How to connect Azure Web Sites to a Worker Role (TCP) through a (regional) vnet? Is it possible?

Question

How would one make a TCP connection from an Azure PaaS hosted Web Sites to a Worker Role? That\'s deployed in one virtual network. Can this be done without opening an Input Endp

Answer 1

You cannot add Azure Web Sites deployments to a VNet because there's no dedicated outbound IP address for Web Sites. This will also preclude you from setting up Access Control Lists (ACL's) on the worker role's input endpoints.

For Web Sites -> Worker Role (cloud service) security, you'd need to rely on something app-specific (maybe an SSL cert or something else).

By the way: regarding "a lot of work to do" for restricting access: Not sure exactly what you tried (or if you tried it), but it's trivial through the portal (just enter a subnet mask and... done), and very easy through command-line as well.