You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/design-implement-private-access-to-azure-services/includes/3-define-private-link-service-private-endpoint.md
+13-4Lines changed: 13 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,19 +32,28 @@ Private Link provides secure access to Azure services. Private Link achieves tha
32
32
33
33
[Azure private endpoint](/azure/private-link/private-endpoint-overview) is the key technology behind private link. Private endpoint is a network interface that enables a private and secure connection between your virtual network and an Azure service. In other words, private endpoint is the network interface that replaces the resource's public endpoint.
34
34
35
+
Private Link provides secure access to Azure services. Private Link achieves that security by replacing a resource's public endpoint with a private network interface. Private Endpoint uses the private IP address for services into the virtual network.
35
36
37
+
:::image type="content" source="../media/private-link-71e02d03.png" alt-text="Diagram showing private endpoint and private link zone.":::
36
38
39
+
[Network policies](/azure/private-link/disable-private-endpoint-network-policy/) are disabled by default for private endpoint subnets. You can selectively enable support for:
37
40
38
-
Private Link provides secure access to Azure services. Private Link achieves that security by replacing a resource's public endpoint with a private network interface. Private Endpoint uses the private IP address for services into the virtual network.
41
+
-**Network Security Groups (NSG)**: Control inbound traffic to the private endpoint from specific sources.
39
42
40
-
:::image type="content" source="../media/private-link-71e02d03.png" alt-text="Diagram showing private endpoint and private link zone.":::
43
+
-**User Defined Routes (UDR)**: Override the default /32 route to redirect traffic through an NVA or firewall.
44
+
45
+
-**Application Security Groups (ASG)**: Group private endpoints for policy application.
41
46
42
47
43
48
## How is Azure Private Endpoint different from a service endpoint?
44
49
45
-
Private Endpoints grant network access to specific resources behind a given service providing granular segmentation. Traffic can reach the service resource from on premises without using public endpoints.
46
50
47
-
A service endpoint remains a publicly routable IP address. A private endpoint is a private IP in the address space of the virtual network where the private endpoint is configured.
51
+
52
+
Azure Private Endpoint provides private access to an Azure service by assigning it a private IP address from your virtual network, so traffic stays entirely on the Microsoft network and the service can be accessed without using the public internet.
53
+
54
+
In contrast, Service Endpoints secure access to an Azure service’s public endpoint by allowing traffic from specific VNets or subnets, but the service itself still uses a public IP.
55
+
56
+
Private Endpoints offer full isolation and higher security, while Service Endpoints are easier to set up but provide less isolation.
0 commit comments