4

I'm simply wondering if it is possible to create a private network on Azure and place a web app there? I know I can put VM's, SQL instances etc, but my question concern Web Apps specifically. Seems like such basic thing, but can't seem to make any progress on this...

My goal is to setup a Dev, Test and Prod environment in Azure. I setup a VPN for each environment. Each VPN has three subnets (Public Web Front End, Private App Service, and a private Data sub net)

I want Dev, and Test environments to be completely private, but Prod should have the "Web Front End" subnet open to the Internet.

I cannot find a way to put the Web App in the subnet? If this is not possible, then does that mean I can't use Web Apps, and must instead use a VM with IIS? Is my approach using VPN's and subnets incorrect?

Thanks,

Per

Per C.
  • 43
  • 1
  • 4

3 Answers3

3

Absolutely - you need to set up Virtual Network or Hybrid Connection:

Reference #1: Connect to on-premises SQL Server from a web app in Azure App Service using Hybrid Connections

Reference #2: Integrate your app with an Azure Virtual Network

Reference #3: How to place your Web App into the existing Virtual Network (your situation, i guess)

And you will have the VPN/Virtual Network that will give your solution the continuous IPs space.

Alex Belotserkovskiy
  • 3,854
  • 1
  • 10
  • 9
  • Thanks Alex, but perhaps I'm not explaining this properly. We only have Azure. No onpremise stuff whatsoever. Reference 2 and 3 discuss how a web site can connect to resources inside a private network. I'm trying to setup a completely private network on Azure which contains a web app. – Per C. May 17 '16 at 15:00
2

You need to create an App Service Environment (ASE) and deploy your web app there. Instructions on how to do this is available here.

Also, be advised that at this time, ASE can only be created in a v1 virtual network.

Rick Rainey
  • 10,545
  • 2
  • 27
  • 47
  • Thanks Rick. This seems to be the way to do this. I'm surprised there is so little information on how to setup the scenario I described? Is it more common to have on-premise dev, test and just prod on Azure? – Per C. May 17 '16 at 15:36
  • @PerC. No. Dev/Test, QA, Prod, etc. environments should be represented equally (the same) and running in the cloud/Azure enables this. You should run Prod in a separate subscription from Dev/Test. This particular requirement of protecting a web app in a virtual network is common in enterprise scenarios. – Rick Rainey May 18 '16 at 00:54
  • You don't need an ASE, you can do this with any app service non free tier. Simply need an Azure VNet, Subnet. Azure Service Environment (Isolated) are hugely expensive. – Simon Bourdeau May 16 '19 at 18:24
0

Earlier this was possible only for azure VM connected via private peering via expressroute.This is now possible with azure private link

MSTechnie
  • 127
  • 5