Traffic Flows

This page intends to describe the traffic flows involved in the networking.

Turbo360 Web Application View

End User Inbound to Turbo360 Web Application

• Client (e.g., user in your organization on the network) → VNet → Private Endpoint of Web App —> Web Application which serves the Turbo360 Application.
  (Public *.azurewebsites.net is typically blocked; DNS for the app hostname points to the Private Endpoints’s private IP.)

Turbo360 Web Application → Azure SQL

• App (via VNet Integration subnet) → Private DNS resolves *.database.windows.net to SQL Private Endpoint → SQL

  • SQL firewall restricted to the Private Endpoint; public network access off.

Turbo360 Web Application → Storage (code/content)

• At cold start / deployment, app fetches the ZIP/package from Blob via Storage Private Endpoint (using WEBSITE_RUN_FROM_PACKAGE ).

• Any runtime asset access (e.g., blobs) follows the same private path.

Turbo360 Web Application → Telemetry ingestion

• App → App Insights Private Link endpoint for telemetry.

• Agent/SDK or diagnostics → Log Analytics Workspace Private Link endpoints for logs/metrics.
  (This keeps monitoring ingestion off the public internet.)

Turbo360 Web Application → Azure Management API

• App (via VNet Integration subnet) → Virtual Network → Azure

  • DNS resolved from VNET DNS

  • This is going to route to a public address at Microsoft

Turbo360 Web Application → Kovai

This is used for things like license activation.

• App (via VNet Integration subnet) → Virtual Network → Kovai

  • DNS resolved from VNET DNS

  • This is going to route to a public address at Kovai on our Microsoft Azure

Other Optional Configurations

There are some other scenarios here for things like notification channels.  These will all resolve traffic through the outbound VNET integration for the app service covering the web app and function apps.  These will depend if you use these features":

• Turbo360 Web Application → Your SMTP Server

• Turbo360 Web Application → Service Now

• Turbo360 Web Application → Teams

• Turbo360 Web Application → Twilio

• Turbo360 Web Application → Pager Duty

• Turbo360 Web Application → Jira

• Turbo360 Web Application → Other Notification Channels

Turbo360 Function Apps View

The traffic flows here are exactly the same as for the Turbo360 Web Application except that the End User Inbound to Turbo360 Web Application is not relevant to this use case.  It would however be similar if an Azure admin was looking directly at the function app within the Azure Portal.

SQL Database View

• Database is connected with a private endpoint to a subnet on the virtual network

• Database has public network access turned off

App Insights / Log Analytics View

• App Insights / Log Analytics Workspace have private link enabled

• They are not accessible outside of the network

Deployment Machine View

The Turbo360 private hosted instance will have been deployed using a VM for deployment.

• Machine is connected to the virtual network

• Deployment Machine —> VNET —> Private Endpoint for Web Apps and Function Apps

  • Port 443 for deployment

• Deployment Machine —> VNET —> Private Endpoint for SQL

  • Port 1433 for SQL migrations

• Deployment Machine —> VNET —> Private Endpoint for Storage

  • Port 1433 for code package deployment