You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/frontdoor/private-link.md
+60-3Lines changed: 60 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ documentationcenter: ''
6
6
author: duongau
7
7
ms.service: frontdoor
8
8
ms.topic: conceptual
9
-
ms.date: 03/30/2022
9
+
ms.date: 12/05/2022
10
10
ms.author: duau
11
11
ms.custom: references_regions
12
12
---
@@ -17,7 +17,7 @@ ms.custom: references_regions
17
17
18
18
Azure Front Door Premium can connect to your origin using Private Link. Your origin can be hosted in a virtual network or hosted as a PaaS service such as Azure App Service or Azure Storage. Private Link removes the need for your origin to be access publicly.
19
19
20
-
:::image type="content" source="./media/concept-private-link/front-door-private-endpoint-architecture.png" alt-text="Diagram of Azure Front Door with Private Link enabled.":::
20
+
:::image type="content" source="./media/private-link/front-door-private-endpoint-architecture.png" alt-text="Diagram of Azure Front Door with Private Link enabled.":::
21
21
22
22
## How Private Link works
23
23
@@ -32,7 +32,64 @@ After you enable an origin for Private Link and approve the private endpoint con
32
32
33
33
Once your request is approved, a private IP address gets assigned from the Azure Front Door managed virtual network. Traffic between your Azure Front Door and your origin will communicate using the established private link over the Microsoft backbone network. Incoming traffic to your origin is now secured when arriving at your Azure Front Door.
34
34
35
-
:::image type="content" source="./media/concept-private-link/enable-private-endpoint.png" alt-text="Screenshot of enable Private Link service checkbox from origin configuration page.":::
35
+
:::image type="content" source="./media/private-link/enable-private-endpoint.png" alt-text="Screenshot of enable Private Link service checkbox from origin configuration page.":::
36
+
37
+
## Association of a private endpoint with an Azure Front Door profile
38
+
39
+
### Private endpoint creation
40
+
41
+
Within a single Azure Front Door profile, if two or more Private Link enabled origins are created with the same set of Private Link, resource ID and group ID, then for all such origins only one private endpoint gets created. Connections to the backend can be enabled using this private endpoint. This setup means you only have to approve the private endpoint once because only one private endpoint gets created. If you create more Private Link enabled origins using the same set of Private Link location, resource ID, group ID, you won't need to approve anymore private endpoints.
42
+
43
+
#### Single private endpoint
44
+
45
+
For example, a single private endpoint gets created for all the different origins across different origin groups but in the same Azure Front Door profile as shown in the below table:
46
+
47
+
:::image type="content" source="./media/private-link/single-endpoint.png" alt-text="Diagram showing a single private endpoint created for origins created in the same Azure Front Door profile.":::
48
+
49
+
#### Multiple private endpoints
50
+
51
+
A new private endpoint gets created in the following scenario:
52
+
53
+
* If the region, resource ID or group ID changes:
54
+
55
+
:::image type="content" source="./media/private-link/multiple-endpoints.png" alt-text="Diagram showing a multiple private endpoint created because changes in the region and resource ID for the origin.":::
56
+
57
+
> [!NOTE]
58
+
> The Private Link location and the hostname has changed, resulting in extra private endpoints created and requires approval for each one.
59
+
60
+
* When the Azure Front Door profile changes:
61
+
62
+
:::image type="content" source="./media/private-link/multiple-profiles.png" alt-text="Diagram showing a multiple private endpoint created because the origin is associated with multiple Azure Front Door profiles.":::
63
+
64
+
> [!NOTE]
65
+
> Enabling Private Link for origins in different Front Door profiles will create extra private endpoints and requires approval for each one.
66
+
67
+
### Private endpoint removal
68
+
69
+
When an Azure Front Door profile get deleted, private endpoints associated with the profile will also get deleted.
70
+
71
+
#### Single private endpoint
72
+
73
+
If AFD-Profile-1 gets deleted, then PE1 private endpoint across all the origin will also get deleted.
74
+
75
+
:::image type="content" source="./media/private-link/delete-endpoint.png" alt-text="Diagram showing if AFD-Profile-1 gets deleted then PE1 across all origins will get deleted.":::
76
+
77
+
#### Multiple private endpoints
78
+
79
+
* If AFD-Profile-1 gets deleted, all private endpoints from PE1 through PE4 will get deleted.
80
+
81
+
:::image type="content" source="./media/private-link/delete-multiple-endpoints.png" alt-text="Diagram showing if AFD-Profile-1 gets deleted, all private endpoints from PE1 through PE4 gets deleted.":::
82
+
83
+
* Deleting a Front Door profile won't affect private endpoints created for a different Front Door profile.
84
+
85
+
:::image type="content" source="./media/private-link/delete-multiple-profiles.png" alt-text="Diagram showing Azure Front Door profile getting deleted won't affect private endpoints in other Front Door profiles.":::
86
+
87
+
For example:
88
+
89
+
* If AFD-Profile-2 gets deleted, only PE5 will be removed.
90
+
* If AFD-Profile-3 gets deleted, only PE6 will be removed.
91
+
* If AFD-Profile-4 gets deleted, only PE7 will be removed.
92
+
* If AFD-Profile-5 gets deleted, only PE8 will be removed.
0 commit comments