Queries on App service in Azure

Tadul 1 Reputation point
2020-06-04T12:29:37.863+00:00

Hello,

I have below queries regarding app service web apps.

  1. App service (PAAS offering from Azure):
    • We have created multiple app services and URL's of those are publicly accessible. Is there away deploy this app service in a VNET? I have read about App service Environment but it's a different service altogether.
    • If we use VNET service endpoints to restrict inbound access to app service then how we manage communication between one app service to another app service in our application.
    • There is an external IP associated with every App service and this IP is same (All app services are using a single app service plan)...Is that IP ever change ?

Thanks,

Tadul Shah

9967067430

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,688 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Grmacjon-MSFT 15,156 Reputation points
    2020-06-09T00:30:41.693+00:00

    Thanks for your questions @tadul .

    Yes, you can deploy an app service in a VNET. As this doc states:

    VNet Integration gives your app access to resources in your VNet, but it doesn't grant inbound private access to your app from the VNet. Private site access refers to making an app accessible only from a private network, such as from within an Azure virtual network. VNet Integration is used only to make outbound calls from your app into your VNet. The VNet Integration feature behaves differently when it's used with VNet in the same region and with VNet in other regions. The VNet Integration feature has two variations:

    Regional VNet Integration: When you connect to Azure Resource Manager virtual networks in the same region, you must have a dedicated subnet in the VNet you're integrating with.

    Gateway-required VNet Integration: When you connect to VNet in other regions or to a classic virtual network in the same region, you need an Azure Virtual Network gateway provisioned in the target VNet."

    • to answer your last question, yes the inbound IP address may change when you perform one of the following actions:

    Delete an app and recreate it in a different resource group. Delete the last app in a resource group and region combination and recreate it. Delete an existing TLS binding, such as during certificate renewal (see Renew certificate).

    To get a static inbound IP address, you need to secure a custom domain. If you don't actually need TLS functionality to secure your app, you can even upload a self-signed certificate for this binding. In an IP-based TLS binding, the certificate is bound to the IP address itself, so App Service provisions a static IP address to make it happen.

    to learn more about Inbound and outbound IP addresses in Azure App Service please see this documentation.

    Let us know if you have further questions.

    Thanks,

    Grace