You're reading from Azure for Developers Implement rich Azure PaaS ecosystems using containers, serverless services, and storage solutions

Product type Paperback

Published in Aug 2022

Publisher Packt

ISBN-13 9781803240091

Length 632 pages

Edition 2nd Edition

Languages

SQL

Tools

Azure

Concepts

Robotic Process Automation

Author (1):

Kamil Mrzygłód

View More author details

Table of Contents (32) Chapters

Preface

1. Part 1: PaaS and Containers

2. Chapter 1: Web Applications in Azure – Azure App Service FREE CHAPTER

3. Chapter 2: Using Azure Container Registry for Storing and Managing Images

4. Chapter 3: Deploying Web Applications as Containers

5. Chapter 4: Using Azure Container Instances for Ad Hoc Application Hosting

6. Chapter 5: Building a Search Engine with Azure Cognitive Search

7. Chapter 6: Mobile Notifications with Notification Hubs

8. Part 2: Serverless and Reactive Architecture

9. Chapter 7: Serverless and Azure Functions

10. Chapter 8: Durable Functions

11. Chapter 9: Integrating Different Components with Logic Apps

12. Chapter 10: Swiss Army Knife – Azure Cosmos DB

13. Chapter 11: Reactive Architecture with Event Grid

14. Part 3: Storage, Messaging, and Monitoring

15. Chapter 12: Using Azure Storage – Tables, Queues, Files, and Blobs

16. Chapter 13: Big Data Pipeline – Azure Event Hubs

17. Chapter 14: Real-Time Data Analysis – Azure Stream Analytics

18. Chapter 15: Enterprise Integration – Azure Service Bus

19. Chapter 16: Using Application Insights to Monitor Your Applications

20. Chapter 17: SQL in Azure – Azure SQL

21. Chapter 18: Big Data Storage – Azure Data Lake

22. Part 4: Performance, Scalability, and Maintainability

23. Chapter 19: Scaling Azure Applications

24. Chapter 20: Serving Static Content Using Azure CDN

25. Chapter 21: Managing APIs with Azure API Management

26. Chapter 22: Building a Scalable Entry Point for Your Service with Azure Front Door

27. Chapter 23: Azure Application Gateway as a Web Traffic Load Balancer

28. Chapter 24: Distributing Load with Azure Traffic Manager

29. Chapter 25: Tips and Tricks in Azure

30. Index

Why subscribe?

31. Other Books You May Enjoy

Configuring networking for Azure App Service

Web applications must often connect with various services. Those can be other apps, databases, container registries, and many more. Some of them will not be available publicly, hence you will have to find a way to reach them. Remember that Azure App Service is a public service and if you are not using an App Service environment, by default it will not be integrated with your networks. Let's verify what options we have to overcome that problem.

The Networking blade

The very first thing you will need to do is go to the Networking blade of your App Service resource, as illustrated in the following screenshot:

Figure 1.40 – Networking blade

This will provide all the necessary information about your app networking stack, as follows:

Inbound/outbound addresses
Access restrictions
Private endpoints
Virtual network (VNet) integrations
Hybrid connections

Note

To have access to all networking features, you will need to scale up your application to at least the P1V2 tier.

Access Restrictions

Let's consider a scenario—you want your application to respond only to a single Internet Protocol (IP) address. If a user reaches it using a different one, they should not have access. This feature is especially useful if you allow users to access your web APIs via API managers (such as Azure API Management). As such, a manager usually offers a static IP, and you normally blacklist all the IPs but this one. This can be done using the Access Restrictions feature, as illustrated in the following screenshot:

Figure 1.41 - Enabling Access Restrictions

Once such a rule is set, and if I try to access my website and my IP is not whitelisted, I will get an HTTP 403 Forbidden response, as follows:

Figure 1.42 – Effect of enabling Access Restrictions

As you can see, with only a few simple clicks, you can block access to your application and whitelist only a specific set of IP addresses.

Private endpoints

Private endpoints are an advanced networking feature of Azure. They are used to ensure that all the traffic stays within the Azure backbone network and never reaches the public internet. They usually work in connection with Azure Private Link to secure a connection between different networks and act as an entry point for communication. We will not go into details of these advanced concepts, but if you are interested in learning more, see an overview of the service here: https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview.

VNet integration

This feature is an interesting capability of Azure App Service and allows you to reach services enclosed in a VNet while preserving the public availability of your web application. It is worth remembering that even if VNet integration is enabled and you can fetch data, for example, from a database, the database will not be able to call your application. If in the integrated VNet you have a service, it will not be able to communicate with App Service, though opposite communication is possible.

VNet integration is enabled via the Add VNet button, as illustrated in the following screenshot:

Figure 1.43 – VNet configuration

You will be able to choose a network and subnet that you would like to use for the integration. Remember, though, that you will be able to see networks that are in the same region as your Azure App Service resource. Once a connection is established, the VNet Configuration view will change its appearance so that it looks like this:

Figure 1.44 – VNet integration enabled

However, take into consideration that VNet integration is not that simple—you will have to consider additional scenarios, such as these:

Connectivity with service endpoints, which will require connecting to a specific subnet and configuring those endpoints against the selected subnet.
Connectivity with private endpoints, for which you will have to ensure that Domain Name System (DNS) lookups resolve to them. This implies integrating a DNS server with your VNet and managing it.
Using network security groups (NSGs) for control over outbound traffic.

If you find those scenarios interesting, check out the following link to learn more: https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet.

You're reading from Azure for Developers Implement rich Azure PaaS ecosystems using containers, serverless services, and storage solutions

Table of Contents (32) Chapters

Configuring networking for Azure App Service

The Networking blade

Access Restrictions

Private endpoints

VNet integration

Authors (1)

Personalised recommendations for you