question

TimWalter-5593 avatar image
0 Votes"
TimWalter-5593 asked msrini-MSFT answered

Interconnecting with On-Prem Web Services from Azure

Hello All,
I am working on an Azure API Management Design and there are lots of APIs On Prem which are going to be exposed through an Azure APIM. Now, looking at the different pricing tiers, there is one thing that strikes me: Consumption Tier is priced very friendly, i.e. you have a high performance in a Microsoft Cluster operating the APIM, yet you only pay for what you use, and you have a great free starter contingent. However, as the Operating Environment is part of an elastic service powered by Microsoft, you cannot connect via a VNet to your OnPrem Services. That in fact is the option of choice in the Developer or Premium Pricing tier. What scenario would you guys look into to use consumption tier and not use a VNet and a Site-to-Site Tunnel to connect on prem?

As far as I can see, there is an App Gateway avaibale, but that does not seem to support calls from API Management; it is promoted usually for Logic Apps or SQL Server access, for the Power Platform and other services, but not for APIM. Why is that, and would it be possible to use that On Prem Data Gateway for APIM calls even if not documented? Technically, it is a proxy anyways, i.e. it listens on the public network and proxies to some machine/service on the Intranet.

I have also played with App Proxy, but for Services it is very limiting and I also found it complex to operate for things other than Web Apps.

I did, just to understand it, also install a simple proxy server and tried to go through that. As expected, that worked fine, however a simple proxy doesn't seem like the best idea when it comes to building a highly reliable and scalable infrastructure.

So, my preferred way was to use a VNet, NSGs, and a Cloud-Based Gateway with a Site-to-Site Tunnel, plus a local firewall. However, if I want to maintain this scenario in production, I have to pick Azure API Management Premium Pricing tier, which I would love to avoid.

So what is the best solution, or: the most clean solution to attach Azure API Management Standard Tier for example to On Prem Web Services (REST, SOAP, other http-based RPC)?

Thanks in advance,

Tim W.

azure-api-managementazure-vpn-gatewayazure-application-gateway
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

msrini-MSFT avatar image
0 Votes"
msrini-MSFT answered

@TimWalter-5593,

The recommended option is to go with APIM with Premium tier. But if you use consumption plan and add Application gateway as backend where you proxy those calls to On-Premises. With this design, you will be using 2 services, APIM and App GW and if you estimate cost it will be almost equal to Premium tier. But you will need to configure and manage 2 services.

209608-image.png

Virtual Network support is only available for Premium tier.


Regards,
Karthik Srinivas


image.png (76.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.