5

I cannot figure out how to connect a Web App (App Service) to a Virtual Machine in Azure. I've create a VNet from the Web App configuration panel.

All items are created using the Resource Management model, are in the same subscription and are at least of the Standard pricing tier.

Apparently a Web App cannot be connected to a V2 VNet. (Looks like these terms are used interchangeably, or is it something different).

I've create a classic Vnet (V1?). But I cannot seem to find out how to connect my Virtual machine to it.

How can I connect both a Web App and VM to the same network? Are there any other requirements I'm missing?

Michael B
  • 11,887
  • 6
  • 38
  • 74
Waaghals
  • 2,029
  • 16
  • 30

2 Answers2

3

Unfortunately you're not missing anything, and this is all rather messy at the moment and it is probably wise to hold off trying to deploy into a VNet until they've got it all working properly.

However, if this is something you particularly need, your choices will be to keep everything at v1, or to just have the web app VNet at v1 and create a v2 VNet for your VMs (you can't put v2 VM into a v1 VNet)

You could create a v2 VNet and have a site to site VPN between them. This would give a reasonably flat / Open IP structure. The problem with this will be that you are limited to approx 10mb bandwidth and the only way to up that would be to use Express Route.

Michael B
  • 11,887
  • 6
  • 38
  • 74
  • This really surprised me when I (after much banging-of-head-against-wall) finally realised the limitations of web-app to VM routing. A classic VNet with point-to-site gateway will get the job done, but that comes at a minimum expense of $35/month. Am **I** missing something? Why should I have to pay $35 to route traffic direct from a web-app to VM when they're both in the same Azure region?! – Snixtor Feb 26 '16 at 04:19
  • @Snixtor Personally I wouldn't do it, I don't see the added advantage it provides over a well defined firewall rule that only allows that IP address access. (I may well ask a question about that actually) – Michael B Feb 26 '16 at 07:51
  • @Michael_B That is what I'm likewise concluding. Unfortunately in one of my scenarios, it *seems* like the switching of the Web App's outgoing IP address among a defined set of 4 (visible in app properties in Azure) may be causing connection issues. VM is running Postgres, app is ASP.NET and connections periodically fail once every ~10 minutes, which seems to also be the interval on which IP address changes. – Snixtor Feb 28 '16 at 21:09
0

I found another way.(I also found some discussion online that V2 VNET integration should be ready in a matter of days or weeks.)

There is a Preview tool called resource explorer. Launch here: https://resources.azure.com

Expand your resource group and then under Microsoft.Web, find your web app.

Click on that, and scroll down in the details pane to find the following outboundIpAddresses

For each of these, go to your Resource Manager VM Network Security resource, and add the required Inbound Security Rule. Watch out, the inbound security rule changes do not take effect immediately. I observed delays of about 2 mins before they worked.

Tested working on my setup, last couple of hours. Hoping the outbound IP allocation remains the same. UPDATE: Outbound IP addresses now available in Azure Portal: https://social.msdn.microsoft.com/forums/azure/en-US/fd53afb7-14b8-41ca-bfcb-305bdeea413e/maintenance-notice-upcoming-changes-to-increase-capacity-for-outbound-network-calls http://ruslany.net/2015/06/how-to-find-out-outbound-ip-addresses-used-by-azure-web-app/

Sentinel
  • 3,582
  • 1
  • 30
  • 44