SlideShare a Scribd company logo

Demystifying Azure App Service Networking

Download as PPTX, PDF
Mohamed Wali, profile picture
Mohamed Wali

The document discusses Azure App Service networking features and their applications, including Azure Front Door, hybrid connections, and virtual network (VNet) integration. Key topics include service endpoints for various Azure services, access restrictions to enhance security, and performance improvements with Azure CDN. It also highlights upcoming announcements and demo scenarios related to VNet integration and connections between Azure App Service and other resources.

Software
1 of 26
Downloaded 11 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Demystifying Azure App Service Networking Mohamed Wali @_Mwaly Author, Speaker & DevOps Engineer
Agenda Discuss Azure App Service networking features Demo most of them Scenarios about how to make use of them Announcements about upcoming features Q&A
Azure App Service Networking Features Azure Front Door with WAF Azure CDNAccess Restrictions Hybrid ConnectionsVNet Integration Assigned Public IP Address
VNet Service Endpoints • Extend VNet to Azure Services • Make use of Microsoft Azure backbone network • Faster, Reliable and Secure
Services support Service Endpoints Azure Storage Azure SQL Database Azure SQL Data Warehouse Azure Database for PostgreSQL server Azure Database for MySQL server Azure Database for MariaDB Azure Cosmos DB Azure Key Vault Azure Service Bus Azure Event Hub Azure Data Lake Store Gen 1 Azure App Service Azure Container Registry Preview!
Demo: Service Endpoints
Let your app live in a virtual network
Gateway Required vs Regional VNet Integration • Can be used to connect to any VNet either RM or Classic • Requires VNet Gateway with point-to-site VPN configured • 99.9% SLA due to the dependency on VNet Gateway • Can’t be used with Linux apps • Doesn’t support accessing via ExpressRoute or service endpoints Gateway • Still in Preview • No gateway needed • Make calls to service endpoint secured services • Access Resources in the same VNet, or via ExpressRoute or peered connections • Requires unused subnet to use its own IP addresses for the app outbound calls Regional Internet App Service Point to Site VPN Azure Virtual Network Internet App Service Azure Virtual Network Delegated subnet Azure SQL
Demo: New VNet Integration Scenario: Provide a direct connection between Azure App Service and Azure SQL Database
Azure App Service beyond the walls of Azure
App Service Hybrid Connection • Allow App Service to access on-prem services securely • The on-prem service doesn’t has to be internet accessible • The single app service can provide access in multiple networks • All the connections are outbound over standard web ports. Therefore, no firewall holes needed
Demo: Hybrid Connection
Stick to one IP
App Service Assigned IP Address • Can be set for inbound IPs since setting outbound IPs isn’t supported • Make sure that the app service plan is at least at the basic tier • A Custom domain has to be mapped to the Web App URL • Configure an IP based SSL certificate But What if I want to renew my certificate?
Control what hits your app service
App Service Access Restrictions • Prevent access from untrusted resources to your app service • Prevent search engines from indexing and associating your website content with the wrong domain name • Enforce the traffic to go through WAF
Demo: Access Restrictions
Static Content? Cache them all…
of viewers stop watching video if it takes more than 7 seconds to buffer2 of mobile internet users say they’ve encountered a website too slow to load1 experience service degradation during security attacks.3 End users experiences with web
Why Azure CDN? • High reliability & Robust security • Better user experience • Global presence • Availability and scalability • Faster response time
Spread Globally
User probe probe Global Private WAN Connection pooling Active global traffic routing Azure Region 1 Azure Region 2 • Accelerate application performance & availability • Integration with App Services • Globally distributed network with instance failover • Integration with WAF rules • SSL termination • Integrated static content caching • Session Affinity • URL (redirection & rewriting) • Multiple-site hosting • URL-based routing Your secure entry point for delivering globally performant hyperscale apps. Azure Front Door Service 64 global edge POPs HTTP(S) Path based traffic load balancing Static content caching Application layer security Azure Front Door Service
Demo: Configure Azure Front Door with WAF for your app
Microsoft Ignite Announcements for App Service Windows Web app VNet Integration planned GA December 2019 Linux Web app VNet Integration planned GA Q1CY2020 Access to all IPv4 ranges supported December 2019 Routing support on all IPv4 traffic (available now in some regions) December 2019 No support dates yet for: • Managed NAT or load balancer • global peering • service endpoint policies • Network Watcher • putting anything else in the integration subnet • using VNet Integration across subscriptions • multiple App Service plans being able to use the same subnet • increasing the number of VNet Integrations per App Service plan • VNet Integration working with Azure DNS private zones • Hybrid connection for Linux app service • Private Link support
Q&A
Keep in touch @_MWaly https://vlacticcloud.wordpress.com

More Related Content

PPTX
Azure App Service Deep Dive
Azure Riyadh User Group
 
PDF
KKBOX WWDC17 Security - Antony
Liyao Chen
 
PDF
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Khash Nakhostin
 
PPTX
Extend DevOps to Your SQL Server Databases
Red Gate Software
 
PPTX
Firebase
Shady Selim
 
PDF
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Khash Nakhostin
 
PDF
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Khash Nakhostin
 
PPTX
What's Better than Microservices? Serverless Microservices.
Apigee | Google Cloud
 
Azure App Service Deep Dive
Azure Riyadh User Group
 
KKBOX WWDC17 Security - Antony
Liyao Chen
 
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Khash Nakhostin
 
Extend DevOps to Your SQL Server Databases
Red Gate Software
 
Firebase
Shady Selim
 
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Khash Nakhostin
 
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Khash Nakhostin
 
What's Better than Microservices? Serverless Microservices.
Apigee | Google Cloud
 

What's hot (19)

PDF
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Khash Nakhostin
 
PPTX
API Proxy Auto Discovery
Vince Soliza
 
PPTX
Build Secure Cloud Solution using F5 BIG-IP on AWS
Lahav Savir
 
PPTX
Service Fabric Deployments
Daniel Toomey
 
PDF
Three Innovations that Define a “Next-Generation Global Transit Hub”
Khash Nakhostin
 
PDF
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Khash Nakhostin
 
PDF
What You Need to Know About Operationalizing Your AWS Transit Hub
Khash Nakhostin
 
PDF
API Gateway Use Cases​ for Kubernetes​
NGINX, Inc.
 
PPTX
Getting the Most Value from Your Aviatrix Controller & Gateways
Khash Nakhostin
 
PDF
Seven Criteria for Building an AWS Global Transit Network
Khash Nakhostin
 
PDF
Network monitoring for the modern wan webinar
ThousandEyes
 
PDF
Five Connectivity and Security Use Cases for Azure VNets
Khash Nakhostin
 
PPTX
Finding application problems before they impact users
CA Application Performance Management (APM)
 
PDF
Automating Performance Monitoring at Microsoft
ThousandEyes
 
PDF
Webinar: Introduction to CloudBees Jenkins Platform
Kiratech
 
PDF
Demystifying Service Mesh
Mitchell Pronschinske
 
PPTX
Four Scenarios for Using an Integration Service Environment (ISE)
Daniel Toomey
 
PDF
[NGINX Webinar Forum] Tune health check parameter to reduce app down time slide
Supachai Jaturaprom
 
PPTX
Latest Updates to Azure Integration Services
Daniel Toomey
 
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Khash Nakhostin
 
API Proxy Auto Discovery
Vince Soliza
 
Build Secure Cloud Solution using F5 BIG-IP on AWS
Lahav Savir
 
Service Fabric Deployments
Daniel Toomey
 
Three Innovations that Define a “Next-Generation Global Transit Hub”
Khash Nakhostin
 
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Khash Nakhostin
 
What You Need to Know About Operationalizing Your AWS Transit Hub
Khash Nakhostin
 
API Gateway Use Cases​ for Kubernetes​
NGINX, Inc.
 
Getting the Most Value from Your Aviatrix Controller & Gateways
Khash Nakhostin
 
Seven Criteria for Building an AWS Global Transit Network
Khash Nakhostin
 
Network monitoring for the modern wan webinar
ThousandEyes
 
Five Connectivity and Security Use Cases for Azure VNets
Khash Nakhostin
 
Finding application problems before they impact users
CA Application Performance Management (APM)
 
Automating Performance Monitoring at Microsoft
ThousandEyes
 
Webinar: Introduction to CloudBees Jenkins Platform
Kiratech
 
Demystifying Service Mesh
Mitchell Pronschinske
 
Four Scenarios for Using an Integration Service Environment (ISE)
Daniel Toomey
 
[NGINX Webinar Forum] Tune health check parameter to reduce app down time slide
Supachai Jaturaprom
 
Latest Updates to Azure Integration Services
Daniel Toomey
 
Ad

Similar to Demystifying Azure App Service Networking (20)

PPTX
Azure Web Apps Advanced Security
Udaiappa Ramachandran
 
PPTX
Demystifying azure networking for on premises-azure databases
Mohamed Wali
 
PPTX
The hidden secrets of azure networking
Mohamed Wali
 
PDF
App Service Web
Lisa Muthukumar
 
PPTX
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
Sam Vanhoutte
 
PDF
Building Hybrid Cloud Apps with Azure and Azure stack
WinWire Technologies Inc
 
PPTX
The Hitchhiker’s Guide to Hybrid Connectivity
Daniel Toomey
 
PPTX
On-Demand Webinar: Software Virtualization Lifecycle
Skytap Cloud
 
PPTX
Power of Compute Services on Microsoft Azure.
Abdul Rasheed Feroz Khan
 
PPTX
Plan, Deploy & Manage Modern Applications Leveraging vCloud Automation Center...
Puppet
 
PPTX
Applying Advanced Techniques to Azure Web Apps
Roy Kim
 
PDF
Why a Multi-cloud Strategy is Essential
Alibaba Cloud
 
PDF
15-factor-apps.pdf
Nilesh Gule
 
PPTX
Tokyo azure meetup #8 - Azure Update, August
Kanio Dimitrov
 
PPTX
Tokyo azure meetup #8 azure update, august
Tokyo Azure Meetup
 
PPTX
Cloud integration: what's in it for you? (Toon Vanhoutte & Massimo Crippa at ...
Codit
 
PDF
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
Amazon Web Services Korea
 
PPTX
Azure Web Apps
Gaurav Madaan
 
PPTX
Cloud Circle Talk - Enterprise Architecture, Cloud Computing and Integrations
paulfallon
 
PPTX
VMworld 2015: No App is An Island
VMworld
 
Azure Web Apps Advanced Security
Udaiappa Ramachandran
 
Demystifying azure networking for on premises-azure databases
Mohamed Wali
 
The hidden secrets of azure networking
Mohamed Wali
 
App Service Web
Lisa Muthukumar
 
AzureConf 2014 - Azure hybrid connections (Sam Vanhoutte)
Sam Vanhoutte
 
Building Hybrid Cloud Apps with Azure and Azure stack
WinWire Technologies Inc
 
The Hitchhiker’s Guide to Hybrid Connectivity
Daniel Toomey
 
On-Demand Webinar: Software Virtualization Lifecycle
Skytap Cloud
 
Power of Compute Services on Microsoft Azure.
Abdul Rasheed Feroz Khan
 
Plan, Deploy & Manage Modern Applications Leveraging vCloud Automation Center...
Puppet
 
Applying Advanced Techniques to Azure Web Apps
Roy Kim
 
Why a Multi-cloud Strategy is Essential
Alibaba Cloud
 
15-factor-apps.pdf
Nilesh Gule
 
Tokyo azure meetup #8 - Azure Update, August
Kanio Dimitrov
 
Tokyo azure meetup #8 azure update, august
Tokyo Azure Meetup
 
Cloud integration: what's in it for you? (Toon Vanhoutte & Massimo Crippa at ...
Codit
 
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
Amazon Web Services Korea
 
Azure Web Apps
Gaurav Madaan
 
Cloud Circle Talk - Enterprise Architecture, Cloud Computing and Integrations
paulfallon
 
VMworld 2015: No App is An Island
VMworld
 
Ad

Recently uploaded (20)

PDF
wealthsignaloriginal-com-DS-text-... (1).pdf
skmiani786
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PDF
top salesforce developer skills in 2025.pdf
CloudMetic
 
PDF
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PPTX
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
PPT
Introduction Database Management System for Course Database
ReinertYosua
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
wealthsignaloriginal-com-DS-text-... (1).pdf
skmiani786
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
Introduction to Artificial Intelligence
lohedi9363
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
System and Network Administration Chapter 2
jaramharo
 
top salesforce developer skills in 2025.pdf
CloudMetic
 
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
System and Network Administraation Chapter 3
jaramharo
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
Reimagine Home Health with the Power of Agentic AI​
AutomationEdge Technologies
 
Introduction Database Management System for Course Database
ReinertYosua
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 

Demystifying Azure App Service Networking

  • 1. Demystifying Azure App Service Networking Mohamed Wali @_Mwaly Author, Speaker & DevOps Engineer
  • 2. Agenda Discuss Azure App Service networking features Demo most of them Scenarios about how to make use of them Announcements about upcoming features Q&A
  • 3. Azure App Service Networking Features Azure Front Door with WAF Azure CDNAccess Restrictions Hybrid ConnectionsVNet Integration Assigned Public IP Address
  • 4. VNet Service Endpoints • Extend VNet to Azure Services • Make use of Microsoft Azure backbone network • Faster, Reliable and Secure
  • 5. Services support Service Endpoints Azure Storage Azure SQL Database Azure SQL Data Warehouse Azure Database for PostgreSQL server Azure Database for MySQL server Azure Database for MariaDB Azure Cosmos DB Azure Key Vault Azure Service Bus Azure Event Hub Azure Data Lake Store Gen 1 Azure App Service Azure Container Registry Preview!
  • 7. Let your app live in a virtual network
  • 8. Gateway Required vs Regional VNet Integration • Can be used to connect to any VNet either RM or Classic • Requires VNet Gateway with point-to-site VPN configured • 99.9% SLA due to the dependency on VNet Gateway • Can’t be used with Linux apps • Doesn’t support accessing via ExpressRoute or service endpoints Gateway • Still in Preview • No gateway needed • Make calls to service endpoint secured services • Access Resources in the same VNet, or via ExpressRoute or peered connections • Requires unused subnet to use its own IP addresses for the app outbound calls Regional Internet App Service Point to Site VPN Azure Virtual Network Internet App Service Azure Virtual Network Delegated subnet Azure SQL
  • 9. Demo: New VNet Integration Scenario: Provide a direct connection between Azure App Service and Azure SQL Database
  • 10. Azure App Service beyond the walls of Azure
  • 11. App Service Hybrid Connection • Allow App Service to access on-prem services securely • The on-prem service doesn’t has to be internet accessible • The single app service can provide access in multiple networks • All the connections are outbound over standard web ports. Therefore, no firewall holes needed
  • 14. App Service Assigned IP Address • Can be set for inbound IPs since setting outbound IPs isn’t supported • Make sure that the app service plan is at least at the basic tier • A Custom domain has to be mapped to the Web App URL • Configure an IP based SSL certificate But What if I want to renew my certificate?
  • 15. Control what hits your app service
  • 16. App Service Access Restrictions • Prevent access from untrusted resources to your app service • Prevent search engines from indexing and associating your website content with the wrong domain name • Enforce the traffic to go through WAF
  • 18. Static Content? Cache them all…
  • 19. of viewers stop watching video if it takes more than 7 seconds to buffer2 of mobile internet users say they’ve encountered a website too slow to load1 experience service degradation during security attacks.3 End users experiences with web
  • 20. Why Azure CDN? • High reliability & Robust security • Better user experience • Global presence • Availability and scalability • Faster response time
  • 22. User probe probe Global Private WAN Connection pooling Active global traffic routing Azure Region 1 Azure Region 2 • Accelerate application performance & availability • Integration with App Services • Globally distributed network with instance failover • Integration with WAF rules • SSL termination • Integrated static content caching • Session Affinity • URL (redirection & rewriting) • Multiple-site hosting • URL-based routing Your secure entry point for delivering globally performant hyperscale apps. Azure Front Door Service 64 global edge POPs HTTP(S) Path based traffic load balancing Static content caching Application layer security Azure Front Door Service
  • 23. Demo: Configure Azure Front Door with WAF for your app
  • 24. Microsoft Ignite Announcements for App Service Windows Web app VNet Integration planned GA December 2019 Linux Web app VNet Integration planned GA Q1CY2020 Access to all IPv4 ranges supported December 2019 Routing support on all IPv4 traffic (available now in some regions) December 2019 No support dates yet for: • Managed NAT or load balancer • global peering • service endpoint policies • Network Watcher • putting anything else in the integration subnet • using VNet Integration across subscriptions • multiple App Service plans being able to use the same subnet • increasing the number of VNet Integrations per App Service plan • VNet Integration working with Azure DNS private zones • Hybrid connection for Linux app service • Private Link support
  • 25. Q&A