|
| 1 | +# Connecting to your VNet using Azure Private Link |
| 2 | + |
| 3 | +[Azure Private Link][azure-docs-private-link] enables you to access Azure PaaS services and Azure hosted customer-owned/partner services over a private endpoint in your virtual network. |
| 4 | +To set up a Private Link connection between Cube Cloud Dedicated Infrastructure and your own VNet, |
| 5 | +you'll need to prepare a Private Link Service, |
| 6 | +share service details with the Cube team, and approve the incoming connection request. |
| 7 | + |
| 8 | +## Preparing the Private Link Service |
| 9 | + |
| 10 | +There are two common scenarios for preparing the Private Link Service: |
| 11 | +- Connecting to a service in your Azure infrastructure |
| 12 | +- Connecting to a service provided by a third party such as Snowflake, Databricks, Confluent Cloud, etc. |
| 13 | + |
| 14 | +In the case of your own infrastructure, please follow the [official Azure documentation][azure-docs-private-link-service] to configure the Private Link Service |
| 15 | +behind a standard Azure Load Balancer. |
| 16 | + |
| 17 | +If your data source is hosted in a third-party infrastructure, please follow the vendor's documentation |
| 18 | +for creating and managing a Private Link Service. |
| 19 | + |
| 20 | +## Configuring Service Visibility |
| 21 | + |
| 22 | +Azure Private Link Service enables you to control the visibility of your private endpoint. You'll need to configure |
| 23 | +access permissions to allow Cube Cloud to connect to your service. |
| 24 | + |
| 25 | +To allow Cube Cloud access, please go to <Btn>Azure Portal</Btn> -> <Btn>Private Link Services</Btn> -> <Btn>Your service</Btn> -> <Btn>Manage visibility</Btn> |
| 26 | +and add the following subscription ID to the allowed list: `cd69336e-c628-4a88-a56e-86900a0df732` |
| 27 | + |
| 28 | +Alternatively, you can configure auto-approval for faster connection establishment by adding the same subscription ID |
| 29 | +to the auto-approval list under <Btn>Manage auto-approval</Btn>. |
| 30 | + |
| 31 | +## Gathering required information |
| 32 | + |
| 33 | +To request establishing a Private Link connection, please share the following information with the Cube team: |
| 34 | + |
| 35 | +- **Private Link Service Resource ID** (such as `/subscriptions/abc123/resourceGroups/myResourceGroup/providers/Microsoft.Network/privateLinkServices/myservice`) |
| 36 | +- **Reference Name** for the record (such as "Snowflake-prod" or "databricks-dev") |
| 37 | +- **Ports**: a list of ports that will be accessed through this connection |
| 38 | +- **DNS Name** (optional): an internal DNS name of the upstream service in case SSL needs to be supported |
| 39 | +- **Dedicated Infrastructure Region:** Private Link requires Cube to be hosted in |
| 40 | + [dedicated infrastructure][dedicated-infra]. Please specify what region the Cube Cloud |
| 41 | + dedicated infrastructure should be hosted in. |
| 42 | + |
| 43 | +If a DNS name is provided, an internal DNS record will be created pointing at the established Private Link |
| 44 | +connection, and the service will be addressable by that name inside the Cube Cloud infrastructure. |
| 45 | + |
| 46 | +## Approving the connection |
| 47 | + |
| 48 | +The connection approval process depends on your visibility configuration: |
| 49 | + |
| 50 | +### Manual Approval |
| 51 | +If you haven't configured auto-approval, the Cube Cloud team will notify you once the Private Endpoint connection request is sent. You can approve it by: |
| 52 | + |
| 53 | +1. Going to <Btn>Azure Portal</Btn> -> <Btn>Private Link Center</Btn> -> <Btn>Private Link Services</Btn> -> <Btn>Your Service</Btn> -> <Btn>Private endpoint connections</Btn> |
| 54 | +2. Finding the pending connection from Cube Cloud |
| 55 | +3. Clicking <Btn>Approve</Btn> and optionally providing an approval message |
| 56 | + |
| 57 | +Alternatively, you can approve the connection from the resource itself if it supports Private Link natively (e.g., Storage Accounts, SQL Databases). |
| 58 | + |
| 59 | +### Auto-Approval |
| 60 | +If you've added Cube Cloud's subscription ID to the auto-approval list, the connection will be automatically approved |
| 61 | +upon creation, and no manual action is required. |
| 62 | + |
| 63 | +## Using the connection |
| 64 | + |
| 65 | +Once the connection is established, you can access your data source by addressing it either via the |
| 66 | +supplied DNS Name or an Azure internal DNS name returned to you by the Cube team. |
| 67 | + |
| 68 | +## Supported Regions |
| 69 | + |
| 70 | +Private Link connections are supported in all Azure regions where Cube Cloud dedicated infrastructure is available. |
| 71 | +The Private Link Service and Private Endpoint must be in the same region as the Cube Cloud infrastructure. |
| 72 | + |
| 73 | +[azure-docs-private-link]: https://docs.microsoft.com/azure/private-link/ |
| 74 | +[azure-docs-private-link-service]: https://docs.microsoft.com/azure/private-link/create-private-link-service-portal |
| 75 | +[dedicated-infra]: /product/deployment/cloud/infrastructure#dedicated-infrastructure |
0 commit comments