You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/purview/concept-best-practices-network.md
+22-1Lines changed: 22 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ ms.author: zeinam
6
6
ms.service: purview
7
7
ms.subservice: purview-data-catalog
8
8
ms.topic: conceptual
9
-
ms.date: 01/21/2022
9
+
ms.date: 01/26/2022
10
10
---
11
11
12
12
# Azure Purview network architecture and best practices
@@ -198,6 +198,27 @@ For performance and cost optimization, we highly recommended deploying one or mo
198
198
199
199
:::image type="content" source="media/concept-best-practices/network-pe-multi-region.png" alt-text="Screenshot that shows Azure Purview with private endpoints in a scenario of multiple virtual networks and multiple regions."lightbox="media/concept-best-practices/network-pe-multi-region.png":::
200
200
201
+
### DNS configuration with private endpoints
202
+
203
+
#### Name resolution for single Azure Purview account
204
+
205
+
If you have one Azure Purview account in your tenant, and you have enabled private endpoints for account, portal and ingestion, you can use any of [the supported scenarios](catalog-private-link-name-resolution.md#deployment-options) for name resolution in your network.
206
+
207
+
#### Name resolution for multiple Azure Purview accounts
208
+
209
+
It is recommended to follow these recommendations, if your organization needs to deploy and maintain multiple Azure Purview accounts using private endpoints:
210
+
211
+
1. Deploy at least one _account_ private endpoint for each Azure Purview account.
212
+
2. Deploy at least one _ingestion_ private endpoint for each Azure Purview account.
213
+
3. Deploy one _portal_ private endpoint for one of the Azure Purview accounts in your Azure environments. Create one DNS A record for _portal_ private endpoint to resolve `web.purview.azure.com`.
214
+
215
+
:::image type="content" source="media/concept-best-practices/network-pe-dns.png" alt-text="Screenshot that shows how to handle private endpoints and DNS records for multiple Azure Purview accounts."lightbox="media/concept-best-practices/network-pe-dns.png":::
216
+
217
+
> [!NOTE]
218
+
> _Portal_ private endpoint mainly renders static assets related to Azure Purview Studio, thus, it is independent of Azure Purview account, therefore, only one _portal_ private endpoint is needed to visit all Azure Purview accounts in the Azure environment.
219
+
You may need to deploy separate _portal_ private endpoints for each Azure Purview account in the scenarios where Azure Purview accounts are deployed in isolated network segmentations.
220
+
> Azure Purview _portal_ is static contents for all customers without any customer information. Optionally, you can use public network to launch `web.purview.azure.com` if your end users are allowed to launch the Internet.
221
+
201
222
## Option 3: Use both private and public endpoints
202
223
203
224
You might choose an option in which a subset of your data sources uses private endpoints, and at the same time, you need to scan either of the following:
0 commit comments