P2S connectivity to vNet isolated serverless AzFunctions

Ayan Mullick 66 Reputation points
2020-10-21T18:55:22.223+00:00

Suppose someone has a virtual network isolated consumption tier Azure function app. Is there a way one could advertise the region-specific AppService service tag to a virtual network gateway so that one could access the consumption tier function application from outside of Azure through P2S VPN?

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,322 questions
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,393 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,177 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,944 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. suvasara-MSFT 10,011 Reputation points
    2020-10-22T11:41:08.133+00:00

    @Ayan Mullick , on enabling Service Endpoints, the traffic remains in the Microsoft backbone network, allowing access to PaaS resources only from its own VNet, but the PaaS endpoint is still accessed via the public IP of the service. So, when you select allow for a particular VNET in the "access restriction" policy then your app will be accessed by only resources that are deployed in that particular VNET. Consequently, the operating principle of the VNet Service Endpoints does not extend to on-premises world even in the presence of connectivity with Azure (VPN or ExpressRoute).

    But with deploying Azure Private Link you can instead access the PaaS resources via a private IP address of your VNet, which it is potentially also accessible from:

    1. On-premises systems via Azure ExpressRoute private peering or Azure VPN gateways.
    2. Systems on VNet in peering.

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.