Nov 02 2021 01:13 PM
We have a use case where an Azure App Service and an Azure SQL server are both in the same resource group and the App Service needs to send/receive traffic from the Azure SQL server.
Would creating a Service endpoint provide additional security for this use case? If so, would it be in the form of forcing traffic to/from the Azure services over the Azure fabric instead of the Internet?
I've seen example for Service endpoints in which one of the resources is a VM with a private IP, but again in our case we have two Azure services talking to each other.
Thx
Nov 02 2021 01:24 PM
Hi @Jeff Walzer, have you considered using vNET Integration with the app service? You will need to be on a Standard plan or higher, but you'll be able to communicate with the SQL Server over the Azure private network.
Nov 02 2021 01:29 PM
@Anthony_Norwood - thx for the reply and information as I will read up on vNET Integration with the App service.
The App service requires access from the Internet - will vNET Integration prevent that?
Nov 02 2021 01:32 PM
@Jeff Walzer - not at all, this should have all the information you need:
https://docs.microsoft.com/en-us/azure/app-service/overview-vnet-integration
Re: inbound traffic, they're treated separately, so no impact to that. You'll still have an inbound IP address and FQDN to provide inbound access
Nov 02 2021 01:34 PM
@Anthony_Norwood - TYVM for the link as I will start reading up on this option