Private Endpoints
This was one of the best discoveries I made during this project. This makes routing traffic between on-prem and your Azure VNets a simple operation. The Azure Private Endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. This Endpoint creates a private IP address and DNS record, effectively making the Azure service,Azure Storage, Azure Cosmos DB, SQL, etc, run as if it were just a resource in the VNet. The service could be an Azure service such as Azure Storage, Azure Cosmos DB, SQL, etc. Proving Azure networking is ahead of the rest. Let’s get into it.
This is the final piece of the lab concerned with the Azure networking. The rest covers Veeam Azure Appliance configuration. Through this excercise, the configuration of the endpoint is partnered with some verification through use of ping. So, you will be utilizing Putty to access your VM, and the ping command. Hope you enjoy.
FIrst off we are going to ping the Storage Account. If you did not save the Storage account information before. Return to the blog on Sotrage configuration for the instructions.
Ping the Storage Account
Get your Blob FQDN from your spreadsheet
Return to your Putty Session Type Ping and Paste/Type the Blob Service Name
You should notice the IP Address – should see an External IP
In Putty hold down Ctrl and type the letter c (CTRL+C) Leave the Putty Session Open
Now add a Private Link
From the top Search Menu Search for Private Link.
You will be met by the following screen. Select Private Link from the left and click Add
Configuring the Private Endpoint
Check Your Subscription
Search for Your Resource Group under Resource Group and select
Under Instance details
Name: (1st Letter First Name) 3rd Letter Last Name)-pep
Choose your Region
Select Next: Resource
Select Connect to an Azure resource in my directory
Choose the Proper Subscription
Under Resource Type Select Microsoft.Storage/StorageAccounts from the drop down menu
Under Resource choose your Storage account
Under Target sub-resource choose blob
Click Next: Configuration
Under Configuration Select your Vnet1 and Subnet1
Review + Create if Validation Passed Select Create
Wait for Deployment to Finish
Blob Accounts are addressed over Public IP Space.
In a Hybrid Datacenter you may want to keep traffic off the public IP space. Like in the case of VPN or Express Route. Private endpoints provide an easy method to create this route.Return back to Azure Home and Select Your Resource Group
You should now find a Private DNS Zone
Select this Zone and Note the DNS Record
Return to the Putty session and ping your Blob account again. Note the IP address will now be a private address within your VNet IP Range, and will utilize an auto assigned IP address from your 10.1.0.0/24 Sub. This is Subnet 1 of your Vnet1.
THat compeltes the process. Very simple, but very powerful. This is the point, and in my opinion, a must have for hybrid datacenters. The next steps will deal with the Veeam Backup Appliance. I will add 1 more Azure piece here on how to setup Application Regstratuions. That will basically conclude this Azure lab posting. This doesnt stop the Azure posts- I will begin to add more that deal with these concepts outside of the context of this lab. The Veeam Backup Applaince posts will be added to the Veeam specific page. I hope you will check them out.