Logic Apps and VNET access without ISE ?

JackK1870
Copper Contributor
Jul 26, 2020
Hi Faiçal,

Thanks for the reply.

I am trying to avoid using on-prem data gateways however (as well as hybrid connections and relays) - is there another way around this?

There's no problem with Function Apps, Service Bus and APIM as you just need a premium plan / tier (which isn't cheap but isn't 'too' expensive) but add Logic Apps to the equation and you need ISE - and there goes your budget!

J. Kahl
- pazdedav
  Iron Contributor
  Aug 12, 2020
  Hi JackK1870 ,
  
  One of my customers is also trying to avoid using ISE but still being able to contact a service hosted on-premises.
  My suggestion (not tested) was to try:
  have Azure Function step in the workflow
  provision the Function App with Regional VNet integration option (only some App Service Plans support it though)
  utilize the existing cross-premises connectivity (Hub & Spoke network design with Express Route) to call that service from the function
  store credentials required to call that on-prem service using Key Vault and reference the secret in App Settings
  
  This might work, but it depends on your network setup.
- mfessalifi
  Copper Contributor
  Aug 09, 2020
  Hello @kahl,
  Here on Architecture and Security prospective, I need clarification to try helping you:
  
  Are you OK to transit data through Internet (with TLS sure)?
  Are you using Express Route or VPN to connect on-premise and Azure Resources?
  Is your need is Data movement (from On Premise to Azure) or Data Transformation and Ingestion (ETL/ELT)?
  
  Regards,
  Faiçal (MCT, Expert on Azure & Team Leader)

Forum Discussion

Logic Apps and VNET access without ISE ?