App Service Connectivity to SQL DB over a private link

Pallab Chakraborty 401 Reputation points
2021-05-28T00:51:41.277+00:00

I have Azure Web Apps at the moment connecting to Azure SQL DB over the internet. I am going to implement Private Link for my Azure SQL DB. My Azure SQL DB has a Failover Group configured with a secondary Server and a DB in a paired region for DR purposes. I have the below queries

1) My App Service Plan at the moment is S1. Do i need to enable VNET integration for my Web Apps so that my Web Apps can connect to the SQL DB after private link is enabled for SQL DB? If VNET integration is required for this purpose, then will my current SKU support the VNET integration or i need to convert to a Premium SKU for this? MS Docs say that VNET integration features need a Standard, Premium, PremiumV2,PremiumV3 or Elastic Premium plan. But if i see this Github issue, i see people have complained that VNET integration doesn't work with Standard. Please see the Issue below

https://github.com/MicrosoftDocs/azure-docs/issues/56945

2) If i have to enable VNET integration suppose, can i use my existing subnet which has my SQL DB already to use that for my Web App or i need to create a dedicated subnet for my Web App for VNET integration?

What do i need to do for connecting my Web Apps to Azure SQL when a failover happens from primary region to secondary region? Will my Web Apps automatically connect to the secondary using the FO group connection string? Do i need something called Gateway-required VNET integration for this purpose?

Azure SQL Database
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
459 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,792 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ryan Hill 25,471 Reputation points Microsoft Employee
    2021-06-01T16:56:22.643+00:00

    Hi @Pallab Chakraborty , please see my responses down below.

    Do i need to enable VNET integration for my Web Apps so that my Web Apps can connect to the SQL DB after private link is enabled for SQL DB?

    Yes you will need to VNET for your app service to be able to reach your Azure SQL DB instance. When you create your private endpoint, you're required to select a virtual network.

    If VNET integration is required for this purpose, then will my current SKU support the VNET integration or i need to convert to a Premium SKU for this?

    VNET integration does work with Standard plans. If you get an warning that you can't integrate a VNET on the Standard Sku, then your app is running on older hardware. To rectify this, you can either scale up to a Premium SKU or create a new app service plan inside a new resource group and move your app to the new plan.

    If i have to enable VNET integration suppose, can i use my existing subnet which has my SQL DB already to use that for my Web App or i need to create a dedicated subnet for my Web App for VNET integration?

    That's completely up to you. There isn't anything that would prevent you from using the same subnet for both your SQL DB and App Service.

    0 comments