Can we create IaaS resources inside a subnet with Service Enpoint enabled?

Question

Can we create IaaS resources inside a subnet with Service Enpoint enabled?

Rajesh Swarnkar 891

If I enable Service Ep for a subnet, will I be able to create IaaS resources like VM or NIC in that subnet ?

KapilAnanth-MSFT 49,021 Reputation points Microsoft Employee

2024-02-19T14:25:45.73+00:00
@Rajesh Swarnkar ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I understand that you would like to know about using Service EndPoint.

As stated by Martin Therkelsen,

Service EndPoint does not hinder you from creating resources in the Subnet in which it is enabled.

In fact, the whole concept of Service EndPoint is to enable IaaS Services (such as VMs) to communicate with PaaS Services over Microsoft backbone.

Kindly let us know if this helps or you need further assistance on this issue.

Thanks,

Kapil

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

2 answers

Your answer

KapilAnanth-MSFT 49,021 Reputation points Microsoft Employee

2024-02-19T14:25:45.73+00:00

@Rajesh Swarnkar ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I understand that you would like to know about using Service EndPoint.

As stated by Martin Therkelsen,

Service EndPoint does not hinder you from creating resources in the Subnet in which it is enabled.

In fact, the whole concept of Service EndPoint is to enable IaaS Services (such as VMs) to communicate with PaaS Services over Microsoft backbone.

Kindly let us know if this helps or you need further assistance on this issue.

Thanks,

Kapil

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

Answer 1

Martin Therkelsen 1,405 MVP

Hi Rajesh, Yes, you can have VMs in subnets that have service endpoints, this is often used this way so that you can reach Azure services via VMs using that service endpoint. You can find service endpoints here: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview If you want to have all traffic on the same subnet you can use private endpoints for some services. https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview

Martin Therkelsen 1,405 Reputation points MVP

2024-02-16T14:59:28.4566667+00:00

Hi Rajesh, Yes, you can have VMs on the same subnet as you have service endpoints. Often VMs are using these endpoints to gain access to azure services. https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview If you want you can also use private endpoints for some of these services. https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview What is not allowed is to have VMs on subnets that has been delegated to a service

Answer 2

Hei @Rajesh Swarnkar , Thanks for reaching out to Microsoft Q&A. As Martin Therkelsen already stated above, Yes a network (subnet) that has service endpoints can host other resouces (like VM and storage accounts) Service endpoints are for specific PAAS services to contact Azure via Azure network, they do not reserve the subnet to that service exclusively. If a subnet is reserved for a specific service like a firewall subnet then that subnet will not host anyother resource, this is mostly becasue that subnet will be used for sub resources generated by the dedicated resource. If this helped then do consider marking this as answer.

Share via

Can we create IaaS resources inside a subnet with Service Enpoint enabled?

2 answers

Your answer