AZURE
In September 2019, Azure announced a brand-new service – Azure Private Link, a very important tool for service providers providing a mix of Azure IaaS and PaaS services.
Azure Private Link enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure-hosted customer-owned/partner services over a Private Endpoint in your virtual network. Traffic between your virtual network and the service traverses over the Microsoft backbone network, eliminating exposure from the public Internet. It can be used via a local IP address (on Azure and from on-premises networks) or via a dedicated Azure ExpressRoute network.
Well, naturally, the first benefit is security! It reduces the exposure of PaaS services to the Internet and provides a secure way to manage traffic between the client's network and Azure. With Private Link Service, data stays within Microsoft's system and the client’s private network.
For service providers and their clients, this is obviously critical as it provides secure access to customers in their virtual network while giving them the ability to use the resources in the service provider's subscription.
Find out how a Private Link Service can be created behind a standard load balancer.
In the example below, Kubernetes Ingress Service is exposed as a Private Link Service. The ingress has a Standard Load Balancer with IP Address 172.17.1.100.
Details of Ingress Service (Internal Load Balancer)
cloudiq@hubandspoke:~$ kubectl get service -A | grep LoadBalancer
dev ciq-demo-ingress-nginx-ingress-
controller LoadBalancer 192.168.3.11 172.17.1.100 80:32314/TCP,443:30694/TCP 43h
Service can be accessed as below from within the VNET(ciq-demo-vnet)
http://172.17.1.100/web/api/imageresult
Added this method for testing this API in API-MGMT. The current time is : 02/20/2020 10:07:23
The private Link service is created with the following details.
Next, you create a private endpoint in the consumer vnet/subnet. In our example, we have created a network interface in the ciq-devops-general-rq-vnet/default vnet/subnet. The private ip within the vnet/subnet is 10.0.0.4. The Kubernetes ingress service can be accessed from the consumer vnet using the 10.0.0.4 private IP.
cloudiq@cloudiq-build-agent-vm:~$ curl http://10.0.0.4/web/api/imageresult
Added this method for testing this API in API-MGMT. The current time is : 02/20/2020 10:09:03
Private Link can be enabled for other Azure Resources, such as below.
For example, the private endpoint was enabled for a Storage account.
cloudiq@cloudiq-build-agent-vm:~$ curl http://k8sworkshopstg.blob.core.windows.net/test/hw.txt
cloudiq@cloudiq-build-agent-vm:~$ nslookup k8sworkshopstg.blob.core.windows.net
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
k8sworkshopstg.blob.core.windows.net canonical name = k8sworkshopstg.privatelink.blob.core.windows.net.
Name: k8sworkshopstg.privatelink.blob.core.windows.net
Address: 10.0.0.5
cloudiq@cloudiq-build-agent-vm:~$ curl http://k8sworkshopstg.privatelink.blob.core.windows.net/test/hw.txt
Share this:
In today's fast-paced enterprise world, the pressure is on to create workflows that are not just efficient, but truly intelligent and scalable. Gone are the days when clunky, form-based interfaces could keep up. They were rigid, often frustrating for users, and crucially, lacked the smarts needed to drive real productivity. But what if your forms […]
Are outdated HR processes holding your enterprise back? In today's hyper-competitive landscape, the efficiency of your human resources directly impacts your bottom line, employee satisfaction, and ability to attract top talent. Yet, many organizations are still grappling with manual, resource-intensive tasks that drain productivity and stifle growth. Imagine a world where: Crafting compelling job descriptions […]
In today's hyper-competitive digital landscape, delivering an exceptional user experience (UX) isn't just a nice-to-have – it's the bedrock of customer loyalty and business growth. But as customer behaviors constantly evolve and applications grow increasingly complex, a critical question emerges: How can organizations consistently measure, monitor, and elevate the user experience at scale, and in […]
Partner with CloudIQ to achieve immediate gains while building a strong foundation for long-term, transformative success.