1

I'm trying to create an environment in azure with a front end (publicly addressable) app service and several back end app services containing war and web api apps. There should be no way the back end can be addressed publicly.

Note I want app services, not cloud services.

I know I need a vnet but I can't get my head around how to remove the default public endpoints for my back end apps.

How do I set such an environment up?

SimonGoldstone
  • 5,096
  • 3
  • 27
  • 38

1 Answers1

1

Take a look at the App Service Environment, you get fine grained control over network on a traffic level: https://azure.microsoft.com/en-us/documentation/articles/app-service-app-service-environment-control-inbound-traffic/

MartinHN
  • 19,542
  • 19
  • 89
  • 131
  • It's worth pointing out that what you suggested is a significant monetary investment - App Service Environment is a premium-only offering. – David Makogon Jul 15 '16 at 21:19
  • Yes, unfortunately it is the only way to put an App Service behind closed doors. – MartinHN Jul 15 '16 at 21:37
  • 1
    Or you can IP-filter the ports. Or you can simply not listen to the ports and use a different method for working with the API apps (such as webjobs/functions which are triggered by queues/etc). – David Makogon Jul 15 '16 at 21:38
  • Where do you find IP and port settings in an App Service? – MartinHN Jul 15 '16 at 21:43
  • 1
    If you're after IP Filtering, you do it in the web.config not in the portal, this blog is old but it works in azure: https://azure.microsoft.com/en-us/blog/ip-and-domain-restrictions-for-windows-azure-web-sites/ – Russell Young Jul 15 '16 at 22:39
  • Yeah ok, while it does filter traffic the App Service is still on the public network - but it could be an alternative that saves you the price of the App Environment. – MartinHN Jul 15 '16 at 23:20
  • 1
    @MartinHN Thanks for the heads up re ASE and as David points out, wow they're pricey! For what should be a simple solution, the ASE is too expensive and too complicated. It's a shame because, for n-tier WCF services, an App Service would be a great solution, especially for the Log Streaming feature, which allows you to monitor in real time what's going on behind the scenes. But exposing our middle tier to the outside world is too risk. Guess we'll have to stick with Cloud Services instead. Thanks guys, – SimonGoldstone Jul 18 '16 at 20:53
  • @RussellYoung Good shout with the blog Russell. Thanks. – SimonGoldstone Jul 18 '16 at 20:55