Configure service endpoints for Azure services

Posted on by zeusexam

Configure service endpoints for Azure services
By default in Azure, PaaS services are accessible using a public endpoint that resolves to a public IP address. When a VM in a subnet accesses this service, for example a storage account, the network and routing from the VM translates the source IP to the IP of the VNet or NAT Gateway on the virtual network as the traffic egresses the network. This means that if you were to capture the packet before the PaaS service, the source IP would be a public IP address of the VNet. If a second VM on the same VNet were to access the storage account, it too would have the public IP address as the source IP.
A service endpoint changes two things about how a VM might access a PaaS service, such as a storage account. First, the routing is optimized to ensure that the Microsoft backbone is used to communicate from the VNet to the service. Second, the VNet does not translate the IP address of the packet from the VM. This means that the source IP of the request shows the private IP address of the VM that is trying to access the service. However, the service is still using the public endpoint and public IP address that was assigned, in this case to the storage account.
Service endpoints are created at the subnet level of a virtual network. Suppose you have two VMs: VM1 and VM2, that exist in two subnets: Subnet1 and Subnet2. Subnet1 has a service endpoint for storage. Subnet2 does not have any service endpoints defined. If VM2 tries to access a storage account, the source IP address will be a public IP address. If VM1 tries to access the same storage account, the source IP address will be the private IP address of VM1.

  1. A service endpoint can be configured from the subnet of a virtual network. To configure
    a service endpoint, navigate to your VNet and then click Subnets.
  2. Select the name of the subnet to modify its properties.
  3. In the Services drop-down menu, select the services that you want to enable a service endpoint on. Figure 4-39 displays a new service endpoint for storage being created for subnet0 of the vnet-hub VNet.
  4. Click Save. The process might take a few minutes to reflect in routing and packet
    traces.

FIGURE 4-39 Creating a service endpoint

Leave a Reply

Your email address will not be published. Required fields are marked *