How to push files from a secured on prem VM without public internet access to azure blob storage

Question

How to push files from a secured on prem VM without public internet access to azure blob storage

Pavan Puligandla 45

Hi,

I've a scenario where I need to push files to Azure blob storage in real time from secured OT network VM which do not have internet access within the IDMZ to Level 5 IT DMZ and then to Blob Storage to be consumed by third party API. Any thoughts here?

Thanks,

Silvia Wibowo 5,861 Reputation points Microsoft Employee

2025-04-11T05:02:00.5633333+00:00

Hi @Pavan Puligandla , is your OT network connected to Express Route or VPN site-to-site to Azure?
Pavan Puligandla 45 Reputation points

2025-04-11T05:21:31.2166667+00:00

Hello @Silvia Wibowo

Yes, it is. request you to please point me to step by step guide from MSDN or an architecture diagram if possible.

Thank you
Shravan Addagatla 690 Reputation points Microsoft External Staff

2025-04-14T09:29:37.0733333+00:00

Hi @Pavan Puligandla

Just checking in to see if above information was helpful. If you have any further questions on this issue, please let me know. Thank you
Shravan Addagatla 690 Reputation points Microsoft External Staff

2025-04-15T09:23:22.2466667+00:00

Hi @Pavan Puligandla

I just wanted to follow up to see if you had the opportunity to review my response regarding your questions

Thanks. I look forward to your response.
Pavan Puligandla 45 Reputation points

2025-04-16T06:33:18.4266667+00:00

Yes this was helpful. Thank you for the support.

Accepted answer

0 additional answers

Your answer

Silvia Wibowo 5,861 Reputation points Microsoft Employee

2025-04-11T05:02:00.5633333+00:00

Hi @Pavan Puligandla , is your OT network connected to Express Route or VPN site-to-site to Azure?
Pavan Puligandla 45 Reputation points

2025-04-11T05:21:31.2166667+00:00

Hello @Silvia Wibowo

Yes, it is. request you to please point me to step by step guide from MSDN or an architecture diagram if possible.

Thank you
Shravan Addagatla 690 Reputation points Microsoft External Staff

2025-04-14T09:29:37.0733333+00:00

Hi @Pavan Puligandla

Just checking in to see if above information was helpful. If you have any further questions on this issue, please let me know. Thank you
Shravan Addagatla 690 Reputation points Microsoft External Staff

2025-04-15T09:23:22.2466667+00:00

Hi @Pavan Puligandla

I just wanted to follow up to see if you had the opportunity to review my response regarding your questions

Thanks. I look forward to your response.
Pavan Puligandla 45 Reputation points

2025-04-16T06:33:18.4266667+00:00

Yes this was helpful. Thank you for the support.

Answer 1

Hi @Pavan Puligandla

Since you have confirmed that your OT network is connected to ExpressRoute or a Site-Site VPN,

I suggest creating a Private Endpoint for your Blob Storage Account and associating it with the VNet to ensure private connectivity. This way, machines in the OT network can connect to the storage account's private endpoint IP via the site-to-site VPN connection.

Additionally, please ensure that you're on-premises DNS resolves the Blob Storage Account to its private IP instead of the public endpoint. For this, you may need a DNS forwarder to route traffic correctly to Azure.

Refer: https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints#conceptual-overview

To connect the Storage account over Azure P2S VPN client, you can refer the below articles.

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-p2s-advertise-custom-routes

https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-certificate-gateway

I hope this has been helpful!

Please click "Accept" the answer as original posters help the community find answers faster by identifying the correct answer.

Share via

How to push files from a secured on prem VM without public internet access to azure blob storage

0 additional answers

Your answer