Configure and verify Vnet in Azure

Question

Configure and verify Vnet in Azure

I have created a Virtual Network next to its subnet and integrated it into three service applications and created the rule on the firewall of my SQL Azure server.

Everything is in the same Azure subscription and region

I need to know if it is enough to direct all the traffic between these instances through the virtual network or do I need to configure some other aspect.

And how can I query the data traffic to verify that the virtual network is being used?

I am using a subscription with: 1 Resource Group 1 App Service 2 App Service 1 DB 1 Resource Group 1 App Service 1 DB 1 Vnet Everything is in the same region of Az. I want all traffic between resources to be through the Vnet. And also, monitor the traffic to verify the correct operation of the Vnet.

Thank you!

Answer 1

Hello @Javier Carmona Leiva , apologies for the delayed response here. As all the resources are in the same resource group and in the same region. You can through this documentation to understand how regional vent integration works for app services and how to access other resources using Service endpoints. You can also go through the troubleshooting section if you run across any issues. This documentation on how to Use virtual network service endpoints and rules for servers in Azure SQL Database might help as well.
Regarding monitoring correct operation of the VNET you can explore the option of network watcher and see if it satisfies your requirements. Just a note Network watcher is not intended to monitor any of Paas offerings of Azure and is designed to monitor and repair the network health.
Please let me know if there are any additional concerns. Thank you!

[UPDATE]:
Since you are using Private endpoints, you can follow this architecture Web app private connectivity to Azure SQL database to see if you missed to implement any steps. You can follow this troubleshooting doc to diagnose private endpoint connectivity.

You can follow this documentation on Network Connectivity Monitoring to implement unified end-to-end connection monitoring in Azure Network Watcher.

Regarding performance of the connectivity the latency between Web Apps and SQL DB is less as all of them are in same region and in the same Vnet. But as there are many parameters which might affect this performance like code implementation of this connectivity, Web App CPU usage and performance etc. it might be helpful if you could create a new question here with additional details on any latency or performance issues observed.

Please let me know if there are any concerns, Thank you!

Javier Carmona Leiva 1 Reputation point

2021-07-19T06:23:20.043+00:00

Why don´t I see correctly the net in Monitor Az?? I have the same scheme configured but I can't get all of this to work. I need for help you, please.

How I can verify me net and scheme function correctly?
Javier Carmona Leiva 1 Reputation point

2021-07-19T12:36:56.877+00:00

I need your help to try to improve the performance of my Web Applications when querying my databases. I attach my scheme, as I have it outlined:

And I summarize:

I have two Resource Groups 3 Web Aplicattion 2 SQL Server

And they are organized as follows:

Resource Group 1

2 Web Aplicattion
1 Database
Resource Group 2

1 Web Application
1 Database
Everything is within the same Azure region

You can see in the image I have created a Vnet, with two subnets. And likewise, each SQL Server has a private endpoint created. App Services are also integrated with the Vnet.

And my query is the following:

Is all this necessary for network traffic to be internal, and thereby improve query times?
How can I monitor the traffic between the AppServices and the DBs to see where the traffic is going?
I hope your help. Thank you
ChaitanyaNaykodi-MSFT 11,256 Reputation points Microsoft Employee

2021-07-19T23:26:30.027+00:00

Hello @Javier Carmona Leiva , please refer to my updated answer above for any additional details.

Answer 2

Javier Carmona Leiva 1

@ChaitanyaNaykodi-MSFT How do I am monitoring traffic net the my App Service in Azure? I need monitoring traffic net for request between App Services and database. Everything is the same resource group and region.
I need to know the source IP and destination IP in each request
Sorry, but I forgot to include this question. How do I know that all the network traffic between my appservices and the database goes through the Azure internat network and does not go to the Internet? All my resources are in the same region of Az
I need all network traffic to be directed by the Azure backbone

ChaitanyaNaykodi-MSFT 11,256 Reputation points Microsoft Employee

2021-08-05T22:10:59.13+00:00

Hello @Javier Carmona Leiva , apologies for the delayed response here. I think you can use NSG flow logs feature of Network watcher to analyze the Source and Destination IP's of the request. You can use them Identify unknown or undesired traffic.
If you are still facing issues can you please have a look at the private message shared above. Thank you!

Configure and verify Vnet in Azure

2 answers

Activity