###The reference architecture describes a situation where ssl is used end to end, also for traffic between Web Application Gateway and Application Service Environment.
However when I look at the arm template I notice that this traffic is still defined as http instead of https:

In pci-paas-webapp-ase-sqldb-appgateway-keyvault-oms/nested/appgatewaydeploy.json I notice that appGatewayBackendHttpSettings instead of the also defined appGatewayBackendHttpsSettings is used.
As a result ssl will be offloaded, but traffic between WAG and ASE will be http in stead of https.

{
"Name": "httpsRule",
"properties": {
"RuleType": "Basic",
"httpListener": {
"id": "[concat(variables('applicationGatewayId'), '/httpListeners/appGatewayHttpsListener')]"
},
"backendAddressPool": {
"id": "[concat(variables('applicationGatewayId'), '/backendAddressPools/appGatewayBackendPool')]"
},
"backendHttpSettings": {
"id": "[concat(variables('applicationGatewayId'), '/backendHttpSettingsCollection/appGatewayBackendHttpSettings')]"
}
}
}
I have been testing with using appGatewayBackendHttpsSetting, but seem not to get it to work. I receive 502 errors when accessing a web app in the Application Service Environment

We are using multisite listeners with hostnames in different domains than the domain configured at the ASE ILB.

Any Thoughts?

As of 2019-04-17 the linked website points to an expired domain:

Between Friday 7th and Monday 11th July the below command in the New-RunAsAccount.ps1 file is throwing an Exception on execution.
New-AzureRmADApplication -DisplayName $ApplicationDisplayName -HomePage ("http://" + $applicationDisplayName) -IdentifierUris ("http://" + $KeyId) -KeyCredentials $KeyCredential

Running the above with the -debug command it appears the error coming back is:

Body:
{
  "odata.error": {
    "code": "Request_BadRequest",
    "message": {
      "lang": "en",
      "value": "Key credential end date is invalid."
    },
    "date": "2017-07-11T12:57:05",
    "requestId": "09fb8874-****-****-****00d5698e82ec",
    "values": [
      {
        "item": "PropertyName",
        "value": "None"
      },
      {
        "item": "PropertyErrorCode",
        "value": "InvalidKeyEndDate"
      }
    ]
  }
}

To repo, simply clone the repo and run .\1-DeployAndConfigureAzureResources.ps1 (presuming you already have run .\0-Setup-AdministrativeAccountAndPermission.ps1 previously. Nothing appears to have changed in the repo in this time, hence I can only presume this is something at Azure's end.

Presentation doesn't open in common non-Microsoft desktop PowerPoint tools.

Hi there! Thanks for the amazing job doing this blueprint, we have been implementing it and we have found several deprecated features, as expected, everything changes very fast in azure.

In OMS there is a new preview dashboard "Azure SQL Analytics (Preview)" as of may 30th 2017. Is this new dashboard a replacement of the "SQL Azure Analytics" the deployment script creates?

best regards,

Fernando Mejía
Microsoft CSA

I see ASE part of the reference architecture but the costs are not included.