Current Setup
- Frontend: Blazor Azure Static Web App (Free plan) with PWA
- Backend: Integrated Azure Functions API (currently part of SWA)
- Database: Azure SQL Database
The Problem
I need to migrate from Azure SQL Database to an on-premise SQL Server due to business requirements. However, I've discovered that Azure Static Web Apps with integrated Functions don't support VNet integration, which seems necessary for secure on-premise connectivity.
What I've Researched
I found several approaches but I'm confused about which is best:
Option 1: Standalone Functions + VPN Gateway
- Move Functions out of SWA to standalone Azure Functions (Premium plan~$150-180/month)
- Set up VPN Gateway (VpnGw1 ~$140/month)
- Use VNet integration
- Total cost: ~$300-330/month
Option 2: On-Premise API Gateway
- Create a small REST API on-premise that connects to SQL Server
- Expose it via HTTPS with proper security (TLS, IP allowlisting, APIkeys)
- Call this API from my existing integrated Functions
- Total cost: ~$9-20/month
Option 3: Azure Relay/Hybrid Connections
- Use Azure Relay or Hybrid Connections for secure communication
- Keep Functions in consumption plan potentially
- Cost: ~$50-100/month
My Question:
Which approach is most commonly used in production for this scenario? And are there any other cost-effective solutions I'm missing?
Any guidance on the most straightforward, secure, and cost-efficient approach would be greatly appreciated!