Shorticle 689 – Secure your data access in Cloud services through Azure Private Link

Dr. Magesh Kasthuri Dr. Magesh Kasthuri

Dr. Magesh Kasthuri

Distinguished Member Of Technical Staff at Wipro Limited

发布日期: 2022年3月22日
+ 关注

When you have heterogeneous network communication between cloud services like Azure PaaS services sharing data with Azure virtual network enabled data sources, then you should think of Azure Private Link, which creates a secured tunnel between Azure PaaS services and Azure hosted customer enabled/partner services using a private endpoint.

In a virtual network setup in Azure platform, a private endpoint is a network interface service, which uses a private IP for inter-service data communication and Azure private link leverages this Azure private endpoint to manage traffic between Azure services behind Microsoft backbone network.

No alt text provided for this image

Using Azure Private Link Center, we can create Private Link to build and allow private network connections between Azure resources. Azure Private Link can be used to replace ExpressRoute in hybrid network services to use private network peering to on-premises services. It also avoids data leaking due to secured data protection. It can also be configured between regions and hence acts as global network interfacing service.

Are Private Link can be easily monitored as it is integrated with Azure Native monitoring service and hence logging, auditing and monitoring for private network usage in Azure Private Link can be frequently monitored and analysed.

For further read: https://docs.microsoft.com/en-us/azure/private-link/private-link-overview

#magtechbytes #wipro #shorticle #shorticleazure

Anil Kumar

Help orgs assess and migrate workloads to cloud and develop cloud native applications ? Cloud Architect ? Azure Solutions Architect ? 6x Azure ? 2x SQL Server ? GCP ? Terraform ? AI Enthusiast | Free Timer

2 年

Insightful post, as always Magesh - Thank you for you time and efforts!! "Azure Private Link can be used to replace ExpressRoute in hybrid network services to use private network peering to on-premises services." - Not understanding this part actually. By design, PaaS resources are accessible over Internet. Setting up ExpressRoute or S2S VPN or P2S VPN is not required for accessing any PaaS resource. When we create private endpoint for a PaaS component like AZURE SQL Database - that database would be given an IP address from the subnet of Vnet we are creating private endpoint and publish access to database would be denied. That database can be accessed from laptop/works station/ on premise system provided incoming IPs have been whitelisted in Azure SQL Server (logical). If time permits, kindly consider clarifying on this.
回复
1 次回应
查看更多评论

要查看或添加评论,请登录

Dr. Magesh Kasthuri的更多文章

社区洞察

其他会员也浏览了