Microsoft Dynamics Azure Private Link is the secure and scalable way for Microsoft Azure customers to consume Azure Services like Microsoft Azure Storage or SQL, Microsoft Partner Services or their own services privately from their Microsoft Azure Virtual Network (VNet). The technology is based on a provider and the consumer model where the provider and the consumer are both hosted in Microsoft Azure.
A connection is established using a consent-based call flow and once established, all data that flows between the service provider and service consumer is isolated from the internet and stays on the Microsoft network. There is no need for gateways, network address translation (NAT) devices, or public IP addresses to communicate with the service.
Key Features of Microsoft Dynamics Azure Private Link
Private on-premises access:
Since Platform as a Service resources are mapped to private IP addresses in the customer’s VNet, they can be accessed via Azure ExpressRoute private peering. This effectively means that the data will traverse a completely private path from on-premises to Microsoft Azure. The configuration in the corporate firewalls and the route tables can be streamlined to enable the access only to the private Internet Protocol addresses.
Data exfiltration protection:
Azure Private Link is unique with respect to mapping a specific PaaS resource to a private IP address as opposed to mapping an entire service as other cloud providers do. This means that any intent to exfiltrate the internet to another account using the same private endpoint will fail, thus giving built-in information exfiltration protection.
Simple to setup:
Azure Private Link is simple to set up with the minimal networking configuration wanted. Connectivity works on the approval call flow and once a Platform as a service resource is mapped to a private endpoint, the connectivity works out of the box without any additional configurations on route tables and Microsoft Azure Network Security Groups (NSGs).
Overlapping address space:
Traditionally, customers use VNet peering as the mechanism to connect multiple VNets. VNet peering wants the VNets to have the non-overlapping address space. In enterprise use cases, it is often common to find networks with an overlapping IP address space. Azure Private Link provides an alternative way to privately connect applications in different VNets that have an overlapping IP address space.
Azure Private Link brings Azure services inside the customer’s private VNet. The service resources can be accessed using the private IP address just like another resource in the VNet. This significantly simplifies the network configuration by keeping access rules private.
How Microsoft Dynamics Azure Private Link Works?
- Use Private Link to bring services given on Azure into your private virtual network by mapping it to a private endpoint.
- Or privately deliver their own services in the customers’ virtual networks.
- All traffic to the service can be routed through the private endpoint, so no gateways, NAT devices, ExpressRoute or VPN connections, or public IP addresses are needed.
- Private Link keeps traffic on the Microsoft global network.