azure VM and storage communication

Question

when VM(public ip) communicate to azure storage(public endpoint) , is it always happens over azure backbone network or internet ? and if VM with private ip accessing storage with public endpoint ,is it azure backbone or internet?

VM with private ip talk to storage public endpoint--->can be done via service endpoint(comm over azure backbone) or without service endpoint ,still VM can comm to storage over azure network? then do we really need service endpoint?

VM with public ip talk to storage public endpoint--- Is comm on azure network backbone OR internet

VM with private ip talk to storage private ip--->private endpoint

VM with public ip talk to storage private ip-- ->no com

Answer 1

HI Aditi Sharma - Thanks for reaching out over Q&A Forum.

If the VM and the storage are in the same region, then the communication can tend to happen via internal backbone which will be private one. In that case, if you tend to whitelist the Public IP of the VM the connectivity might still not succeed and the recommendation will be to have both inside a VNET and whitelist the VNET on the storage account.

https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json&tabs=azure-portal

Hope that helps!

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.