You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/search/search-indexer-howto-access-private.md
+12-6Lines changed: 12 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -52,7 +52,13 @@ You can also query the Azure resources for which outbound private endpoint conne
52
52
In the remainder of this article, a mix of Azure portal (or the [Azure CLI](/cli/azure/) if you prefer) and [Postman](https://www.postman.com/) (or any other HTTP client like [curl](https://curl.se/) if you prefer) is used to demonstrate the REST API calls.
53
53
54
54
> [!NOTE]
55
-
> To create a private endpoint connection to Azure Data Lake Storage Gen2 you need to create two private endpoints. One private endpoint with the groupID 'dfs' and another private endpoint with the groupID 'blob'.
55
+
> There are Azure Cognitive Search data sources and other configurations that require creating more than one shared private link to work appropriately. Here is a list of the configurations with this requirement and which group IDs are necessary for each:
56
+
> ***Azure Data Lake Storage Gen2 data source** - Create two shared private links: One shared private link with the groupID 'dfs' and another shared private link with the groupID 'blob'.
57
+
> ***Skillset with Knowledge store configured** - One or two shared private links are necessary, depending on the projections set for Knowledge store:
58
+
> * If using blob and/or file projections, create one shared private link with the groupID 'blob'.
59
+
> * If using table projections, create one shared private link with the groupID 'table'.
60
+
> * In case blob/file and also table projections are used, create two shared private links: one with groupID 'blob' and one with groupID 'table'.
61
+
> ***Indexer with cache enabled** - Create two shared private links: One shared private link with the groupID 'table' and another shared private link with the groupID 'blob'.
56
62
57
63
## Set up indexer connection through private endpoint
58
64
@@ -66,25 +72,25 @@ The examples in this article are based on the following assumptions:
66
72
67
73
The steps for restricting access varies by resource. The following scenarios show three of the more common types of resources.
68
74
69
-
- Scenario 1: Data source
75
+
- Scenario 1: Azure Storage
70
76
71
-
The following is an example of how to configure an Azure storage account. If you select this option and leave the page empty, it means that no traffic from virtual networks is allowed.
77
+
The following is an example of how to configure an Azure storage account firewall. If you select this option and leave the page empty, it means that no traffic from virtual networks is allowed.
72
78
73
79
74
80
75
81
- Scenario 2: Azure Key Vault
76
82
77
-
The following is an example of how to configure Azure Key Vault.
83
+
The following is an example of how to configure Azure Key Vault firewall.
78
84
79
85
80
86
81
87
- Scenario 3: Azure Functions
82
88
83
-
No network setting changes are needed for Azure Functions. Later in the following steps, when you create the shared private endpoint the Function will automatically only allow access through private link after the creation of a shared private endpoint to the Function.
89
+
No network setting changes are needed for Azure Functions firewalls. Later in the following steps, when you create the shared private endpoint, the Function will automatically only allow access through private link after the creation of a shared private endpoint to the Function.
84
90
85
91
### Step 2: Create a shared private link resource to the Azure resource
86
92
87
-
The following section describes how to create a shared private link resource either using the Azure portal or the Azure CLI.
93
+
The following section describes how to create a shared private link resource either using the Azure portal or the Azure CLI.
0 commit comments