Microsoft Azure Documentation

What is Azure Private Link?

Azure Private Link provides the ability to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure hosted customer-owned/partner services over a private endpoint in your virtual network.

Traffic between your virtual network and the service travels the Microsoft backbone network, eliminating exposure to the public internet.

How Azure Private Link Integrates with Virtual WAN

Azure Virtual WAN offers a unified hub-and-spoke architecture for managing network connectivity across your Azure and on-premises environments. Private Link enhances this by enabling:

• Secure Access to PaaS Services: Connect to services like Azure SQL Database, Azure Storage, and Azure Key Vault directly from your Virtual WAN hub or connected virtual networks, bypassing the need for public IP addresses or complex NAT configurations.
• Simplified Network Design: Reduce the complexity of managing firewall rules and network security groups when accessing private services.
• Enhanced Security: Maintain traffic within the Microsoft network for improved data protection and compliance.

Conceptual diagram illustrating Private Link connectivity through Virtual WAN.

Key Benefits

• Private Connectivity: Access services over private IP addresses.
• End-to-End Security: Traffic stays on the Microsoft backbone.
• Simplified Management: Integrate seamlessly with Virtual WAN constructs.
• Scalability and Reliability: Leverage the robust Azure network infrastructure.

Common Use Cases

Getting Started

To implement Azure Private Link with Virtual WAN, you typically need to:

1. Deploy an Azure Virtual WAN hub.
2. Create a Virtual Network Link from your spoke virtual network to the Virtual WAN hub.
3. Deploy a Private Endpoint in your spoke virtual network or a dedicated network for Private Link.
4. Configure DNS resolution to point to the private endpoint.

Refer to the How-to Guides for detailed configuration steps.