How to integrate Azure App Service with Azure Virtual Network

Case



While configuring Azure App Service, you need to integrate App Service with Azure Virtual Network (VNET). App Service VNET integration is one of the many networking features of Azure App Service, as shown in the table below.



Inbound networking featuresOutbound networking featuresApp-assigned addressHybrid ConnectionsAccess restrictionsGateway-required virtual network integrationService endpointsVirtual network (VNET) integrationPrivate endpoints

Solution



You can configure VNET integration for your App Service either during resource provisioning time or after the resource provisioning.



During App Service resource provisioning

You can configure VNET integration while provisioning the App Service resource in the Azure management portal, under the Networking tab. The default settings of the Networking tab are as follows.





To enable VNET integration, set the "Enable network injection" option to "On" and then configure the virtual network to integrate with your App Service. Further down, se the "Enable VNET integration option" to "On" and choose the subnet of your VNET which will be used as the source for the outbound traffic of your App Service.





After App Service resource provisioning



After the App Service resource has been provisioned, you can access the configuration of the VNET integration parameters from the Azure portal under the "Networking" blade of the App Service resource, as shown below.





From this page you have the following VNET integration configuration options:



- Disconnect the VNET from the App Service.

- Enable or disable the "Route All" option.

- Change the integrated VNET.

- Change the integrated VNET subnet.



To setup a different VNET or VNET subnet, you first need to disconnect the existing VNET.







At this point you can click on "Add VNET" to configure VNET integration again with a different VNET and VNET subnet.



Connecting and disconnecting with a virtual network is at an app level. Operations that can affect virtual network integration across multiple apps are at the App Service plan level. You can see similar information at the App Service plan level in the App Service plan --> Networking --> VNet integration portal.







App Service VNET integration configuration properties



The following App Service Kudu console page provides a list of all environment variables configured for the App Service.



https://.scm.azurewebsites.net/Env.cshtml



In the example shown below, the WEBSITE_VNET_ROUTE_ALL = 1 variable is shown.





WEBSITE_VNET_ROUTE_ALL when set to 1 enforces all outbound traffic (including all public IP addresses) to pass via the VNET integration and not only RFC 1918 traffic (private IPv4 address spaces).





Sources



https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration



https://learn.microsoft.com/en-us/training/modules/design-implement-private-access-to-azure-services/7-integrate-your-app-service-azure-virtual-networks



https://learn.microsoft.com/en-us/azure/app-service/configure-vnet-integration-routing



https://learn.microsoft.com/en-us/azure/app-service/configure-vnet-integration-enable


https://stefanos.cloud/kb/how-to-integrate-azure-app-service-with-azure-virtual-network/

Comments

Popular posts from this blog

How to perform hardware health checks in Windows

How to resolve Group Policy error codes 8007071a and 800706ba

FsLogix 2201 Public Preview release