Is it possible to use site-to-site vpn with paas cloud services in azure? I have a VM in azure and it seems to work just fine but can't seem to find anything in config (or wherever) about vpn for cloud services....
Short answer, yes. You create the network first, then, configure the cloud service to deploy into that network.
Here are instructions that should help
Related
BeyondTrust is being used on-premise. How would I configure the network so that the cloud is also a target for BeyondTrust i.e. route traffic from beyondtrust onprem to targets in Azure cloud.
You can connect your on-premise to Azure by setting up an Azure S2S VPN from your on-premise. Here are more details on setting up the same.
Further, you can also setup an Azure Express Route Circuit. ExpressRoute circuits connect your on-premises infrastructure to Microsoft through a connectivity provider. Here are more details on setting up the same.
Hope this helps. If you need any further assistance, please do let us know. Thank you!
It's basically a question of routing. If you have an open route to the targets, Password Safe will be able to reach them.
I have an Azure function under an ExpressRoute subscription that is trying to connect to an on-prem database, but fails to do so.
Is it possible to use Azure functions within ExpressRoute?
Thanks!
An Azure Function can be deployed on an App Service Environment. The App Service Environment is deployed on your own VNET which can have access to on-prem resources via ExpressRoute.
If you don't want to pay for an App Service Environment, you can deploy your Function on a dedicated App Service Plan and then use Hybrid Connections to connect to on-prem, or integrate the Function App to your VNET and create a Site-to-Site VPN to on-premises. These last 2 options option, however, won't go through ExpressRoute.
All 3 options are described here. You just need to deploy your Azure Function to an App Service Plan to get same features as an App Service.
HTH
Not without setting up a dedicated router virtual appliance (e.g. a CiscoASA VM from the Azure marketplace). Microsoft will say "not supported", but we were able to get it working in this manner.
I have a web app that is currently deployed in an App Service Environment. One of the advantages of this is the security offered by the VNet within which the ASE resides.
Unfortunately this is a very expensive option for a low traffic solution (currently costing approx. £1500 a month). Is there an alternative solution that offers the same level of security as the ASE solution, e.g. is it possible to deploy a standard Web App to a VNet?
Yes and no.
A way to do that would be to use VNet integration of a WebApp. Unfortunately, it doesn't isolate the WebApp from the internet (that can be done via the webconfig). The other problem is that it only allows the webapp to access resources inside the VNet, not vice-versa. For that you would have to allow resources to access WebApp from the internet.
No other way currently.
It is not possible to deploy an Azure web app to a VNET (allowing for 2-way communication) without using App Service Environment (ASE). If you want your web app to only be available to internal systems, you'd have to rely on IIS ipSecurity config (https://www.iis.net/configreference/system.webserver/security/ipsecurity).
Essentially, whitelist all allowed public IPs (from the systems accessing the website). This might get difficult to maintain, so you might want to investigate a reverse proxy type solution either deployed in IaaS, or use AppGateway, or use a 3rd party such as incapsula/silverline.
As it has already been mentioned, Azure Web App cannot be added to your VNET. There is a VNET integration option which allows it to act as a P2S client, however it may not be acceptable in all scenarios. Here are the alternate options:
Azure Cloud Services (PaaS)
Azure Virtual Machines (IaaS)
App Service Environment (Expensive)
I think the best option would be cloud services as it can sit inside a VNET and provide some benefits of being a PaaS based service. Refer here: https://learn.microsoft.com/en-in/azure/cloud-services/
How do I connect to a database on-premises from an Azure WebJob or an Azure Function? Is this even possible?
I've been recently researching this and have found there a 3 avenues to connect app services to on prem database, as of today anyway.
Hybrid Connection, VNET Integration or App Service Environment
The later 2 options require VPN or Express (I think) connectivity to a cloud VNET. The VNET Integration option requires a separate VNET with PointToSite gateway connecting to your existing VNET. The App Service Environment is a quite expensive option as your App Service Plan is actually hosted inside your VNET, no longer being a shared host.
I have a web app built on .Net 4.6. The application utilises elasticsearch and redis which are hosted in an Azure VM. I am trying to connect Azure VM(ElasticSearch+Redis) to Azure WebApp(.Net WebApp) using internal network. i.e, WebApp and VM should interact with each other on LAN and not the internet. I am not able to understand Azure VNET use case scenario from its description in docs.
Does Azure VNET enable the above-mentioned scenario? If yes, How? If No, Please suggest the best way to archive this.
Out of curiosity, could you please let me know why are you using a VM for Redis and Elastic Search?
With regards to your questions, you can definitely do that. Please read Getting Started at the below link to understand -
Integrate your app with an Azure Virtual Network