Part of my Azure Architecture I am implementing Hub and Spoke Topology. I am somewhat confused on certain element of Private Link.
I have 2 Resource Groups and I intend to have a Hub and Spoke topology with 1 Resource Group with 3 VNETs (1 Hub and 2 Spokes) and another Resource Group will have 1 VNET (Spoke) and I intend to have Private Link for all Azure Resources such as Azure SQL Database and Blob Storage.
The Hub VNET contains Application Gateway and Azure Firewall.
The Spokes will contain Azure Resources such as Azure SQL Database and Blob Storage.
Do I need to configure the Private DNS.
1) Does the Azure Resources such as Azure SQL and Azure Blob Storage need to be in the VNET for the Azure Private Link to work.
2) How do you connect to Azure SQL or Blob Storage if they have private link do you need a Client VM in the Hub.
3) I have Azure Firewall in my Hub is my understanding correct I wouldn't need Azure Firewall if I am using Private Link?