Configuring private endpoints – Implementing and Managing Virtual Networking

2024-09-042024-09-04| Zoe PetersonConfiguring private endpoints – Implementing and Managing Virtual Networking| 0 Comment| 8:43 AM
Categories :

Configuring private endpoints

Azure Private Link enables you to access Platform as a Service (PaaS) services such as Azure Storage and SQL databases, and Azure-hosted services over a private endpoint in your own VNet.

Much like service endpoints, private endpoints allow traffic between a VNet and a service to travel through the Microsoft backbone network. This way, exposing your service over the internet is no longer required.

A key difference between service endpoints and private endpoints is that service endpoints connect to Azure/Microsoft services over their backbone while the PaaS resources are still outside of the VNet and, thus, need to be routed as such, whereas private endpoints bring the resources directly into your VNet. It is important to understand that private endpoints keep all the traffic within your VNet:

  1. Let’s go ahead and configure a Key Vault private endpoint via the Azure portal using the following steps:
  2. Navigate to the Azure portal by opening a web browser and visiting the following URL: https://portal.azure.com.
  3. Under Create a resource, search for private link and click on Create.
  4. Next, click on Create private endpoint:

Figure 14.32 – Creating a private endpoint

  1. Next, choose a subscription, RG, name, and region:

Figure 14.33 – Page one of creating a private endpoint

  1. Next, we choose a subscription from the drop-down list, select Resource type as Microsoft.KeyVault/vaults, and choose the name for the existing resource, and the target sub-resource:

Figure 14.34 – Page two of creating a private endpoint

  1. Next, select the VNet that you want the Key Vault service to be added to, as well as the Subnet name. Set Private DNS integration to No:

Figure 14.35 – Page three of creating a private endpoint

  1. Next, it is optional to provide a name and value as a resource tag. In our case, we’re going to skip this for now.
  2. On the Review and create tab, click Create.
  3. Finally, once the private endpoint has been created successfully, you can verify it by navigating to the resource and confirming that Connection status is Approved:

Figure 14.36 – Verifying that the private endpoint has been created successfully

In this section, we had a look at what private endpoints are and how they differ from service endpoints, and learned how to configure private endpoints for an existing key vault and VNet.

We encourage you to read up further on Azure private endpoints by visiting the following links:

• https://docs.microsoft.com/en-us/azure/private-link/ private-link-overview

• https://docs.microsoft.com/en-us/azure/private-link/ create-private-endpoint-portal

• https://docs.microsoft.com/en-us/azure/private-link/ private-endpoint-dns

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Configuring an ILB – Configuring Load Balancing

2023-04-022023-04-02 Zoe PetersonConfiguring an ILB – Configuring Load Balancing

Configuring an ILB In this demonstration, we are going to create and configure a load [...]

Read MoreRead More

Web application firewall – Configuring Load Balancing

2023-11-112023-11-11 Zoe PetersonWeb application firewall – Configuring Load Balancing

Web application firewall The web application firewall (WAF) is a specialized service that caters to [...]

Read MoreRead More

Creating load balancing rules – Configuring Load Balancing

2023-01-042023-01-04 Zoe PetersonCreating load balancing rules – Configuring Load Balancing

Creating load balancing rules Load balancing rules define how the traffic is distributed to the [...]

Read MoreRead More