Azure Private Link Reference

This section provides detailed reference information for Azure Private Link, including API specifications, resource types, and configuration parameters.

Key Components and Resources

Private Endpoint Properties

Detailed properties of a Private Endpoint resource:

  • id: Resource ID of the private endpoint.
  • name: Name of the private endpoint.
  • location: Azure region where the private endpoint is deployed.
  • properties.privateLinkServiceId: Resource ID of the private link service to connect to.
  • properties.subnet.id: Resource ID of the subnet where the private endpoint will be created.
  • properties.customNetworkInterfaceConfiguration: Configuration for the network interface.
  • properties.provisioningState: Provisioning state of the private endpoint.

Private Endpoint Networking Configurations

Key networking aspects for Private Endpoints:

  • Private IP Allocation: The method by which a private IP address is assigned to the private endpoint.
  • DNS Configuration: How DNS records are managed for private endpoints, often involving Private DNS Zones.
  • Network Security Groups: Applying NSG rules to control inbound and outbound traffic for the private endpoint's network interface.

Azure Resource Manager (ARM) API for Private Endpoints

Refer to the official Azure REST API documentation for the most up-to-date information on managing Private Endpoints:

Private Endpoints - REST API (Microsoft Docs)

Private Link Service Properties

Detailed properties of a Private Link Service resource:

  • id: Resource ID of the private link service.
  • name: Name of the private link service.
  • location: Azure region where the private link service is deployed.
  • properties.alias: The alias to be used by clients to connect to the service.
  • properties.loadBalancerFrontendIpConfigurations: Frontend IP configurations of the associated load balancer.
  • properties.networkInterfaces: Network interfaces associated with the service.
  • properties.visibility: Visibility configuration for the service (e.g., subscription level).
  • properties.autoApproval: Auto-approval configuration for subscription IDs.
  • properties.provisioningState: Provisioning state of the private link service.

Private Link Service Networking Configurations

Key networking aspects for Private Link Services:

  • Load Balancer Integration: Private Link Services typically integrate with Azure Load Balancers to distribute traffic.
  • Visibility and Access Control: Configuring which subscriptions or tenants can discover and connect to your service.
  • Subnet Configuration: The subnet from which the private link service is exposed.

Azure Resource Manager (ARM) API for Private Link Services

Refer to the official Azure REST API documentation for the most up-to-date information on managing Private Link Services:

Private Link Services - REST API (Microsoft Docs)

NSG Rules for Private Endpoints

When using Private Endpoints, Network Security Groups applied to the subnet where the private endpoint resides will filter traffic going to and from the endpoint.

  • Inbound Security Rules: Control traffic destined for the private endpoint.
  • Outbound Security Rules: Control traffic originating from the private endpoint.
Note: Direct association of NSGs to a private endpoint's network interface is not supported. NSGs are applied at the subnet level.

NSG Rules for Private Link Services

Network Security Groups are crucial for controlling access to services exposed via Private Link Service. These NSGs are typically associated with the subnet containing the load balancer frontend IP configuration for the Private Link Service.

  • Allow Inbound Traffic: Configure rules to allow inbound traffic from specific virtual networks or IP ranges to the Private Link Service's frontend IP.
  • Control Traffic Flow: Ensure proper port and protocol filtering.

Other Reference Materials