Hi, I read in MS documents it is recommended that we provision two different subnets for an Azure Spring Apps service instance - One for the service run time One for the Spring Boot applications Could you please elaborate a bit why it is so? Won't the applications be running in the service's runtime? I tried searching for some explanation online but did not find any. (Sorry if its too daft a question).

@Priyanka Chaudhuri Thanks for reaching out. Yes, it is recommended to provision two different subnets for an Azure Spring Apps service instance - one for the service runtime and one for the Spring Boot applications. The reason for this is that the service runtime and the Spring Boot applications have different network requirements. The service runtime is responsible for running the Azure Spring Apps service itself, while the Spring Boot applications are the applications that you deploy to the service. By separating them into different subnets, you can apply different network security policies to each subnet. For example, you might want to restrict inbound traffic to the service runtime subnet to only allow traffic from specific IP addresses or subnets, while allowing more open inbound traffic to the Spring Boot applications subnet. Additionally, separating the subnets can help with troubleshooting and monitoring. If you have issues with the service runtime, you can focus on the subnet dedicated to the service runtime, while if you have issues with the Spring Boot applications, you can focus on the subnet dedicated to the applications. Please " Accept Answer " if the answer is helpful so that it can help others in the community.

Network requirements to provision Azure Spring Apps environment

Accepted answer

MayankBargali-MSFT 70,016 Reputation points

2023-08-01T11:53:34.74+00:00

@Priyanka Chaudhuri Thanks for reaching out.

Yes, it is recommended to provision two different subnets for an Azure Spring Apps service instance - one for the service runtime and one for the Spring Boot applications. The reason for this is that the service runtime and the Spring Boot applications have different network requirements.

The service runtime is responsible for running the Azure Spring Apps service itself, while the Spring Boot applications are the applications that you deploy to the service. By separating them into different subnets, you can apply different network security policies to each subnet.

For example, you might want to restrict inbound traffic to the service runtime subnet to only allow traffic from specific IP addresses or subnets, while allowing more open inbound traffic to the Spring Boot applications subnet.

Additionally, separating the subnets can help with troubleshooting and monitoring. If you have issues with the service runtime, you can focus on the subnet dedicated to the service runtime, while if you have issues with the Spring Boot applications, you can focus on the subnet dedicated to the applications.

Please "Accept Answer" if the answer is helpful so that it can help others in the community.
Please sign in to rate this answer.
Priyanka Chaudhuri 105 Reputation points

2023-08-01T13:12:20.3833333+00:00

Thanks for your quick reply.

Could you please let me know what resides in the service run time?

MayankBargali-MSFT 70,016 Reputation points

2023-08-02T05:19:17.5766667+00:00

@Priyanka Chaudhuri The service runtime in Azure Spring Apps is responsible for running the Azure Spring Cloud control plane, which includes the following components

Config Server: A centralized configuration service that provides a way to externalize application configuration.

Service Registry: A service registry that allows services to discover and communicate with each other.

Gateway: A reverse proxy that provides a single entry point for clients to access your services.

Build Service: A service that builds and deploys your Spring Boot applications to Azure Spring Cloud.

The service runtime also includes other components that are required to run the Azure Spring Cloud control plane, such as the Kubernetes API server, etc., and the Azure Spring Cloud operator.

Priyanka Chaudhuri 105 Reputation points

2023-08-03T11:17:00.9166667+00:00

Thank you Mayank.

I have a question related to Azure Spring App's scaling.

If I want to have 3 instances of an app in my Azure Spring Apps namespace at any given point in time, how would the service runtime and the app scale out?

Would I have a 1:1 mapping of these two for each instance of my app?

(This kind of mapping is quite clear in case of Azure Functions and Azure App Services however I did not find any clear explanation for Azure Spring Apps.)

Priyanka Chaudhuri 105 Reputation points

2023-08-03T11:18:38.72+00:00

Also, to your comment in my previous question, can you help me with a diagram of any sort to understand this service runtime and app architecture of Azure Spring Apps better?

MayankBargali-MSFT 70,016 Reputation points

2023-08-03T12:31:55.4933333+00:00

@Priyanka Chaudhuri When you set up autoscaling, you can specify the minimum and maximum number of instances that you want to run at any given time. Azure Spring Apps will automatically scale the number of instances up or down based on the demand for your application1.

There is no 1:1 mapping between the service runtime and the app scale out. The number of instances of your app can be scaled independently of the service runtime.

You can refer to this architecture diagram here.
Sign in to comment

Share via

Network requirements to provision Azure Spring Apps environment

0 additional answers