Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Azure for Developers

You're reading from   Azure for Developers Implement rich Azure PaaS ecosystems using containers, serverless services, and storage solutions

Arrow left icon
Product type Paperback
Published in Aug 2022
Publisher Packt
ISBN-13 9781803240091
Length 632 pages
Edition 2nd Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Kamil Mrzygłód Kamil Mrzygłód
Author Profile Icon Kamil Mrzygłód
Kamil Mrzygłód
Arrow right icon
View More author details
Toc

Table of Contents (32) Chapters Close

Preface 1. Part 1: PaaS and Containers
2. Chapter 1: Web Applications in Azure – Azure App Service FREE CHAPTER 3. Chapter 2: Using Azure Container Registry for Storing and Managing Images 4. Chapter 3: Deploying Web Applications as Containers 5. Chapter 4: Using Azure Container Instances for Ad Hoc Application Hosting 6. Chapter 5: Building a Search Engine with Azure Cognitive Search 7. Chapter 6: Mobile Notifications with Notification Hubs 8. Part 2: Serverless and Reactive Architecture
9. Chapter 7: Serverless and Azure Functions 10. Chapter 8: Durable Functions 11. Chapter 9: Integrating Different Components with Logic Apps 12. Chapter 10: Swiss Army Knife – Azure Cosmos DB 13. Chapter 11: Reactive Architecture with Event Grid 14. Part 3: Storage, Messaging, and Monitoring
15. Chapter 12: Using Azure Storage – Tables, Queues, Files, and Blobs 16. Chapter 13: Big Data Pipeline – Azure Event Hubs 17. Chapter 14: Real-Time Data Analysis – Azure Stream Analytics 18. Chapter 15: Enterprise Integration – Azure Service Bus 19. Chapter 16: Using Application Insights to Monitor Your Applications 20. Chapter 17: SQL in Azure – Azure SQL 21. Chapter 18: Big Data Storage – Azure Data Lake 22. Part 4: Performance, Scalability, and Maintainability
23. Chapter 19: Scaling Azure Applications 24. Chapter 20: Serving Static Content Using Azure CDN 25. Chapter 21: Managing APIs with Azure API Management 26. Chapter 22: Building a Scalable Entry Point for Your Service with Azure Front Door 27. Chapter 23: Azure Application Gateway as a Web Traffic Load Balancer 28. Chapter 24: Distributing Load with Azure Traffic Manager 29. Chapter 25: Tips and Tricks in Azure 30. Index 31. Other Books You May Enjoy

Configuring networking for Azure App Service

Web applications must often connect with various services. Those can be other apps, databases, container registries, and many more. Some of them will not be available publicly, hence you will have to find a way to reach them. Remember that Azure App Service is a public service and if you are not using an App Service environment, by default it will not be integrated with your networks. Let's verify what options we have to overcome that problem.

The Networking blade

The very first thing you will need to do is go to the Networking blade of your App Service resource, as illustrated in the following screenshot:

Figure 1.40 – Networking blade

Figure 1.40 – Networking blade

This will provide all the necessary information about your app networking stack, as follows:

  • Inbound/outbound addresses
  • Access restrictions
  • Private endpoints
  • Virtual network (VNet) integrations
  • Hybrid connections

Note

To have access to all networking features, you will need to scale up your application to at least the P1V2 tier.

Access Restrictions

Let's consider a scenario—you want your application to respond only to a single Internet Protocol (IP) address. If a user reaches it using a different one, they should not have access. This feature is especially useful if you allow users to access your web APIs via API managers (such as Azure API Management). As such, a manager usually offers a static IP, and you normally blacklist all the IPs but this one. This can be done using the Access Restrictions feature, as illustrated in the following screenshot:

Figure 1.41 - Enabling Access Restrictions

Figure 1.41 - Enabling Access Restrictions

Once such a rule is set, and if I try to access my website and my IP is not whitelisted, I will get an HTTP 403 Forbidden response, as follows:

Figure 1.42 – Effect of enabling Access Restrictions

Figure 1.42 – Effect of enabling Access Restrictions

As you can see, with only a few simple clicks, you can block access to your application and whitelist only a specific set of IP addresses.

Private endpoints

Private endpoints are an advanced networking feature of Azure. They are used to ensure that all the traffic stays within the Azure backbone network and never reaches the public internet. They usually work in connection with Azure Private Link to secure a connection between different networks and act as an entry point for communication. We will not go into details of these advanced concepts, but if you are interested in learning more, see an overview of the service here: https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview.

VNet integration

This feature is an interesting capability of Azure App Service and allows you to reach services enclosed in a VNet while preserving the public availability of your web application. It is worth remembering that even if VNet integration is enabled and you can fetch data, for example, from a database, the database will not be able to call your application. If in the integrated VNet you have a service, it will not be able to communicate with App Service, though opposite communication is possible.

VNet integration is enabled via the Add VNet button, as illustrated in the following screenshot:

Figure 1.43 – VNet configuration

Figure 1.43 – VNet configuration

You will be able to choose a network and subnet that you would like to use for the integration. Remember, though, that you will be able to see networks that are in the same region as your Azure App Service resource. Once a connection is established, the VNet Configuration view will change its appearance so that it looks like this:

Figure 1.44 – VNet integration enabled

Figure 1.44 – VNet integration enabled

However, take into consideration that VNet integration is not that simple—you will have to consider additional scenarios, such as these:

  • Connectivity with service endpoints, which will require connecting to a specific subnet and configuring those endpoints against the selected subnet.
  • Connectivity with private endpoints, for which you will have to ensure that Domain Name System (DNS) lookups resolve to them. This implies integrating a DNS server with your VNet and managing it.
  • Using network security groups (NSGs) for control over outbound traffic.

If you find those scenarios interesting, check out the following link to learn more: https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet.

You have been reading a chapter from
Azure for Developers - Second Edition
Published in: Aug 2022
Publisher: Packt
ISBN-13: 9781803240091
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image