Jul 25 2020 05:13 AM
Hello,
So the Azure Integrated Service Environment (ISE) is an awesome thing, but not cheap.
With the ultimate goal of using Logic Apps to fetch (and push) data from on-prem data sources via ExpressRoute, is there some way (a workaround - perhaps with Function Apps or an APIM?) that doesn't require ISE to do this?
I'd rather not fall back to using Data Gateways or a Relay...
Regards,
J. Kahl,
Jul 25 2020 11:42 PM
Jul 26 2020 03:40 PM
Aug 09 2020 02:35 AM
Aug 12 2020 05:19 AM
Hi @JackK1870 ,
One of my customers is also trying to avoid using ISE but still being able to contact a service hosted on-premises.
My suggestion (not tested) was to try:
This might work, but it depends on your network setup.
Sep 10 2020 02:30 PM
Hi @JackK1870 ,
if you are looking for a cheap solution you could configure the firewall of the services that your logic app uses with the flag :
- Allow traffic from azure data center or allow trusted microsoft services to access...
or for other services don't have this option you could put the logic apps outgoing ip addresses as allowed into the firewall ( those ip address ranges are publicly available , are static enough even if some ranges could be added in future ) .
Those two options will come with some security considerations and depending on your security requirements could enable you to connect logic app to other azure services that are not totally public exposed.
For example the second option could be used with function apps that have vnet integration and you can reach out your on-prem data source using a function app in the middle .
Logic app -> Function app ( configure access restrictions and vnet ingration ) -> on prem
Or you can just use a function app instead of your logic app to reduce costs, even if is not suitable like logic apps to build workflows :)
Available for further discussion