Earlier this week, we released a feature in Purview to use private endpoints for your accounts. Implementing this feature can unlock the following for you:
1. You can use private endpoints to allow clients and users on a virtual network (VNet) to securely access the Purview Data Catalog over a Private Link.
2. The private endpoint uses an IP address from the VNet address space for your Azure Purview account.
3. Network traffic between the clients on the VNet and the Purview account traverses over the VNet and a private link on the Microsoft backbone network, eliminating exposure from the public internet.
4. You can also ensure network isolation for your metadata flowing from the source which is being scanned to the Purview Data Map using ingestion Private endpoints.
Now let's get started. Below is some helpful guidance to set this up within your own environment.
Navigate to the Azure portal and then to your Purview account.
Fill basic information, and set connectivity method to Private endpoint in Networking tab. Set up your ingestion private endpoints by providing details of Subscription, Vnet and Subnet that you want to pair with your private endpoint.
Create an ingestion private endpoint only if you intend to enable network isolation for end-to-end scan scenarios, for both your Azure and on-premises sources. We currently do not support ingestion private endpoints working with your AWS sources.
You can also optionally choose to set up a Private DNS zone for each ingestion private endpoint.
Click Add to add a private endpoint for your Purview account.
In the Create private endpoint page, set Purview sub-resource to account, choose your virtual network and subnet, and select the Private DNS Zone where the DNS will be registered (you can also utilize your own DNS servers or create DNS records using host files on your virtual machines).
Navigate to the Purview account you just created, select the Private endpoint connections under the Settings section.
Click +Private endpoint to create a new private endpoint.
Fill in basic information.
In Resource tab, select Resource type to be Microsoft.Purview/accounts.
Select the Resource to be the newly created Purview account and select target sub-resource to be portal.
Select the virtual network and Private DNS Zone in the Configuration tab. Navigate to the summary page, and click Create to create the portal private endpoint.
If you want to ensure network isolation for your metadata flowing from the source which is being scanned to the Purview Data Map, then you must follow these steps:
Enable an ingestion private endpoint by following steps in this section of the documentation.
Scan the source using a self-hosted IR.
You can also set up private endpoints on your existing Purview accounts. To learn about this and more read our full documentation here today!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.