Azure Private Endpoint

Occasional Contributor

Hi,

 

I was looking at private endpoint for various PaaS services, such as storage (file services). However I realized that NSG are not in GA.

This was disappointing. For instance I setup a lab with a storage account and Azure Files and enabled private endpoint. My lab had the following setup:

VNET-A: 10.1.2.0/23 with Subnet-1 10.1.3.0/26

The storage account private link NIC was on 10.1.3.4

 

VNET-B: 10.1.5.0/24 with Subnet-2 10.1.5.96/27

A Server 2019 VM was on 10.1.5.100

 

Using private link I can mount the storage account and access over SMB, however there is no way to block inbound access to the File Share, for example using an NSG on the Subnet-A, my understand is that this is a public preview feature only?

 

However if I use the storage account 'firewall and virtual network settings' rather then the 'private endpoint connections' settings I can use the 'allow access from > selected networks' to allow or block access to the azure files storage. 

 

I wondering what benefit the private endpoint feature offers if NSG support is not in GA?

 

 

1 Reply
It's good to know that if a feature is in Public Preview, that you still can get support from Microsoft, and that only the SLA's are not applicable: :
https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/

It still holds some value as you need to be routed through your internal network instead of public network.