12/13/2020

Private Endpoint – Virtual Networking

Private Endpoint – Virtual Networking

By implementing private endpoints, Azure PaaS services will get a private IP address on your virtual network. As the service is assigned with a private IP address, whenever you send traffic to a PaaS resource, the traffic always stays within your virtual network. Private endpoints can be used to connect Azure PaaS using a private link. A private link is a global service and has no regional restrictions. Figure 3.4 shows a classic example of using a private link where the VM is trying to access the database via a private connection.

FIGURE 3.4 Understanding a private link

In the case of both service endpoints and private endpoints, you are restricting the connections to our services only from the resources in our virtual network. Also, the traffic between your service and the virtual network is always transmitted via the Microsoft backbone network. There is no need for the packets to go over the Internet.

The following are the features offered by a private link:

  • Private connectivity: You can connect to resources over a Microsoft network that are deployed in different Azure regions. As no public Internet is involved in these connections, a complete private connectivity is established.
  • Hybrid connections and peered networks: You can access the resources that are connected via private links from on-premises infrastructure via VPN or ExpressRoute connections. If the resources are deployed in cloud, you can use peered networks as well. As the network is hosted by Microsoft, you don’t need to set up public peering or Internet gateways. This is not possible in the case of service endpoints.
  • Enhances security: The access is limited to only selected resources and eliminates a data exfiltration threat.
  • Seamless integration: Since the PaaS resources get an IP address from the virtual network, the connectivity will be seamless and with low latency.

Private links can be created from the private link center. The private link center gives a centralized place to manage your private connections and endpoints. The private link center can be accessed from the Azure portal by searching for private link (see Figure 3.5).

With that, we will move on to the next topic, Azure DNS.

FIGURE 3.5 Accessing a private link center

Author:
Filed Under: Certification Exams of Microsoft AZ-104, Implementing Azure Policy, Microsoft AZ-104 Certification Exams, Policy Assignment and Scope, Role-Based Access Control, Static and Dynamic Addressing

Leave a Reply

Your email address will not be published. Required fields are marked *