SQL Data Sync is a service built on Azure SQL Database that enables users to synchronize data bi-directionally across multiple databases, both on-premises and in the cloud. SQL Data Sync is based around the concept of a sync group. A sync group is a group of databases that users want to synchronize. SQL Data Sync uses a hub and spoke topology to synchronize data; meaning users define one of the databases in the sync group as the hub database, while the rest of the databases are member databases. SQL Data Sync occurs only between the hub and individual members.
Private link for SQL Data Sync (preview)
The new private link (preview) feature allows SQL Data Sync users to choose a service managed private endpoint to establish a secure connection between the sync service and their member/hub databases during the data synchronization process. A service managed private endpoint is a private IP address within a specific virtual network and subnet. Within Data Sync, the service managed private endpoint is created by Microsoft and is exclusively used by the Data Sync service for a given sync operation.
Setting up private link
In order to use service managed private endpoints with SQL Data Sync, both the member and hub databases must be hosted in Azure (same or different regions), in the same cloud type (e.g. both in public cloud or both in government cloud). Additionally, users must manually approve the service managed private endpoint for SQL Data Sync during the sync configuration, within the “Private endpoint connections” section in the Azure Portal or through PowerShell. Once the service managed private endpoint is approved by the customer, all communication between the sync service and the member/hub databases will happen over the service managed private link. Existing sync groups can be updated to have this feature enabled.