Share via

How to connect public web app to private internal resources

M.Chamara Sampath Fernando 25 Reputation points
2024-06-03T09:06:46.3866667+00:00

We have a Public web app which is acting as the front end and it should be accessible for users publicly, and we have some resources like storage accounts, Search indexers which used by web app to query data and give output to the users. Our goal is to make web app publicly accessible in the same time it should have internal private access to resources like storage accounts etc. What is the recommended way to do this?

Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
485 questions
Accepted answer
  1. KapilAnanth-MSFT 40,021 Reputation points Microsoft Employee
    2024-06-03T14:18:34.2966667+00:00

    @M.Chamara Sampath Fernando ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you have a requirement where you would like your web app to access resources that reside within a VNET.

    Before I talk about webapp, please note the following points

    1. Private EndPoint is used to provide access from resources in VNET to the PaaS Service via Private traffic. i.e., Connections can be initiated only towards the PaaS Service, and the PaaS Service cannot initate connections via a Private EndPoint.
    2. A VNET Integration allows the PaaS Service to access the resources in the VNET but not vice versa, i.e., Connections can be initiated only by the PaaS Service to the VNET resources
    3. A Storage Account never reside in a VNET, it can have a Private EndPoint in a VNET like #1 but that does not technically mean the Storage Account resides within a VNET.
      1. It means, the "PE of Storage Account" resides in the VNET.

    So, I take it that when you say "internal private access to resources like storage accounts" , you are referring to PE of storage account.

    Now, to address your queries,

    • If you want the WebApp to access services that are residing within a VNET, you should VNET integrate your Web App
    • If you want the resources in the VNET to access the WebApp without reaching the Internet, you should consider Private EndPoint.
      • I don't think so you require this feature. VNET integration alone should do the trick.

    Can you please use VNET Integration and let us know if you face any challenges with connecting to resources in the VNET (from WebApp)?

    Kindly let us know if this helps or you need further assistance on this issue.

    Thanks,

    Kapil

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest