Microsoft has unveiled a new service for Azure that will keep connections to the public cloud private.
Azure Private Link, currently in preview, is a new means for customers to consume Azure Services from their own virtual network (VNet).
The service establishes a connection using a consent-based call flow. Once established, all data transferred between the service provider and consumer is isolated within Microsoft’s backbone network and away from the public internet. This removes the need for gateways, network address translation devices or public IP addresses, simplifying the configuration process.
As for multi-tenant shared services like Azure Storage and SQL Database that sit outside customer’s VNets, customers will be able to secure those connections with VNet service endpoints to allow the platform-as-a-service (PaaS) resource to be isolated within their VNet. The PaaS endpoint is still served over a public IP address and cannot be reached from on-premises through Azure ExpressRoute private peering or a VPN gateway.
“With today’s announcement of Azure Private Link, you can simply create a private endpoint in your VNet and map it to your PaaS resource (Your Azure Storage account blob or SQL Database server),” Microsoft’s corporate vice president of Azure Networking Yousef Khalidi wrote in a blog post.
“These resources are then accessible over a private IP address in your VNet, enabling connectivity from on-premises through Azure ExpressRoute private peering and/or VPN gateway and keep the network configuration simple by not opening it up to public IP addresses.”
Microsoft is also opening up Azure Private Link to other service providers. Service providers will be able to run their services privately in their own VNet behind an Azure Standard Balancer and enable it for Azure Private Link, making it accessible to customers running in different VNet, subscription or Azure Active Director tenants.
Azure Private Link is available in preview now but only in the US. Microsoft said it will expand to new regions in the future, and will make more Azure services available including Cosmos DB, MySQL, Azure PostgreSQL, MariaDB, Application Service and Key Vault. You can also read more about Azure Private Link on Microsoft’s blog here.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
