How cool is Azure Logic Apps, we all know. Building automated workflows without writing a single line of code (or almost negligible) is simply amazing. Out-of-box connectors make it enterprise grade solution such that we can invoke unique flow based upon business logic based upon feeds coming from different system. These different systems can be B2B, SaaS Products, basically provide Enterprise Integration Pack with Logic Apps following Industry standard around Electronic Data Interchange (EDI)/ Enterprise Application Integration (EAI).

Logic App is Platform as a Service. We don’t need to worry about base environment like OS/Patch/availability etc.

Recently, I have concluded major project where we used intensive capability to automate various business flows. These flow can be as simple as writing all incoming sales enquiry to azure storage blob or creating service request for any specific type of incident scenario reported by Azure Log Analytics etc. I’ll try to cover scenario below, how we overcome, what were key observation.

Requirement: Due to security compliance all Azure Storage Account were Private in nature. Thus, they can be accessed only via Private Link (through Private Endpoint). On-Premise system can send their feeds to Read Blob Container via Hybrid Connectivity Established. But, how will we process feeds getting written in ‘Read Blob’. Logic App by default does not sit on VNET. In any circumstance, we can not take either storage account or logic app outside of same geography.

Solution: In May 2019 Integration Service environment (ISE) was being launched. Using ISE, Logic App can be easily be brought inside VNET vicinity. Thus, can allow to consume or interact with service or environment which are behind firewalls rules or private Endpoints. ISE, basically provision LogicApps inside a VNET Subnet.

Observations: Few of key observations;

1. ISE takes sometime to provision. Don’t get impatient, behind the scenario Azure is provision a lot of service and connectors so that specific LogicApps can operate with ease.
2. ISE will require as VNET and minimum 4 dedicated Subnet. (Review Azure Document before going ahead). Plan is well ahead. You can not mix up this subnet with anything else because these are managed subnet thereafter.
3. ISE will required integration service account to be provision for the service you want to connect example: Blob will require Azure Storage Integration Service Account etc.
4. ISE has it’s own cost. Run your simulation on Azure Calculator Prior. Study well and use ISE only as last resort. Sometime, solution such Managed Identity etc. or moving LogicApps to different region can help solve.
5. ISE can give you extension to your on-premise system via ISE Connector example: a LogicApps to be invoke based upon any Sales Invoice Process inside SAP running on-premise.

Scenario I tested;

Existing On-premise system were drop log file inside private blob. Soon after file gets drop, LogicApps needs to trigger and fetch file from Read Container–> Sent Email Notification–>Create New Blob in Write Container –> Notify Subscriber on file data parameters.

Twist was Private Storage Account. So as I described above, LogicApps with ISE was being provisioned. Normal LogicApps could not reach out to Private Blob (Using Managed Identity there is still an option but it may not full fill enterprise requirement of providing connectors).

With ISE, LogicApps can read Private Blob Container via Private Link Service provisioned.

Private Link DNS configuration, which gets provisioned.

ISE can be seen added to LogicApps

Integration Account in ISE for Logic App calling

Azure Blob API connection

Managed Connector started Showing

Empty Subnet for ISE: 4 dedicated subnet required to be available for ISE.

Email Notifications for both read and write operation via LogicApp from the Private Blob Container

At last, ISE is interesting feature. It should be evaluated well and executed. Unlike Function (which runs on top of App Service) LogicApps can only be integrated to VNet using ISE. If there is stronger need, use it. It is cool.

Small effort to learn and share.