Azure App Service Private Endpoint Configuration Step by Step Tutorial

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone in this video we are going to learn about private endpoints we're going to see how to configure an azure app service as a private endpoint in your virtual network private endpoints will allow you to bring the platform as a service service into your virtual network the private endpoint uses an ip address from your virtual network address space as you can see here we have a app service here and a virtual network here actually three virtual networks and we have a private endpoint registration in two of those virtual networks and as you can see here we have a private ip assigned to this private endpoint when we want to connect to this app service here we can use this private endpoint rather than using the public endpoint of this web application this is also very similar to service and points basically if you just want the connection to these platform as a service services you can go with service endpoints but if you want to access these platform as a service services from on-premise or any other paired networks if you have a requirement like this you can go with private endpoints and private end points are costly and your web application should be running on at least premium tier and also the private endpoint will also cost you and when you enable private endpoints the public access to the app services will no longer available you will get a forbidden message when you access them through the public urls now that we have an understanding on what private endpoints are let me go to my azure portal and create few resources for that i have prepared this script and this script will create a virtual machine and along with this virtual machine there will be a virtual network deployed that we can use and then i'm going to create an app service now let me copy this script here and i'm going to run it on my azure cli all right now i'm going into azure portal as you can see here we have the resources that we have just created i'm going into my app service here if you look at the script that i've used i'm using skus1 as you can see here i'm using this to show you that if you create your app service with s1 or standard plan and if you go into networking section here the private endpoints will be disabled because at least the tier of your app service plan should be premium one now i'm going into scale up section here and then production as you can see we are in s1 tier i'm going to upgrade it to p1 v2 tier let me apply this all right and now if i go into networking section as you can see we have private endpoints enabled to enable private endpoints you should go here and you should click add and we can name the private endpoint when you enable private endpoints there will be a new resource deployed in your resource group we're going to name it i'm going to call it ppt endpoint and then we can select the virtual network as you can see here usually when we create virtual machines a virtual network gets deployed we can use the same virtual network here i'm going to select that virtual network and then i'm going to select the same subnet as well and here we have an option to integrate with a private dns zone when you enable private endpoint access there will be a private dns zone deployed as well i'm going to click ok as you can see we have our private endpoint connection ready now if i go into private endpoint here you can see that we have a network interface and a virtual network subnet associated with it now if i go back to the resource group and click refresh here we can see that we have two new resources we have the private endpoint resource and we have a dns zone a private dns zone now if i go into the app service and then i'm going to copy the url here and then i'm going to paste it as you can see we're getting forbidden message because when we enable private endpoints the public internet access will be blocked now if i go into the resource group again and then the virtual machine that we have created and then i'm going to copy this ip address here to rdp into it all right i have logged into the server now let me disable enhanced security configuration to use internet explorer here i'm going to open that up and now let me paste the url here we still cannot access it usually this should be accessible by now let's try to see whether we have made any mistakes here let me copy this part of the url and then i'm going into command line if i try to use nslookup for getting the ip address as you can see here we are still getting directed to a public ip address now if i go into my azure portal and the dns zone that i have created now let's see whether i have the records that i need to access the application through my virtual network seems like i am missing the records here and if we go into virtual network links we are missing that as well now let's try to create a virtual network link here i can just add the virtual network i'm going to click ok all right now virtual network link is ready now if we go into overview section and we can create these records before creating the records let me go back to the private endpoint and if you go into dns configuration here as you can see here the private endpoint interface is associated with 10.0.0.5 now let me copy the ip address and then i'm going to create a new dns record i'm going to put that ip address the ip address of that private endpoint network interface the name of the web app is private endpoint demo let me paste that here all right now let me click ok as you can see i have added the dns records in the private dns zone and now let me try to go back to the server and to internet explorer and then i'm going to paste the url here as you can see i can access the web application through the virtual network from the public internet it is still not accessible usually when you create this configuration you don't have to manually go and add these dns records and link these virtual networks you don't have to do it but in our case we had to do it maybe along the way we have made a mistake we learned from that as well if you have further questions or comments let me know down below and don't forget to like this video and subscribe if you learned something new today and thanks for watching

Info

Channel: Meet Kamal Today - Cloud Mastery

Views: 85

Rating: undefined out of 5

Keywords: vnet integration, virtual network, private endpoints, azure networking, private link, vnet integration for azure app service, azure vnet integration, regional vnet integration, virtual network in azure, azure networking fundamentals, azure networking 104

Id: -xYMBZdjWzk

Channel Id: undefined

Length: 7min 27sec (447 seconds)

Published: Sat Nov 27 2021