West Coast IT Hipster

View Original

Private Endpoints

This was one of the best discoveries I made during this project. This makes routing traffic between on-prem and your Azure VNets a simple operation. The Azure Private Endpoint is a network interface that connects you privately and securely to a service powered by Azure Private Link. This Endpoint creates a private IP address and DNS record, effectively making the Azure service,Azure Storage, Azure Cosmos DB, SQL, etc, run as if it were just a resource in the  VNet. The service could be an Azure service such as Azure Storage, Azure Cosmos DB, SQL, etc.  Proving Azure networking is ahead of the rest. Let’s get into it.

This is the final piece of the lab concerned with the Azure networking. The rest covers Veeam Azure Appliance configuration. Through this excercise, the configuration of the endpoint is partnered with some verification through use of ping. So, you will be utilizing Putty to access your VM, and the ping command. Hope you enjoy.

FIrst off we are going to ping the Storage Account. If you did not save the Storage account information before. Return to the blog on Sotrage configuration for the instructions.

Ping the Storage Account

  1.  Get your Blob FQDN from your spreadsheet

  2. Return to your  Putty Session  Type Ping and Paste/Type the  Blob Service Name 

  1. You should notice the IP Address – should see an External IP 

  2. In Putty hold down Ctrl and type the letter c (CTRL+C)  Leave the Putty Session Open

Now add a Private Link

From the top Search Menu  Search for Private Link.

You will be met by the following screen. Select Private Link from the left and click Add 

Configuring the Private Endpoint

  1. Check Your Subscription

  2. Search for Your Resource Group under Resource Group and select

  3. Under Instance details 

  4. Name: (1st Letter First Name) 3rd Letter Last Name)-pep 

  5. Choose your Region

  6. Select Next: Resource 

  1. Select Connect to an Azure resource in my directory

  2. Choose the Proper Subscription

  3. Under Resource Type Select Microsoft.Storage/StorageAccounts from the drop down menu

  4. Under Resource choose your Storage account

  5. Under Target sub-resource choose blob

  6. Click Next: Configuration 

  7. Under Configuration Select your Vnet1 and Subnet1 

  8.   Review + Create if Validation Passed Select Create 

  9. Wait for Deployment to Finish 

  1. Blob Accounts are addressed over Public IP Space.
     In a Hybrid Datacenter you may want to keep traffic off the public IP space. Like in the case of VPN or Express Route. Private endpoints provide an easy method to create this route.  

  2. Return back to Azure Home and Select Your Resource Group 

  3. You should now find a Private DNS Zone 

  4. Select this Zone and Note the DNS Record 

Return to the Putty session and ping your Blob account again. Note the IP address will now be a private address within your VNet IP Range, and will utilize an auto assigned IP address from your 10.1.0.0/24 Sub. This is Subnet 1 of your Vnet1.

THat compeltes the process. Very simple, but very powerful. This is the point, and in my opinion, a must have for hybrid datacenters. The next steps will deal with the Veeam Backup Appliance. I will add 1 more Azure piece here on how to setup Application Regstratuions. That will basically conclude this Azure lab posting. This doesnt stop the Azure posts- I will begin to add more that deal with these concepts outside of the context of this lab. The Veeam Backup Applaince posts will be added to the Veeam specific page. I hope you will check them out.