What is Azure Private Link and Private Endpoint?
Answer
Azure Private Endpoint is a network interface in your VNet that connects privately to an Azure PaaS service (Storage, SQL, Key Vault, Cosmos DB, etc.) using Azure Private Link. Traffic between your VNet and the service travels over the Microsoft backbone network, never over the public internet. The PaaS service gets a private IP address in your VNet. You can then disable public internet access to the service entirely. Benefits: Data exfiltration prevention (no traffic leaves the Microsoft network), compliance (satisfy regulations requiring private connectivity), no NAT or gateway overhead. Private Endpoints work across VNet peering and ExpressRoute. They are different from Service Endpoints, which keep traffic on the Microsoft backbone but use the service's public endpoint and cannot be used to disable public access entirely.
Previous
What is Azure Arc and what problem does it solve?
Next
How does Azure handle disaster recovery at a regional level?
More Microsoft Azure Questions
View all →- Advanced What is the Azure landing zone and how is it structured?
- Advanced What is Azure Service Mesh and how does it relate to Istio?
- Advanced How does Azure implement zero-trust security architecture?
- Advanced What is Azure Event Grid and how does it differ from Event Hubs and Service Bus?
- Advanced What is Azure Defender for Cloud (Microsoft Defender for Cloud)?