Azure Web App Integration:
Integration consists of the following methods:
- Azure vNET integration
- Hybrid Connectivity Manager (HCM)
- App Service Environment (ASE)
Important notes about Azure vNET integration:
If the vNET has a coexisting gateway (S2S VPN + Express Route), it won’t work as long as the Express Route Gateway is there. It’s compatible only if your vNET has a VPN Gateway only. Alternative methods are to use ASE or Hybrid Connectivity Manager
A bit more about HCM in terms of security:
Hybrid Connections provide a way to connect your Web and Mobile Apps features in Azure App Service:
Secure Access:
- Web Apps and Mobile Apps can access existing on-premises data and services securely.
- Multiple Web Apps or Mobile Apps can share a Hybrid Connection to access an on-premises resource.
- Minimal TCP ports are required to access your network.
- Applications using Hybrid Connections access only the specific on-premises resource that is published through the Hybrid Connection.
- Can connect to any on-premises resource that uses a static TCP port,
Authorisation
- Hybrid Connections use Shared Access Signature (SAS) authorization to secure the connections from the Azure applications and the on-premises Hybrid Connection Manager to the Hybrid Connection.
- Separate connection keys are created for the application and the on-premises Hybrid Connection Manager. These connection keys can be rolled over and revoked independently.
- Hybrid Connections provide for seamless and secure distribution of the keys to the applications and the on-premises Hybrid Connection Manager.
Useful Links:
Access on-premises resources using hybrid connections in Azure App Service