Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

What is Azure Private Endpoint?

2025-01-14 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/03 Report--

Azure Private Endpoint is a new feature of Azure PaaS services that allows us to create dedicated endpoints in virtual networks. This dedicated endpoint provides a dedicated internal IP for PaaS services so that all traffic from our virtual network to PaaS resources is passed through Azure's backbone instead of internet. Enabling dedicated links for PaaS resources provides the following benefits:

Traffic from PaaS resources to PaaS resources that can be accessed using private IP supports peer-to-peer virtual networks and local resources through Express Route or * * connections through the backbone of Azure rather than internet. User access is limited to specific resources (database / storage accounts, etc.), not the entire service. Private endpoints can be created to resources in different areas of the virtual network, even to different tenants

Using Azure Private Endpoint, we can access Azure PaaS services, such as:

Azure Storage

Azure SQL Database

Azure Cosmos DB

Azure Key Vault

Azure Private Endpoint works as follows:

The Azure private link creates an endpoint with a private IP address, thus ensuring that traffic flows through our virtual network and does not require NSG rules to allow outbound traffic outside your virtual network.

The difference between Private Endpoint and Service Endpoint:

I believe many friends will think of a question when they see this. What is the difference between Private Endpoint and Service Endpoint?

Service endpoints provide a way to lock access from virtual networks to PaaS resources, but we still need a common endpoint. With service endpoints, we can only lock access to services rather than specific resources. Use dedicated endpoints to allow access to only specific resources.

Because private links use private IP to create endpoints, our traffic flows only within the virtual network and does not require NSG rules, allowing outbound traffic to exceed the virtual network, unlike service endpoints.

Having said that, let's take a look at how to create Private Endopint.

To create a Private Endpoint, we first need to create a storage account:

Set the resource group, store the account name and location, and click next:

In the network location, select Private Endpoint, and then the system will appear the tab of the new Private Endpoint, where we set the name, name, network and whether to integrate the DNS region.

After the creation is completed, as shown in the following figure:

After confirmation, we can click create:

In the demonstration just now, we created the Private Endpoint through the process of creating a storage account resource. In addition, we can also create private links for other PaaS services through the private link center in Portal:

Next we can verify the configuration we just made.

When we run nslookup inside the VM on the same network, we can see that it resolves to a private network address:

We copy the link string of the storage account and link it through the storage account explorer. We can see that the connection is successful:

Then we can see the relevant content in the storage account:

With regard to the introduction related to Private Endpoint, let's stop here today. In fact, with the help of Private Endpoint, we can easily reduce the exposure of PaaS services on Internet and ensure the security of communication between the network and Azure.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report