0

We've been experimenting with hosting our ASP.NET + SQL Server application in Azure. We've tried two ways so far:

  • App Service for ASP.NET, VM for SQL Server, both in the same data-centre, so I imagine a LAN connection is possible, but currently the connection string lists the public IP
  • A single VM for both IIS ASP.NET and SQL Server (an interim solution - we will eventually move SQL behind a firewall)

We'd prefer the first option because of costs and manageability. But it seems slower (I guess because of the public IP in the connection string).

Question

Can the App Service - SQL connection be LAN rather than WAN/internet? Are there any specific tricks during setup to achieve this?

What I've tried

The SQL VM is in a VNet. I've tried adding the App Service into the VNet (based on the guess that it'll then be able to see the SQL VM's internal IP), but the existing VNet is not selectable in the App Service's VNet configuration options.

Improve this question
2
  • 1
    I think you have some incorrect information regarding public endpoints in Azure. Connections between services in the same region stay within the region, even when specifying their public IP address (or dns name) as your connection. The traffic doesn't go out on the public Internet. You're just routing through the public endpoint. And that shouldn't impact any performance other than DNS lookup. Commented Nov 8, 2017 at 2:44
  • Thanks very much @DavidMakogon. That saves me chasing a big red herring. So then I wonder why our VM seems faster than the AppService. I will post a new question. Commented Nov 8, 2017 at 3:31

1 Answer 1

Reset to default
1

Can the App Service - SQL connection be LAN rather than WAN/internet?

According to your description, maybe we can use VPN to integrate your app with an Azure Virtual Network.

When we want to select one Vnet for Azure app service, we should setup a point-to-site VPN with a Dynamic routing gateway.

Getting started

Here are some things to keep in mind before connecting your web app to a virtual network:
•VNet Integration only works with apps in a Standard, Premium, or Isolated pricing plan. If you enable the feature, and then scale your App Service Plan to an unsupported pricing plan your apps lose their connections to the VNets they are using.
•If your target virtual network already exists, it must have point-to-site VPN enabled with a Dynamic routing gateway before it can be connected to an app. If your gateway is configured with Static routing, you cannot enable point-to-site Virtual Private Network (VPN).
•The VNet must be in the same subscription as your App Service Plan(ASP).
•The apps that integrate with a VNet use the DNS that is specified for that VNet.
•By default your integrating apps only route traffic into your VNet based on the routes that are defined in your VNet.

More information about integrate App with an Azure virtual network, please refer to this link.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Just checking in to see if the information provided was helpful. Please let me know if you would like further assistance.
Thanks for checking back Jason. Looking at David's comment on the question, it sounds like my initial assumption was incorrect - despite there being a public IP for the connection string, there should be no significant network latency. I'm assuming now that David is right, and am following up on other potential causes for the performance problem.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.