Learn Live - App Service Networking - Part 1

Ladies and gentlemen, welcome to an exciting voyage into the realm of Azure's network options for application services. I'm Michael Copulos, an engineering specialist on the Fast Track team for Azure, and I'm thrilled to embark on this journey with you.

Let me introduce my colleague, Dart, who is also part of the Fast Track team for Azure and shares a passion for deploying applications and providing network recommendations to our clients.

Navigating Azure Waters

Azure, like the vast expanse of the sea, offers numerous ways to deploy your applications. By default, applications hosted in Azure App Service are accessible directly over the internet, communicating with endpoints in the Ethernet. But Azure's flexibility allows for diverse deployment methods.

There are two primary deployment types for Azure App Service: the multi-tenant public service, encompassing various service plans from free to premium, and the single-tenant App Service Environment, where isolated service plans reside within your own Azure virtual network.

Securing Your Azure Voyage

When sailing the Azure seas, it's crucial to control incoming and outgoing network traffic. The methods you employ depend on whether you're navigating in the multi-tenant environment or within a single-tenant App Service Environment. In today's session, we'll predominantly focus on network configuration options within the multi-tenant setting.

Setting Sail with Azure Front Door

As we chart our course through Azure's network options, let's consider one exciting scenario: direct access to a web application in Azure App Service using the application's hostname. This is akin to setting sail towards an island directly from the mainland.

But there's another fascinating route we can explore: accessing the web application through Azure Front Door. This is akin to reaching your destination by sailing through a well-structured harbor with Front Door as your guiding star.

Azure Front Door acts as a traffic manager, routing your requests efficiently to your web application. It also adds an extra layer of security by acting as a shield against malicious attacks, like a lighthouse guarding against treacherous rocks.

The Azure Private Link Service: A Hidden Gem

Now, let's uncover a hidden gem in Azure's treasure trove of network options: the Azure Private Link Service. This service enables you to create a separate private endpoint for your Azure resources. Think of it as your very own secluded island within Azure's archipelago.

The private endpoint is managed by Azure, and it's not directly accessible, ensuring your application's security. Imagine it as a hidden cove accessible only to a select few.

To set up the Azure Private Link Service, you need to enable it and specify the region you desire. Then, it's like granting access to your secret hideaway by approving the private endpoint connection. This private endpoint is different from one you might create manually, and it comes with its own unique IP address.

Testing the Waters

To ensure that your voyage is smooth and your Azure Private Link Service is working as intended, we must test the waters. In this case, testing involves accessing the web app through the Front Door hostname. As we sail through Azure's network options, this step is essential to validate that our chosen path is secure and reliable.

The good news is that in most cases, the test is successful, and your application is accessible via Azure Front Door while benefiting from the additional layer of security provided by the Azure Private Link Service.

As we wrap up this journey through Azure's network options, it's clear that the possibilities are as vast as the azure skies. Whether you're setting sail in the multi-tenant sea or navigating the waters of a single-tenant App Service Environment, Azure offers a myriad of options to meet your specific needs.

So, as you embark on your Azure adventure, remember to explore, experiment, and embrace the opportunities this incredible platform provides. Azure is your oyster, waiting to reveal its pearls of innovation and security.

Happy sailing, my fellow Azure adventurers!