Step-By-Step: Connect an Azure Web App to an existing Virtual Network
During an Azure bootcamp, I was asked if there was a way to “connect” an Azure Website (now referred to as Azure Web Apps) to an existing virtual network. As a matter of fact, you can. While you can’t put your Azure Website in an Azure virtual network, you can grants your website access to resources running your VNET. today we’ll look at how we get this done.
First, I recommend the following Microsoft Virtual Academy courses.
Why would you want to connect an Azure Website to an existing virtual network? You can connect them to allows the Websites to other web services or databases running on your Azure IaaS Virtual Machines. If you have a Site-to-Site VPN between your virtual network and your own datacenter, then your Azure Website can access on premise systems through the Azure Websites Virtual Network feature.
Azure Websites Virtual Network integration requires your Azure virtual network to have a Dynamic routing gateway and to have Point to Site enabled. This Virtual Network feature is accessible through the new Azure Preview portal and shows up in Hybrid Connections. Let look at how we do this.
This functionality is being exposed through the new portal that you can access at https://portal.azure.com
1- In order to connect your Website to a virtual Network, you click Browse, scroll down to Web Apps,
2- and select the Web App you want to connect to your vNet. In my case I selected ITC-Contoso-7152311 which is a test app running in my subscription.
3- In the itc-contoso-7152311 screen scroll down until you see the Networking section. and click on the Virtual Network box.
4- This will open the next blade in the interface and allow you to either create a new Virtual Network or select an existing one to connect to. In my case I want to connect to the CanITProCamp-Vnet so that my Web app can connect to the SQL01 server running in that virtual network.
After a few minutes, the interface will show the connection to the Vnet.
The Virtual Network feature supports both TCP and UDP protocols and will work with your VNET DNS. This capability to attach to an Azure VNET is not something that must be done when creating the website. It can be added, changed or removed at any point. The only restrictions are that you must be in the correct pricing plan for the Website and that you have not met your quota limit for the plan.
I hope this sheds some light on how IaaS and PaaS can be integrated to take advantage of the strength of each portion.