Contents x
    Private Networking Overview
    • 19 Aug 2025
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Private Networking Overview

    • Updated on 19 Aug 2025
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    This page will provide an overview of the private networking setup for Turbo360.

    Application Outbound Traffic

    In private hosting mode, Turbo360 as an application will be talking to other Azure resources which make up the application infrastructure.

    If you are configuring private networking then the outbound traffic from the core application components (Web App, Function Apps) will be coming through the App Service Plan.  This app service plan can be VNET Integrated into a subnet on your virtual network.

    If you are hosting on a typical app service plan then each of the function apps and web app will have their networking configuration set to point to the same subnet.

    Traffic from the App Service Plan hitting the subnet will then be routed to the appropriate places.

    In the case of accessing other resources in the Turbo360 architecture it may access this will include the database and storage as shown below.  These PaaS resources can also be added to the network via Private Endpoints which is discussed in the next section.

    Note - Azure Management API & Kovai License Activation

    The Turbo360 services running on the App Service will also query the Azure Management API (Cost data and rightsizing) and also communicate with a Kovai API (License Activation).  These are not shown on the diagram so we can focus in the diagram on the private networking use cases but this traffic flow will go via the app service outbound subnet.

    Application Inbound Traffic

    The below picture shows the inbound traffic flow for components in the Turbo360 architecture when configured with private endpoints.

    The key points here are:

    • Traffic from an application user to the web application to access Turbo360 is via a Private Endpoint

    • Traffic from an administrator who needs to access the function apps or web app for admin purposes is via a private endpoint

    • Traffic coming into the SQL database is via a private endpoint

    • Traffic coming into the storage account is via a private endpoint

    • Traffic coming into the Azure monitor components (App Insights / Log Analytics) is via private link

    • Outbound traffic from the App Service plan will hit the App Service outbound subnet and then may route to the PaaS resources such as the SQL database where it will access the database via the subnet with the private endpoint associated

    FAQ

    Can I use an App Service Environment to simplify the Web App and Function App networking

    Yes you can.

    Please let us know and we can guide you through this process.  Most things are the same but its slightly simpler to configure the networking on the app service resources

    How many subnets do I need?

    This can vary based on your requirements.

    The minimum is 2:

    • 1 for App Service Outbound

    • 1 for all private endpoints

    It is possible to split the private endpoints to different subnets or reuse an existing subnet you already have using private endpoints.

    We would generally recommend having 2 subnets dedicated for Turbo360 so its easy to lock down the resources to just the dedicated Turbo360 use cases.

    Tell me more about the App Service Outbound Subnet

    • This subnet should have a minimum size of /26

    • The subnet should be delegated to Microsoft.Web

    • The subnet should be dedicated just for use by this app service plan

    There is more info on this link: https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration

    Was this article helpful?
    What's Next