The Azure private link allows a customer to access Azure PaaS services privately and securely over an Azure VNET (Virtual Network). by using the private link, traffic between PaaS and VNET remains on the Microsoft backbone network with no public Internet access involved. The private link also allows the private connectivity to PaaS services from the On-premises network connected using the Express route.
There are following benefits of using the Private Link:
- All communication between PaaS services and Azure VNET uses the private connectivity
- The private link allows the On-premises network to connect and consume PaaS services privately and reduces the usage of the Express route Microsoft peering
- The private link also provides protection against the data exfiltration for Azure services
- PaaS services are accessible directly from the Virtual Network within
- The private link also allows an Azure Marketplace vendor to provide its services securely to its customers
Key Terminologies and Concepts:
- Private Link Services – Azure Private Link service is the service provided by the Azure Private Link. services like, Azure storage,
- Private Endpoint – Azure Private Endpoint is a network interface that helps connects privately and securely to Private link service. Private Endpoint uses a private IP address from customer’s VNet
Private Link vs Service Endpoint:
The biggest difference between Private link and service endpoint is that Private link doesn’t use and communicate on Public IP and all the PaaS services are mapped on the private IP.
Since the private link is recently launched Azure service, all the PaaS services arent currently available for private link yet. for all the updated services, please have a look here