Merge pull request #176138 from madsd/vnet-int-rewrite

Rename/update vnet article and extract how-to.

Author: ShannonLeavitt

.openpublishing.redirection.json

@@ -46532,6 +46532,11 @@
       "source_path_from_root": "/articles/azure-monitor/app/how-do-i.md",
       "redirect_url": "/azure/azure-monitor/faq",
       "redirect_document_id": false
+    },
+    {
+      "source_path_from_root": "/articles/app-service/web-sites-integrate-with-vnet.md",
+      "redirect_url": "/azure/app-service/overview-vnet-integration",
+      "redirect_document_id": false
     }
   ]
 }

articles/app-service/configure-vnet-integration-enable.md

@@ -0,0 +1,75 @@
+---
+title: Enable integration with Azure virtual network.
+description: This how-to article will walk you through enabling virtual network integration on an App Service Web App
+keywords: vnet integration
+author: madsd
+ms.author: madsd
+ms.topic: how-to
+ms.date: 10/20/2021
+---
+
+# Enable virtual network integration in Azure App Service
+
+Through integrating with an Azure virtual network (VNet) from your [App Service app](./overview.md), you can reach private resources from your app within the virtual network. The VNet Integration feature has two variations:
+
+* Regional VNet integration: Connect to Azure virtual networks in the same region. You must have a dedicated subnet in the VNet you're integrating with.
+* Gateway-required VNet integration: When you connect directly to VNet in other regions or to a classic virtual network in the same region, you must use the gateway-required VNet integration.
+
+This how-to article will describe how to set up regional VNet integration.
+
+## Prerequisites
+
+The VNet Integration requires:
+- An App Service pricing tier [supporting VNet integration](./overview-vnet-integration.md).
+- A virtual network in the same region with an empty subnet.
+
+The subnet must be delegated to Microsoft.Web/serverFarms. If the delegation isn't done before integration, the provisioning process will configure this delegation. The subnet must be allocated an IPv4 `/28` block (16 addresses). It is actually recommended to have a minimum of 64 addresses (IPv4 `/26` block) to allow for maximum horizontal scale.
+
+## Configure in the Azure portal
+
+1. Go to the **Networking** UI in the App Service portal. Under **Outbound Traffic**, select **VNet integration**.
+
+1. Select **Add VNet**.
+
+    :::image type="content" source="./media/configure-vnet-integration-enable/vnetint-app.png" alt-text="Select VNet Integration":::
+
+1. The drop-down list contains all of the virtual networks in your subscription in the same region.
+
+    :::image type="content" source="./media/configure-vnet-integration-enable/vnetint-add-vnet.png" alt-text="Select the VNet":::
+
+    * Select an empty pre-existing subnet or create a new subnet.
+
+During the integration, your app is restarted. When integration is finished, you'll see details on the VNet you're integrated with.
+
+## Configure with Azure CLI
+
+You can also configure VNet integration using Azure CLI:
+
+```azurecli-interactive
+az webapp vnet-integration add --resource-group <group-name> --name <app-name> --vnet <vnet-name> --subnet <subnet-name>
+```
+
+> [!NOTE]
+> The command will check if subnet is delegated to Microsoft.Web/serverFarms and apply the necessary delegation if this is not configured. If this has already been configured, and you do not have permissions to check this, or the virtual network is in another subscription, you can use the `--skip-delegation-check` parameter to bypass the validation.
+
+## Configure with Azure PowerShell
+
+```azurepowershell
+# Parameters
+$siteName = '<app-name>'
+$resourceGroupName = '<group-name>'
+$vNetName = '<vnet-name>'
+$integrationSubnetName = '<subnet-name>'
+$subscriptionId = '<subscription-guid>'
+
+# Configure VNet Integration
+$subnetResourceId = "/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Network/virtualNetworks/$vNetName/subnets/$integrationSubnetName"
+$webApp = Get-AzResource -ResourceType Microsoft.Web/sites -ResourceGroupName $resourceGroupName -ResourceName $siteName
+$webApp.Properties.virtualNetworkSubnetId = $subnetResourceId
+$webApp | Set-AzResource -Force
+```
+
+## Next steps
+
+- [Configure VNet integration routing](./configure-vnet-integration-routing.md)
+- [General Networking overview](./networking-features.md)

articles/app-service/configure-vnet-integration-routing.md

@@ -0,0 +1,54 @@
+---
+title: Configure virtual network integration with application routing.
+description: This how-to article will walk you through configure app routing on a regional VNet integration.
+author: madsd
+ms.author: madsd
+ms.topic: how-to
+ms.date: 10/20/2021
+---
+
+# Manage Azure App Service virtual network integration routing
+
+When configuring application routing, you can either route all traffic or only private traffic (also known as [RFC1918](https://datatracker.ietf.org/doc/html/rfc1918#section-3) traffic) into your Azure virtual network (VNet). This how-to article will describe how to configure application routing.
+
+## Prerequisites
+
+Your app is already integrated using the regional VNet integration feature.
+
+## Configure in the Azure portal
+
+You can use the following steps to disable Route All in your app through the portal: 
+
+:::image type="content" source="./media/configure-vnet-integration-routing/vnetint-route-all-enabled.png" alt-text="Route All enabled":::
+
+1. Go to the **Networking** > **VNet integration** UI in your app portal.
+1. Set **Route All** to Disabled.
+    
+    :::image type="content" source="./media/configure-vnet-integration-routing/vnetint-route-all-disabling.png" alt-text="Disable Route All":::
+
+1. Select **Yes** to confirm.
+
+## Configure with Azure CLI
+
+You can also configure Route All using Azure CLI (the minimum `az version` required is 2.27.0):
+
+```azurecli-interactive
+az webapp config set --resource-group <group-name> --name <app-name> --vnet-route-all-enabled [true|false]
+```
+
+## Configure with Azure PowerShell
+
+```azurepowershell
+# Parameters
+$siteName = '<app-name>'
+$resourceGroupName = '<group-name>'
+
+# Configure VNet Integration
+$webApp = Get-AzResource -ResourceType Microsoft.Web/sites -ResourceGroupName $resourceGroupName -ResourceName $siteName
+Set-AzResource -ResourceId ($webApp.Id + "/config/web") -Properties @{ vnetRouteAllEnabled = $true } -Force
+```
+
+## Next steps
+
+- [Enable VNet integration](./configure-vnet-integration-enable.md)
+- [General Networking overview](./networking-features.md)