Configure Azure Private Link for Blob Storage

Get Started
1 hour
  • 2 Learning Objectives

About this Hands-on Lab

Private Link is an Azure service that helps provide private network accessibility to a range of supported services. Private Link supports several Azure PaaS solutions, as well as customer-managed solutions (backed by a standard load balancer).

In this lab, you will have the opportunity to configure the Private Link service for Azure Blob storage. This will enable private connectivity between a virtual machine, and Blob storage, within a virtual network.

After completing this lab, you’ll be familiar with how to configure a Private Endpoint for the Azure Blob service, using Private Link.

**Note:** In the lab, use the same Region as your lab provisioned Resource Group for the location.
> **The FQDN in the Azure console is not directly available now. The solution video is slated to be updated. In the meantime, you could go to the DNS configuration of the private endpoint, then click on the private zone dns hyperlink. From there you can find the resolve information.**

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Configure a Private Endpoint for Blob Storage

Use the Azure Portal to create the private endpoint.

  1. Navigate to the Storage Accounts section.
  2. Open Storage Accounts from the sidebar, and navigate to the storage account already created for you.
  3. Click on Private endpoint connections in the storage account resource menu.
  4. Click + Private endpoint to create a new private endpoint.

Create the private endpoint with the following details:

  • Basics:
    • Subscription: select the Hands-On Labs subscription
    • Resource Group: select the existing resource group
    • Name: privatelink1
    • Region: Use the same Region as your lab provisioned Resource Group
    • Click Next
  • Resource
    • Connection method: Connect to an Azure resource in my directory
    • Subscription: select the Hands-On Labs subscription
    • Resource type: Microsoft.Storage/storageAccounts
    • Resource: select the existing storage account
    • Target sub-resource: blob
    • Click Next
    • Configuration:
    • Virtual network: vnet1
    • Subnet: subnet1
    • Leave DNS as-is
    • Click on Review + create
Verify the Private Endpoint from VM1

Use the Azure Portal to gather the necessary information. Please be aware you will need an RDP client to connect to the Windows server.

Copy the details for the Blob endpoint

  1. Navigate to the Private Link services page (you can search with the search bar if required).
  2. Open Private endpoints from the sidebar, and navigate to the private endpoint you created earlier.
  3. Copy the FQDN (e.g., azurelalab123.blob.core.windows.net)

Connect to VM1 using RDP

To connect to vm1, use the following credentials:
Username: azureuser
Password: labh0l-2021-learn!

  1. Navigate to the Virtual Machines services page.
  2. Open the existing VM called vm1.
  3. Click on the Connect option in the command bar, and select RDP.
  4. Use the RDP file with your preferred RDP client.

Note: you may choose to copy the public IP address and connect via RDP manually with your RDP client, instead of using the RDP file.

Verify the Private Endpoint from VM1

  1. Open the command prompt (Right-click Start > Run > type cmd > press Enter)
  2. Use nslookup to verify DNS now points to a private IP address, for example: nslookup azurelalab123.blob.core.windows.net

Note: You should see a private IP address, such as 10.1.1.5. You may also choose to upload and access a file using other tools such as netstat and Storage Explorer.

Additional Resources

You work in the security operations team for a company called The Pupper Camp (TPC). The Pupper Camp is a dog services company which operates doggy day-care facilities across the globe.

The Pupper Camp host several solutions within Azure. One of these solutions stores confidential information in Azure Blob storage.

You have been tasked with the configuration of Azure Private Link to ensure that a Virtual Machine within this solution accesses the Blob storage container using a private IP address.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


$2,495.00

Checkout
Sign In
Welcome Back!
Thanks for reaching out!

You’ll hear from us shortly. In the meantime, why not check out what our customers have to say about ACG?