Service Endpoints
- When we create/provision some of the Azure services as shown below, they will not be created in your virtual network
- Azure Storage
- Azure SQL Database/Data Warehouse
- Azure Database for mysql/Postgres
- Azure Cosmos DB
- Azure Key Valut
- Azure App Service
- Azure Data Lake
- Azure Service & Azure Event Hub
- How do i enable private connectivity
- Using Service endpoints, we can create a NIC for the Azure service in your subnets with private ip addresses
- Sample endpoint creation for Azure SQL
Scenario: Multiple VNETs in Azure
- How to enable private communication b/w vnets in Azure
- In Azure we can use VNET peering which allows any two vnets in Azure to communicate with each other as long as ip addresses don’t collide
- Enable peering connection from portal using
- Exercise:
- Create a vnet with cidr range of 10.10.0.0/16 and call it app1
- Create a vnet with cidr range of 10.11.0.0/16 and call it app2
- Ensure you have 2 subnets in each vnet.
- Now create a vm name vm1 in app1 vnet and vm with name vm2 in app2 vnet
- Now ensure all the ports in NSG are open
- ping from vm1 to vm2 (It will fail)
- Now create a vnet peering connection b/w app1 vnet and app2 vnet
- Portal
- Powershell Refer Here
- CLI Refer Here
- Now ping from vm1 to vm2 using private ip
Private Communications b/w OnPremise & Azure VNets
- Consider the below scenario
- From our org network, we cannot access resources in vnet using private ip address
- Before we understand Onpremise to Azure VNet Connections lets understand our work from home connections
