Function App

Sourav 60 Reputation points
2024-04-13T05:10:50.6433333+00:00

Hi,

We have deployed azure function app on java platform. This function app will need to connect an internal service URL hosted on-prem. I would like to know how do we setup the communication from function app hosted in azure to on-prem service ?

  1. What are the network/firewall settings we need to allow ?
  2. do we need any DNS settings to resolve the URL since this internal URL uses on-prem DNS?

Thanks!

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,285 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,146 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. dashanan13 930 Reputation points
    2024-04-13T21:52:41.2033333+00:00

    Hei @Sourav ,

    Thank you for contacting Microsoft Community.

    As i understand, you are trying to connect to an INTERNALLY exposed url hosted on premise from an Azure resource (function app).

    Since the url is accessible only on your corporate network (internal enterprise network, since it is hosted on an on premise network) it would only be accessible a. from network resource hosted directly on the on premise network OR b. through the extension on the on premise network to another network like cloud virtual network.

    Lets talk about "b" since "a" is self explanatory, what i mean is that we connect another network to on premise network through VPN or physical connection to make sure both the networks, On premise and the Cloud network can talk to each other and exchange routing tables.

    (a routing table is basically direction to find the correct network address)

    Once we have a connection, anything that can be accessible from On premise will be accessible from Cloud network too, and vice versa

    Azure environment can be connected to On premise in 2 ( or 3) main ways:

    1. Site to site VPN: The is the most obvious and first choice to connect on-premises network to Azure network. It is easy to setup and is the goto for small to medium enterprises.
      Quick tutorial: https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
      Training module: https://learn.microsoft.com/en-us/training/modules/connect-on-premises-network-with-vpn-gateway/
    2. Azure Express Route: This is a solution for large enterprises who need dedicated connectivity with redundancy and SLA of 5 9's. This is neither a quick solution or a starter solution, but a long term strategy. There are variations to the solution.
      Setup: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-howto-circuit-portal-resource-manager?pivots=expressroute-current
      Documentation: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-introduction
      Training module: https://learn.microsoft.com/en-us/training/modules/connect-on-premises-network-with-expressroute/
    3. Point to Site VPN: This is a test solution, neither recommended nor advised to be used beyond testing. It is mentioned here for the sake of completeness.
      Quick tutorial: https://learn.microsoft.com/en-us/azure/vpn-gateway/openvpn-azure-ad-tenant
      Training module: https://learn.microsoft.com/en-us/azure/vpn-gateway/work-remotely-support

    Please mark this as answer if it helped

  2. MayankBargali-MSFT 68,636 Reputation points
    2024-04-16T07:17:41.9833333+00:00

    @Sourav Thanks for reaching out.

    When you mentioned "internal service URL hosted on-prem" so it means that the service is only accessible through your private network and not exposed to the internet.

    You can refer to this document to create the hybrid connection and how it works. The hybrid connection is not supported in Consumption Plan and works with Windows OS for azure function with other plans as mentioned in this article. You need to create the function app under the app service plan. Reference: https://learn.microsoft.com/en-us/azure/azure-functions/functions-networking-options#matrix-of-networking-features

    Using hybrid connection your function app can talk to your any on prem service and you don't have to expose your service to internet.

    Few other ways as dashanan13 mentioned to access your on premise resources to azure.

    In case if your on premise service is accessible over internet then to answer your below questions:

    If the function app URL is public can we not allow the ip address of the function app to the on-prem firewall ? Does function app in that case has static IP or we need to allow range of IP addresses in the azure geography?

    Yes, you can allow the IP address of the function app to the on-premises firewall. However, the IP address of the function app is not static and can change over time. Therefore, it is recommended to allow the entire range of IP addresses for the Azure geography where your function app is hosted

    Let me know if you have any queries or concerns.

    0 comments