AZ-104 Microsoft Azure Administrator Exam

You're a great admin... on-prem. Now, become a great admin in the cloud and prove it by passing the Microsoft Certified: Azure Administrator Associate exam!

Practice Test

Exam

Configure networking settings for an App Service

Create and configure Azure App Service

Implement VNet Integration

Overview of VNet Integration

Integrating an App Service with a Virtual Network (VNet) allows apps to communicate securely with other Azure resources. This process involves setting up regional VNet integration, meaning the App Service and VNet must be together within the same region and subscription. To ensure proper communication, subnet selection is important, and the subnet needs to be delegated to Microsoft.Web/serverFarms. Furthermore, you must have appropriate permissions, specifically, Microsoft.Network/virtualNetworks/subnets/join/action.

Application Routing

Application routing decides how outbound traffic from your app flows into the VNet. You can choose to route all traffic or just private traffic using settings like vnetRouteAllEnabled or WEBSITE_VNET_ROUTE_ALL. This setting can be changed in the Azure portal under Networking > Virtual network integration or by utilizing Azure CLI commands. Managing this setting allows for auditing of routing behaviors through Azure Policy, providing oversight on where and how the traffic is handled.

Configuration Routing

Configuration routing affects pre-startup operations that use your VNet. Some specific operations include:

  • Container image pull, managed by vnetImagePullEnabled or WEBSITE_PULL_IMAGE_OVER_VNET.
  • Content share, covered by vnetContentShareEnabled or WEBSITE_CONTENTOVERVNET, requires ports 443 and 445 to be allowed in your NSGs.
  • Backup/restore, done with vnetBackupRestoreEnabled, note that database backup is not supported.

Such settings allow audits with Azure Policy and ensure startup operations adhere to your network security rules, maintaining both efficiency and compliance.

Types of Routing

When integrating networks, you have three types of routing:

  • Application routing, focuses on traffic post-application start.
  • Configuration routing, handles startup operations.
  • Network routing, which applies NSGs (Network Security Groups) and UDRs (User-Defined Routes) to filtered traffic.

Network routing is crucial as it ensures complete compliance with service-specific security measures, directing only specified traffic through the VNet integration, thereby offering fine-grained control over how your App Service communicates within Azure.

Conclusion

In conclusion, configuring networking settings for an App Service in Azure by implementing VNet integration requires thoughtful planning of subnet selection and understanding of routing types. This integration facilitates secure communication with other Azure resources and requires proper permissions for successful setup. The focus on routing types—application, configuration, and network—is essential for maintaining security and operational efficiency. By considering these factors, administrators can ensure their App Services communicate securely and efficiently within the Azure ecosystem.

Configure backup for an App ServiceConfigure deployment slots for an App Service