In this video, learn how and why to use an Azure VPN with your Azure web app. Learn about the requirements to implement a VPN with your Azure web app as well as considerations. A demonstration outlines how to implement a VPN with a web app.
- [Narrator] In this lesson, we're going to look at how we integrate an Azure web app with an Azure VPN. When we implement a VPN, our web app can then access resources on the virtual network within Azure. In our example here, we can see our web app. It has a point-to-site VPN connection into our network, which then contains our virtual machine, and that virtual machine hosts a SQL database in IIS. But keep in mind that private access to the web app the other way is prohibited unless we're using the App Service Environment, or ASE, which is out of scope of this course.
In order to utilize the Azure Virtual Network with your web app, you must use the standard, premium or isolated plans. You can only have one app connect to the VNet at a time, and only five VNets can be integrated into an app service plan. But the same virtual network can be used by multiple apps within that app service plan. Your virtual network must be in the same subscription as your app service plan, and finally, the virtual network must have a dynamic routing gateway.
Now, you may be all excited and go, 'Yes, we're going to do this,' but there are a few things that virtual network integration with your web app does not support, including mounting of a drive. You'll not be able to leverage NetBIOS. You cannot have private site access or Active Directory Integration. Did you notice that in the previous image the connection was a point-to-site connection and not a site-to-site connection? This is because web apps are multi-tenant, and therefore they cannot be directly connected to a virtual network.
What happens is the network is actually connected to the virtual machine that is hosting the app. If you also have a site-to-site VPN configured, then the app can access those on-premise resources as well. Let's pop into Azure and create a VPN for our web app. We are in the LIL messaging resource group, and one thing you'll notice here is I have already gone ahead and created a web app called LIL Web App.
I'm going to go ahead and open that, and then what you'll need to do here is scroll down under settings, and then networking. We'll choose the first option, which is VNet integration, and we'll click on setup. We do not have any virtual networks set up at this point in time, so we'll go ahead and create a new virtual network. If I did have a virtual network set up, I could select it as long as that other virtual network was in the same subscription, had point-to-site enabled and a dynamic routing gateway.
When you configure it through the web app itself, all those settings will automatically be configured for you. I'm just going to call this LIL VNet. We're going to go ahead and use the default virtual network address block. Same for the subnet name, the subnet address block, our gateway subnet address block, and our point-to-site address block. You could change these IPs as required. Keep in mind, though, cite or notation is required. And if I scroll down just a little bit, you're going to see where it says, 'VNet selection is required after the VNet creation.' That's letting us know that there will be a second step.
Go ahead, click okay, and this will take a few moments. It took several minutes but our virtual network is now up and running. We can go ahead and set it up. To do so, click on setup and you'll notice that the network we created is now available to us. I'm going to go ahead and select that, and now that virtual network will be added to our web app. And that's it. We can now see that our web app is connected to our network.
This link, 'Click here to configure,' is a little misleading. We'll pop into there. The only thing we can actually do here is just disconnect that virtual network from our web app. That's all there is to it, to connecting a web app to a virtual network, which, in turn, will allow access to the resources in that virtual network.
- Creating compute-intensive applications
- Creating long-running applications
- Implementing messaging systems
- Azure Service Bus relays
- Using Azure Storage queues
- Creating an Azure Event Hub
- Creating Azure WebJobs
- Managing cloud environments with Azure Active Directory Domain Services