Virutal network Connectivity Support
When Logic Apps was part of the App Service Plan we could use an ASE environment to put api's inside virtual network, this network could then be connected to OnPrem via VPN/Express Route giving great access to OnPrem resources.
This is still possible but as we are moving forward with Managed API's this functionality will be lost unless we create custom API's and deploy them in the ASE and use them in our Logic Apps. Since this will be custom we can't reuse the standard out of box Mangaged API's and that is not ideal.
I would like to have similar functionality with Logic Apps and Managed Connectors making them possible to be deployed inside Virtual Networks in similar way as the App Service Plan.
Making Logic Apps accessible via VPN/Express Route and giving the Managed Connectors possiblity to access OnPrem resources via VPN/Express Route.
As I see it we have customer cases that require this and it would really give Logic Apps the Hybrid capabilities we today are missing.
VNET connectivity is now supported using an Integration Service Environment (ISE).
Wolverson Tom commented
ISE is far too expensive for most use cases - virtual network integration is still important for much smaller workloads than those that would justify an ISE.
Daniel Ferreira commented
I'm using Azure Automation runbooks with Hybrid Workers to be able to reach out on-prem APIs. Within the Logic App, create an Azure Automation job and specify an Worker Group, then create another action to wait for the job and continue the orchestration. It is a workaround at least...
Patrik Lundin commented
Hi, any progress in this? We have a couple of cases where this would be really helpful!
Chris W commented
Hi there - has there been any movement on this? We have a requirement to integrate with 3rd party on-premise applications. Creating a facade using vnet connected API apps does work but is a large development and maintenance overhead which should be unnecessary.
Yuriy S. commented
I had to solve exactly the same problem. Ended up using ILB ASE. This problem will really benefit serious enterprise security conscious customers.
Security is another use case. Depending on the vnet setup, we could simply
- limit visibility of a logic app to services within a VNET, instead of default visibility to public internet
- ensure a logic app cannot connect unauthorized external services on the internet
Yes that is right and the BizTalk Adapter/Connector will also help out with this, but still these both choices add unwanted complexity and latency.
Not all companies that have requirements on connectivity (still there are a lot of these VPN security routines making Logic Apps solutions seem to lack functionality that are "standard" in Azure) have a BizTalk installed to help out and even in these cases what about low-latency scenarios?
Having to spin up a VM for installing a gateway is adding, complexity, points of failure, latency and maybe worst of all maintenance. Adding unwanted HA/DR considerations?
There might be a middle way where a starting point would be a Gateway that could be created as a Azure Service (web app/azure function or what ever works) but in the end for this Enterprise Hybrid connectivity and feeling I still can't see it without VPN/Express Route functionality built into Logic Apps without need of installing services on local machines. (all connectivity issues/considerations to OnPrem would be possible and enterprise ready)
This functionality is the only one I miss from the v1 Api Apps, we build scenarios sill today on this but now we are forced to do custom API's (adding complexity and latency).
Another use case would be possiblity to route calls onprem via local IP's via VPN to Logic Apps Endpoint
A use case would be that we could connect to OnPrem networks via VPN and via this VPN connect via FTP/HTTP via local IP's.