question

Kman-9406 avatar image
0 Votes"
Kman-9406 asked GitaraniSharmaMSFT-4262 commented

Private Link

Part of my Azure Architecture I am implementing Hub and Spoke Topology. I am somewhat confused on certain element of Private Link.

I have 2 Resource Groups and I intend to have a Hub and Spoke topology with 1 Resource Group with 3 VNETs (1 Hub and 2 Spokes) and another Resource Group will have 1 VNET (Spoke) and I intend to have Private Link for all Azure Resources such as Azure SQL Database and Blob Storage.

The Hub VNET contains Application Gateway and Azure Firewall.
The Spokes will contain Azure Resources such as Azure SQL Database and Blob Storage.
Do I need to configure the Private DNS.


1) Does the Azure Resources such as Azure SQL and Azure Blob Storage need to be in the VNET for the Azure Private Link to work.
2) How do you connect to Azure SQL or Blob Storage if they have private link do you need a Client VM in the Hub.
3) I have Azure Firewall in my Hub is my understanding correct I wouldn't need Azure Firewall if I am using Private Link?

azure-virtual-networkazure-private-link
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @KaisMalique-9406 ,

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

Thanks,
Gita

0 Votes 0 ·

Hello @KaisMalique-9406 ,

Could you please provide an update on this post?

Kindly let us know if the below answer helps or you need further assistance on this issue.


Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

0 Votes 0 ·
GitaraniSharmaMSFT-4262 avatar image
0 Votes"
GitaraniSharmaMSFT-4262 answered

Hello @KaisMalique-9406 ,

You can use the following options to configure your DNS settings for private endpoints:
1. Use the host file (only recommended for testing)
2. Use a private DNS zone.
3. Use your DNS forwarder (optional).

Please refer the below article for more information:
https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns#azure-services-dns-zone-configuration

1) Does the Azure Resources such as Azure SQL and Azure Blob Storage need to be in the VNET for the Azure Private Link to work.
A) No, Azure Resources such as Azure SQL and Azure Blob Storage doesn't need to be in the VNET for the Azure Private Link to work. Private endpoint enables connectivity between the consumers from the same VNet, regionally peered VNets, globally peered VNets and on premises using VPN or Express Route and services powered by Private Link.
Please refer : https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview

2) How do you connect to Azure SQL or Blob Storage if they have private link do you need a Client VM in the Hub.
A) Yes, you will need a client VM to test connectivity to Azure SQL or Blob Storage via Private link.
Please refer : https://docs.microsoft.com/en-us/azure/private-link/tutorial-private-endpoint-sql-portal
https://docs.microsoft.com/en-us/azure/private-link/tutorial-private-endpoint-storage-portal

3) I have Azure Firewall in my Hub is my understanding correct I wouldn't need Azure Firewall if I am using Private Link?
A) Private endpoints enable Azure resources deployed in a virtual network to communicate privately with private link resources. It also extend the connectivity by allowing access to the private endpoint through virtual network peering and on-premises network connections. So, in general Azure Firewall is not needed but if you need to inspect or block traffic from clients to the services exposed via private endpoints, then you can complete this inspection by using Azure Firewall. It is upto your requirement.
Please refer : https://docs.microsoft.com/en-us/azure/private-link/inspect-traffic-with-azure-firewall

Kindly let us know if the above helps or you need further assistance on this issue.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

oscarmh avatar image
0 Votes"
oscarmh answered
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.