Azure Functions vs Azure Logic Apps

Azure’s serverless iPaaS offering has two key components: Azure Functions and Logic Apps.  If you consult the documentation, you’ll find out that there is quite some overlap between the two.  For many people, it’s not clear what technology to use in what scenario.  In this blog post, I discuss the main differences between these two event-driven Azure services and I provide some guidance to help you to make the right decision.

Comparison

Developer experience

A popular comparison states that Azure Functions is code being triggered by an event, whereas Logic Apps is a workflow triggered by an event.  This is reflected in the developer experience.  Azure Functions are completely written in code, with currently support for JavaScript, C#, F#, Node.js, Python, PHP, batch, bash and PowerShell.  In Logic Apps, workflows are created with an easy-to-use visual designer, combined with a simple workflow definition language in the code view.  Each developer has of course his/her personal preference.  Logic Apps is much simpler to use, but this can sometimes cause limitations in complex scenarios.  Azure Functions gives a lot more flexibility and responsibility to the developer.

Connectivity

Logic Apps connects to an enormous variety of cloud / on-premise applications, going from Azure and Microsoft services over SaaS applications and social media to LOB systems.  You can find the impressive list of connectors here.  Each connector comes with an API connection, that stores the required credentials in a secure way.  These API connections can be reused from within multiple Logic Apps, which is great!  Azure Functions have the concept of triggers, input and output bindings.  Most of these bindings connect your Azure Functions to other Azure services, such as Event Hubs, Storage, DocumentDb, etc…  Consult here the complete list.  The HTTP binding is probably the most popular one, as it allows the creation of serverless API’s.  At the moment, there are no signs that Azure Functions aims to support that many bindings as Logic Apps offers.

Exception handling

Cloud solutions need to deal with transient fault handling.  Logic Apps provides out-of-the-box functionality that allows you to configure automatic retries on every action.  In case this doesn’t solve the problem, the workflow gets a failed status and can be resubmitted after human intervention.  This guarantees an at-least-once execution model, which is pretty reliable!  In Azure Functions, you have the typical try/catch options available.  If you want to enable retries, you need to do the plumbing yourself, by introducing for example Polly.  The way you can handle exceptions in the output binding, depends on the used language and type of output binding.  This doesn’t give you always the desired outcome.  No resume / resubmit capabilities, except if you develop them yourself!

State

Until recently, Azure Functions always needed to be stateless and preferably idempotent.  With the announcement of Azure Durable Functions, Microsoft brings state and long-running capabilities to Azure Functions, by leveraging the Durable Task Framework.  This new framework allows sequential and parallel execution of several Functions, it supports long-running tasks with pre-defined timeouts and provides statefull actors without the need for external storage.  The state is automatically stored in Azure Storage queues, tables and blobs, which is disaster proof.  Looking forward how this will evolve.  These long-running / statefull processes are inherent available in Logic Apps, except for the statefull actor model.

Networking

Hybrid integration is reality nowadays.  Cloud services must be able to connect to on-premises resources in a secure and high performing way.  Azure Logic Apps performs this task via the On Premises Data Gateway, that needs to be installed on premises.  Behind the scenes, it uses Azure Service Bus Relay to connect to the cloud in a firewall friendly way, through encrypted channels.  When using Azure Functions within an App Service Plan, you have more convenient hybrid connectivity options that reside on the network level.  App Service Plans offer support for many networking options like Hybrid Connections, VNET Integration and App Service Environment.  Via these options, you can integrate Azure Functions with your local network through a Site-to-Site VPN or ExpressRoute.

Deployment

Azure Resource Manager templates are the way to deploy resources across the Microsoft Azure platform.  Fortunately, both Azure Functions and Logic Apps have built-in support for ARM deployments, through for example Visual Studio Release Management.  Next to this, Azure Functions allows easy setup of continuous deployments triggered from sources like BitBucket, Dropbox, Git, GitHub, OneDrive and VSTS.  This is ideal in case multiple and frequent contributions need to be consolidated and tested.  Additionally, Azure Functions has now deployment slots in preview.  This allows deploying and testing a vNext first, before you swap that tested deployment slot with the current version in production.

Runtime

Logic Apps run only in the cloud, as it has a dependency on Microsoft-managed connectors.  As a consequence, you can’t debug, test or run Logic Apps locally.  Azure Functions can be easily developed and debugged on your local workstation, which is a big plus to increase developer productivity.  Via the Azure Functions Runtime (still in preview) you are able to deploy them on premises in Windows Containers, with SQL Server as a storage layer.  Azure Functions is also supported to run on Azure Stack and it has been announced as part of Azure IoT Edge to execute on small devices.  This hosting flexibility is a big asset in phased migration scenarios towards the cloud.

Monitoring

Per Logic App, you have a nice overview of the previous runs and their corresponding outcome.  You can filter this history, based on a time period and the resulting run status.  The monitoring view of a workflow run is the same as the designer view, which makes it very intuitive.  For each action, you can see the status and all inputs/outputs.  With one button click, you can enable integration with OMS, where you can search on tracked properties.  There is a user-friendly and cross Logic Apps dashboard on top of this OMS integration.    Each Azure Function comes with a Monitor tab, where you can see the execution history.  There is also a live event stream that shows the almost real-time processing statistics in nice graphs.  On top of that, there’s full integration with Application Insights, where you can take advantage of the powerful Analytics queries.

Pricing Model

Logic Apps has a pure pay-per-usage billing model.  You pay for each action that gets executed.  It’s important to be aware that you also need to pay for polling triggers, which can be a hidden cost.  If you want to benefit from the capabilities of the Integration Account, you should be aware that this comes with a fixed monthly bill.  With Azure Functions, you have two options qua pricing.  You can opt for a fixed cost of an App Service Plan.  In that option you reserve compute power on which you can run Azure Functions, but also Web, Mobile and API Apps.  The second option is completely serverless, with a consumption plan based on resource consumption (memory/s) and number of executions.  Take into account that cold start delays are higher when using consumption plans!  Don’t forget that the Azure Storage layer also comes with a rather small cost!

Security

Each particular binding or connector comes with its own security.  In this section, I focus on the security of Logic Apps and Azure Functions exposed as an API.  In order to access a Logic App with the HTTP trigger, the client must include a Shared Access Signature in the URL.  The signature is generated via a secret key that can be regenerated at all time.  There is also the ability to restrict access, based on incoming IP addresses.  To add more authorization logic, you can put Azure API Management in front of it.  Azure Functions has a similar concept of API keys.  The API key can be shared for the whole Function App (host key) or you can create a specific one for your Function.  If you run your Azure Function in an App Service Plan, you can leverage its codeless authentication functionality with Active Directory, Google, Facebook, etc…  Real authorization requires a small code change.  Azure Function Proxies can be a light-weight alternative of full-blown API Management, to add security on top of your HTTP triggered Functions.

Conclusion

Based on the comparison above, you’ll notice that a lot of factors are involved when deciding between the two technologies.  At first, it’s important to see what technology supports the connectivity that you require.  Do you want to write it yourself or you want to leverage out-of-the-box bindings / connectors?  Next to that, my general guidance is as follows:

When dealing with synchronous request/response calls, that execute more complex logic, Azure Functions is the preferred option.  Logic Apps is better suited for asynchronous integration and fire-and-forget messaging that requires reliable processing.  When using Logic Apps, it can be perfectly extended with Azure Functions to execute stateless tasks that cannot be fulfilled by the out-of-the-box Logic Apps capabilities.

Web API’s are often composed of both sync and async operations.  If you follow the guidance stated above, you might end-up with an API that uses both Azure Functions and Logic Apps.  This is where Azure Functions Proxies has its value, as it can expose these separate microservices as a unified API.  This will be discussed in another blog post.

Stay tuned for more!

ABOUT

MEET THE YOUR AZURE COACH TEAM

Your Azure Coach is specialized in organizing Azure trainings that are infused with real-life experience. All our coaches are active consultants, who are very passionate and who love to share their Azure expertise with you.