Virtual Network (VNet) is the fundamental building block for your private network. VNet enables many types of resources, such as Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks.
Here we will use a VNET to securely connect our web app (published on cloud as a SaaS service) to Azure SQL/Azure Storage.
The following things are required to get started:
- Azure Subscription (get free Azure subscription here)
Step 1: Creating a VNET
In your Azure portal go to create resource button and select Virtual Network and fill in the necessary details.
Step 2: Connecting storage resources to VNET
Go to your virtual network's service endpoints and add a new service endpoint.
Configure the storage account to allow access to the selected network only.
For SQL Databases go to firewall settings and add a new rule allowing access from the selected VNET.
Step 3: Connecting your app service to the VNET
Go to Networking Tab of your app service and select VNET configuration and add the selected VNET.
Now access these resource from your app normally.
Here the app is securely connecting to the VNET, which in turn has the access to storage resources. If configured properly only resource deployed within the VNET or granted access to it will have access to these storage resources hence reducing the threat surface drastically as compared to the previous instance where the resources are publicly available and are only protected by a client secret.