Jump to content

- - - - -

Azure Private Link | Private connection to Azure PaaS

  Posted by Pantelis Apostolidis , in Azure 18 September 2019 · 7 views

<h1>Azure Private Link | Private connection to Azure PaaS</h1>
<p>Azure Private Link is a new service, currently in Preview, that provides private connectivity from a virtual network or an on-premises network with Site-2-Site VPN to Azure platform as a service (PaaS) Microsoft services. Azure Private Link makes the networking a lot more simple improving the security and eliminating the need for public access.</p>
<p id="nAIxogs"><img class="alignnone size-full wp-image-2844 " src="https://www.e-aposto...145c21e8f8.png"alt="" /></p>
<p><span style="font-size: 12px;">image from: <a href="https://azure.micros...</a></span></p>
<p>Azure Private Link is a Service mapped to Azure Virtual Networks through a private endpoint. This means that all traffic is routed internally, using private IPs and connectivity, eliminating the exposure to threats. Using Private Link helps an organization to meed the compliance standards.</p>
<p>Azure Private Link is a Global service. It does not have regional restrictions. You can connect privately services from all the Azure Regions around the globe.</p>
<h2>Lets Lab It!</h2>
<p>Let’s see in practice how we can connect from an Azure VM and from our on-premises computer using VPN to an Azure SQL Database using private IPs. For the Lab I already have a Virtual Machine running Windows Server 2019 and an Azure SQL Database. The SQL Database is not connected to any networks.</p>
<p>Open the Azure Portal, press New and search for “Private Link”, select it and press “Create”</p>
<p id="wWRgRfz"><img class="alignnone size-full wp-image-2824 " src="https://www.e-aposto...12bccdb08c.png"alt="" /></p>
<p>A nice “Getting started page” will open. Click the “Build a private connection to a service”</p>
<p id="YGbIKKC"><img class="alignnone size-full wp-image-2825 " src="https://www.e-aposto...12c222bb50.png"alt="" /></p>
<p id="hySxSQb"><img class="alignnone size-full wp-image-2826 " src="https://www.e-aposto...12c2e18651.png"alt="" /></p>
<p>The “Create a private endpoint” wizard will open. Select a name for the Private Link and a Region and press Next to go to the second step.</p>
<p id="vCwjsPb"><img class="alignnone size-full wp-image-2832 " src="https://www.e-aposto...130185f27f.png"alt="" /></p>
<p>At the second step, select to connect to the azure resource in my directory, and select the subscription where the Azure SQL Database resides. Then select the SQL Server.</p>
<p id="qmxqrJF"><img class="alignnone size-full wp-image-2833 " src="https://www.e-aposto...1303297eff.png"alt="" /></p>
<p>At the third step, select the VIrtual Network that the Private Link will be created. I selected the network where my Virtual Machine resides. If you don’t have your own DNS server select Yes to create an Azure private DNS zone.</p>
<p id="nfoqivE"><img class="alignnone size-full wp-image-2835 " src="https://www.e-aposto...13077e1d38.png"alt="" /></p>
<p>At the final step, review the settings and create the Private Link</p>
<p id="lHsjjBi"><img class="alignnone size-full wp-image-2836 " src="https://www.e-aposto...1309adc037.png"alt="" /></p>
<p>After the resource creation, you can check the DNS for the Azure SQL Server Private IP Address!</p>
<p id="cSPyGGM"><img class="alignnone size-full wp-image-2837 " src="https://www.e-aposto...1317ff3814.png"alt="" /></p>
<p>And at the SQL Server, at the “Private endpoint connections” section you will see the new Private Link.</p>
<p id="YnyPGra"><img class="alignnone size-full wp-image-2839 " src="https://www.e-aposto...132886dbdc.png"alt="" /></p>
<p>Open a Remote Desktop Connection to the Azure VM, and run a nslookup for the SQL Server name. In my case the command is:</p>
<p>PS C:&gt; nslookup plsqlsrv.database.windows.net<br />Server: UnKnown<br />Address:</p>
<p>Non-authoritative answer:<br />Name: plsqlsrv.privatelink.database.windows.net<br />Address:<br />Aliases: plsqlsrv.database.windows.net</p>
<p id="zdWsPaP"><img class="alignnone size-full wp-image-2838 " src="https://www.e-aposto...131e47f882.png"alt="" /></p>
<p>And it returned the Private IP address of the SQL Server.</p>
<p>From my computer, i tried to connect to the Azure SQL Server, using the name plsqlsrv.database.windows.net and the connection failed since my Public IP Address is not allowed to access the server.</p>
<p id="YMuBmUq"><img class="alignnone size-full wp-image-2840 " src="https://www.e-aposto...13f72173a6.png"alt="" /></p>
<p>From the Azure VM I managed to connect successfully and of course internally!</p>
<p id="nVbBsVv"><img class="alignnone size-full wp-image-2841 " src="https://www.e-aposto...13fab7a6a1.png"alt="" /></p>
<p>After that, I added a Virtual Network Gateway to the Network and created a Point to Site VPN connection from my local computer to Azure. You can check my guide on how to do this: <a href="https://www.e-aposto...t-to-site-vpn/"target="_blank" rel="noopener noreferrer">https://www.e-aposto...te-vpn/</a></p>
<p>In order to connect to the Azure SQL you need to either use a local DNS server to map the SQl Server name to the Azure SQL IP or add an entry to the local host file for testing.</p>
<p id="VbhUQVD"><img class="alignnone size-full wp-image-2849 " src="https://www.e-aposto...150b51c2d2.png"alt="" /></p>
<p>Azure Private Link is in Preview and currently supports Azure SQL Database and Storage accounts. Additional services coming in preview in next 3-6 months:</p>
<li>· Cosmos DB</li>
<li>· App Service Vnet Integration + App Service Environment</li>
<li>· Azure Kubernetes Service</li>
<li>· Azure Key Vault</li>
<li>· PostgreSQL</li>
<li>· MySQL</li>
<li>· Maria DB</li>
<p><a href="https://azure.micros...e-link/</a></p>
<p><a href="https://azure.micros...e-link/</a></p>
<p><a class="a2a_button_email" href="https://www.addtoany... to Azure PaaS"title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-private-link-private-connection-to-azure-paas%2F&amp;linkname=Azure%20Private%20Link%20%7C%20Private%20connection%20to%20Azure%20PaaS" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share#url=https%3A%2F%2Fwww.e-apostolidis.gr%2Fmicrosoft%2Fazure%2Fazure-private-link-private-connection-to-azure-paas%2F&title=Azure%20Private%20Link%20%7C%20Private%20connection%20to%20Azure%20PaaS" data-a2a-url="https://www.e-apostolidis.gr/microsoft/azure/azure-private-link-private-connection-to-azure-paas/" data-a2a-title="Azure Private Link | Private connection to Azure PaaS"><img src="https://static.addtoany.com/buttons/share_save_171_16.png" alt="Share"></a></p><p>The post <a rel="nofollow" href="https://www.e-apostolidis.gr/microsoft/azure/azure-private-link-private-connection-to-azure-paas/">Azure Private Link | Private connection to Azure PaaS</a> appeared first on <a rel="nofollow" href="https://www.e-apostolidis.gr">Apostolidis IT Corner</a>.</p>

<a href="https://www.e-aposto...to-azure-paas/"class='bbc_url' rel='nofollow external'>Source</a>