Deploying a DNS zone is optional, however highly recommended, and required if you are mounting your Azure file shares with an AD service principal or using the FileREST API. If you've already deployed a private endpoint in this virtual network, a new A record for the storage account will be added to the existing DNS zone. A DNS A record will also be created for the storage account in this DNS zone. A private DNS zone: If you've never deployed a private endpoint for this virtual network before, a new private DNS zone will be deployed for your virtual network.This is the exact same resource that gets deployed when you deploy a virtual machine, however instead of being assigned to a VM, it's owned by the private endpoint. A network interface (NIC): The network interface that maintains a private IP address within the specified virtual network/subnet.You can think of this as a resource that connects a storage account and a network interface. A private endpoint: An Azure resource representing the storage account's private endpoint.When you restrict the traffic to a storage account via a service endpoint, you are still accessing the storage account via the public IP address, but access is only possible from the locations you specify in your configuration.Ĭreating a private endpoint for your storage account will result in the following Azure resources being deployed: This works by using a capability of the virtual network called service endpoints. Restrict the public endpoint to one or more virtual networks.This ensures that only traffic originating from within the desired virtual networks can access the Azure file shares within the storage account. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |