Interconnecting with On-Prem Web Services from Azure

Tim Walter 1 Reputation point
2022-05-09T07:43:59.92+00:00

Hello All,
I am working on an Azure API Management Design and there are lots of APIs On Prem which are going to be exposed through an Azure APIM. Now, looking at the different pricing tiers, there is one thing that strikes me: Consumption Tier is priced very friendly, i.e. you have a high performance in a Microsoft Cluster operating the APIM, yet you only pay for what you use, and you have a great free starter contingent. However, as the Operating Environment is part of an elastic service powered by Microsoft, you cannot connect via a VNet to your OnPrem Services. That in fact is the option of choice in the Developer or Premium Pricing tier. What scenario would you guys look into to use consumption tier and not use a VNet and a Site-to-Site Tunnel to connect on prem?

As far as I can see, there is an App Gateway avaibale, but that does not seem to support calls from API Management; it is promoted usually for Logic Apps or SQL Server access, for the Power Platform and other services, but not for APIM. Why is that, and would it be possible to use that On Prem Data Gateway for APIM calls even if not documented? Technically, it is a proxy anyways, i.e. it listens on the public network and proxies to some machine/service on the Intranet.

I have also played with App Proxy, but for Services it is very limiting and I also found it complex to operate for things other than Web Apps.

I did, just to understand it, also install a simple proxy server and tried to go through that. As expected, that worked fine, however a simple proxy doesn't seem like the best idea when it comes to building a highly reliable and scalable infrastructure.

So, my preferred way was to use a VNet, NSGs, and a Cloud-Based Gateway with a Site-to-Site Tunnel, plus a local firewall. However, if I want to maintain this scenario in production, I have to pick Azure API Management Premium Pricing tier, which I would love to avoid.

So what is the best solution, or: the most clean solution to attach Azure API Management Standard Tier for example to On Prem Web Services (REST, SOAP, other http-based RPC)?

Thanks in advance,

Tim W.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,750 questions
Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,379 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
957 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. msrini-MSFT 9,256 Reputation points Microsoft Employee
    2022-06-09T04:31:14.87+00:00

    @Tim Walter ,

    The recommended option is to go with APIM with Premium tier. But if you use consumption plan and add Application gateway as backend where you proxy those calls to On-Premises. With this design, you will be using 2 services, APIM and App GW and if you estimate cost it will be almost equal to Premium tier. But you will need to configure and manage 2 services.

    209608-image.png

    Virtual Network support is only available for Premium tier.

    Regards,
    Karthik Srinivas

    0 comments