VNET Integration of Azure Services

Eray ALTILI
3 min readMar 16, 2023

Deploy dedicated Azure services into virtual networks

When you deploy dedicated Azure services in a virtual network, you can communicate with the service resources privately, through private IP addresses. The services can then be privately accessed within the virtual network and from on-premises networks.

Services that can be deployed into a virtual network

Subnet delegation in Azure virtual network enables you to designate a specific subnet for an Azure PaaS service of your choice that needs to be injected into your virtual network. When you delegate a subnet to an Azure service, you allow that service to establish some basic network configuration rules for that subnet, which help the Azure service operate their instances in a stable manner. Subnet delegation provides full control to the customer on managing the integration of Azure services into their virtual networks. Each Azure service defines their own deployment model, where they can define what properties they do or do not support in a delegated subnet for injection purposes.

Certain services also impose restrictions on the subnet they’re deployed in, limiting the application of policies, routes or combining VMs and service resources within the same subnet. Check with each service on the specific restrictions as they may change over time. Examples of such services are Azure NetApp Files, Dedicated HSM, Azure Container Instances, App Service.

VNet injection is used to make outbound calls from your app into your VNet. It doesn’t grant inbound private access to your app from the VNet. Subnet delegation is used to allow a PaaS service to be injected into an existing virtual network.

Pivate Endpoint

Private Endpoint

Private endpoints allow ingress of traffic from your virtual network to an Azure resource securely. This private link is established without the need of public IP addresses. A private endpoint is a special network interface for an Azure service in your virtual network. When you create a private endpoint for your resource, it provides secure connectivity between clients on your virtual network and your Azure resource. The private endpoint is…

--

--

Eray ALTILI

I am passionate about Technology, Cloud Computing, Machine Learning, Blockchain and Finance. All opinions are my own and do not express opinions of my employer.