Azure Private link
Azure Private link
With the Azure Private Link, you will be able to access Azure Pass Services like (Azure Storage, SQL Database) and Azure hosted customer -owned /partner services over a private endpoint in your Virtual network.
Traffic between your Virtual network and service will route via Microsoft backbone network. Exposing your services to the public internet is no longer necessary. You can also create your own Private Link service in your Virtual network and deliver it to customer for shared services.
Azure Private Link benefits:
Below are some benefits of Azure Private link:
- It will help in provide connection from your Virtual network to Azure Services without using Public IP address at source or destination. Service providers can render their services in their own Virtual network and consumers can access those services in their local virtual network.
- Azure Private link helps in access services running in Azure from On-Premises over Express Route private peering, VPN tunnels, and Peered Virtual networks using private endpoints.
- Private Link also provides a secure way to migrate workloads to Azure.
- A Private Endpoint can also be mapped to an instance of a PaaS resource instead of entire service. Due to which consumers can only connect to the specific resource and access to other resource is blocked.
- Via Azure Private Link, you can access the services running in other regions. Consumer’s Virtual network could be in region A and it can connect to services behind private link in region B.
- Using the Azure Private Link, you can render the services behind the Load Balancer and enable it for Azure Private link. Now the consumer can connect direct to service using the Private endpoint in their own virtual network.
Logging & Monitoring of Azure private Link
Azure Private Link can also be integrated to Azure Monitor, which allows:
- Archival of Logs to a storage Account
- Streaming of events to your Events Hub.
- Azure Monitor logging.
You can access the following information on Azure Monitor
- Private Endpoint: Data processed by the Private Endpoint (IN/OUT)
- Private link Service: Data processed by the Private link Service (IN/OUT), NAT port Availability.
Azure Private Link Service:
Azure Private Link Service is the reference to your own service that is powered by Azure Private Link. In this you can run your service behind standard Load balancer and enable it for Private Link Access so that consumers to your service can access it privately from their own VNets.
Consumers can create a Private Endpoint inside their VNets and map it to this service.
Below figure describes the Azure Private Link Service
In Order to Understand the Azure Private Link Service workflow, Refer below figure
When you create a Private Link Service, Azure Creates an Alias for your service that you can share to your customers. Your customer can use these Alias to request a connection to your Service.
The Alias is composed of three parts: Prefix. GUID.Sufix
- Prefix is the service name. You can pick your own prefix. After "Alias" is created, you can't change it, so select your prefix appropriately.
- GUID will be provided by platform. This helps make the name globally unique.
- Suffix is appended by Azure: region. azure. privatelinkservice
Control Service Exposure:
The Private Link Service Provides you with three Options in the Visibility setting to control the exposure of your service.