the sites
sharing a web hosting plan can leverage all the capabilities and features defined by the web
hosting plan tier. All websites associated with a given web hosting plan run on the resources
defined by the web hosting plan. For example, if your web hosting plan is configured to use two
"small" virtual machines, all sites associated with that web hosting plan will run on both virtual
machines. As always with Azure Websites, the virtual machines your sites are running on are
fully managed and highly available.
In this article we'll explore the key characteristics such as tier and scale of a Web Hosting Plan
and how they come into play while managing your websites.

Websites, Web Hosting Plans, and Resource Groups

A website can be associated with only one web hosting plan at any given time. A web hosting
plan is associated with a resource group. A Resource group is a new concept in Azure that serves
as the lifecycle boundary for every resource contained within it. Resource groups enable you to
manage all the pieces of an application together.
You can have multiple web hosting plans in a resource group and each hosting plan will have its
own set of features and capabilities that are utilized by its associated sites. The following image
illustrates this relationship:

The ability to have multiple web hosting plans in a single resource group allows you to allocate
different sites to different resources, primarily virtual machines running your websites. For
example, this ability allows separation of resources between dev and test and production sites,
where you might want to allocate one web hosting plan with its own dedicated set of resources
for your production sites, and a second web hosting plan for your dev and test sites.
Having multiple web hosting plans in a single resource group also allows you to define an
application that spans across regions. For example, a highly available website running in two
regions will include two web hosting plans, one for each region, and one website associated with
each web hosting plan. In such a situation, all the sites will be associated with a single resource
group, which defines one application. Having a single view of a resource group with multiple
web hosting plans and multiple sites makes it easy to manage, control and view the health of the
websites. On top of managing websites resources and respective sites for a given application, you
can associate any related Azure resource such as SQL-Azure databases, and Team Projects.

When should I create a new resource group and when should I create a new web hosting
plan?
When creating a new website, you should consider creating a new resource group when the
website you are about to create represents a new web application. In this case, creating a new
resource group, an associated web hosting plan, and a websites is the right choice. When creating
such a new website through the new Azure portal preview, using the gallery or the new website +

SQL option, the portal will default to create a new resource group and web hosting plan for your
new site. If you need to, though, you can overwrite these defaults.

You can always add a new website, or any other resources, to an existing resource group. When
creating a new website from the context of an existing resource group, the new website wizard
defaults to the existing resource and web hosting plan. Here too you can overwrite these defaults
as needed. When adding a new website to an existing resource group, you can choose to add the
site to an existing web hosting plan (this is the default option in the new Azure portal preview),
or you can create a new web hosting plan to add the site to.
Creating a new hosting plan allows you to allocate a new set of resource for your websites, and
provides you with greater control over resource allocation, as each web hosting plan gets its own
set of virtual machines. Since you can move websites between web hosting plans, assuming the
web hosting plans are in the same regions, the decision of whether to create a new web hosting
plan or not is of less important. If a given website starts consuming too many resources or you
just need to separate a few websites, you can create a new web hosting plan and move your
websites to it.
If you want to create a new website in a different region, and that region doesn't have an existing
web hosting plan, you will have to create a new web hosting plan in that region to be able to
have a website associated with it.
An important thing to keep in mind is that you cannot move web hosting plans or websites
between resource groups. Also, you cannot move a website between two web hosting plans that
are in two separate regions.

Existing resources group in the Azure Preview portal

If you already have existing websites on Azure Websites, you will notice that all your websites
show up in the Azure preview portal. You can see all your website as a flat list by clicking on the
browse button on the left navigation pane and selecting Websites:

You can also see all the resource groups that have been created for you by clicking on the
browse button on the left navigation pane and selecting Resource groups:

You will also notice that you have an auto-generated default resource group in each region you
already have websites. The auto generated resource group name for websites is Default-Web*where location name represents an Azure region (for example *Default-Web-WestUS). In each
resource group you will find all your existing sites for the group's region. Each site you created
in the past and will create in the future in either the Full Azure portal or the Azure Preview Portal
will be available on both portals.
Since every website has to be associated with a web hosting plan, we have created default web
hosting plans for your existing sites according to the following convention, in each region:
* All your Free websites are associated with a Default web hosting plan and its pricing tier set to
Free.
* All your Shared websites are associated with a Default web hosting plan and its pricing tier
set to Shared
* All your Standard websites are associated with a default web hosting plan and its pricing tier
set to Standard.
The name of this web hosting plan is DefaultServerFarm. This name was chosen to support a
legacy API. The name ServerFarm can be somewhat misleading as it refers to a Web Hosting
Plan, but it's important to notice that it is a name of a web hosting plan and it is not an entity of
its own.

Web Hosting Plan F.A.Q.

Question: How do I create a Web Hosting Plan?
Answer: A Web Hosting Plan is a container and as such, you can't create an empty Web Hosting
Plan. However, a new Web Hosting Plan is explicitly created during site creation.
To do this using the UI in the new Azure Portal Preview click NEW and select Website, which
will open the Website creation blade. In the first image below you can see the NEW icon on the
bottom left, and in the second image you can see the Website creation blade, the Web Hosting
Plan blade and the Pricing Tier blade:

For this example we are choosing to create a new Website called contosomarketing and to place
it in the new web hosting plan called contoso. The Pricing Tier selected for this Web Hosting
Plan is Small Standard. For more details on Webhosting Plan Pricing Tiers as well as the
features, pricing and scale options provided in each please visit the Azure Websites Web Hosting
Plans Spec.
It should also be noted that a Web Hosting Plan can also be created in the existing Azure Portal.
This is done as part of the quick create wizard by selecting Create new web hosting plan from
the WEB HOSTING PLAN drop down:

For this example we are creating a new site called northwind and we are choosing to create a
new web hosting plan. The result of this operation will be a new web hosting plan called
default0 which contains the northwind website. All webhosting plans created through this
experience follow this naming convention, and Web Hosting Plans cannot be renamed after
having been created. Also, Web Hosting Plans created through this process will be created in the
Free pricing tier.
Question: How do I assign a site to a Web Hosting Plan?
Answer: Sites are assigned to a Web Hosting Plan as part of the site creation process. To do this
using the UI in the new Azure Portal Preview, click NEW and select Website:

Then, in the Website creation blade, select the hosting plan:

A site can also be created into a specific Web Hosting Plan using the existing Azure Portal. This
is done as part of the quick create wizard. After typing in the website URL, use the WEB
HOSTING PLAN drop-down to select a plan to add the site to:

Question: How can I move a site to a different web hosting plan?

Answer: You can move a site to a different web hosting plan using the Azure Preview Portal.
Websites can be moved between web hosting plans in the same geographical region that belong
to the same resource group.
To move a site to another plan, navigate to the website blade of the site you want to move. Then
click Web Hosting Plan:

This will open the Web Hosting Plan blade. At this point, you can either pick an existing web
hosting plan, or create a new one. Plans in a different geographical location or resource group are
grayed out and cannot be selected.
Note that each web hosting plan has its own pricing tier. When you move a site from a Free tier
web hosting plan to a Standard web hosting plan, your website will be able to leverage all the
features and resources of the Standard tier.
Question: How can I Scale a Web Hosting Plan?
Answer: There are two ways to scale a Web Hosting Plan. One way is to scale up your web
hosting plan and all sites associated with that web hosting plan. By changing the pricing tier of a
web hosting plan, all sites in that web hosting plan will be subject to the features and resources
defined by that pricing tier.
In the image below you can see the Web Hosting Plan blade as well as the Pricing Tier blade.
Clicking on the Pricing Tier part in the Web Hosting Plan blade expands the Pricing Tier
blade where you can change the pricing tier for the web hosting plan:

The second way to scale a plan is to scale it out by increasing the number of instances in your
Web Hosting Plan. In the image below you can see the Web Hosting Plan blade as well as the
Scale blade. Clicking on the Scale area in the Web Hosting Plan blade expands it and allows
changing the instance count of the plan:

Since the Web Hosting Plan in the above image is configured to use the Standard pricing tier,
the AutoScale option is enabled.
Performing this in the Full Azure Portal can be done in the Scale tab, as seen below:

Question: How Can I Delete a Web Hosting Plan?

Answer: To delete a Web Hosting Plan you must first delete all websites associated with it.
Once all the Websites in a Web Hosting Plan have been deleted a Web Hosting Plan can be
deleted from the Web Hosting Plan blade:

In the Full Azure Portal deleting the last website in a web hosting plan will automatically delete
the associated web hosting plan.
Question: How Can I monitor a web hosting plan?
Answer: Web Hosting Plans can be monitored using the Monitoring parts in the Web Hosting
Plan Blade:

The monitoring controls can be customized by right clicking on the control and selecting edit
query:

The metrics exposed are:

* CPU Percentage
* Memory Percentage
* Disk Queue Length
* HTTP Queue Length.
This metrics represent the average usage across instances belonging to a Web Hosting Plan. All
of these metrics can be used to set up alerts as well as Auto Scale rules.