Private Link is an Azure service that helps provide private network accessibility to a range of supported services. Private Link supports several Azure PaaS solutions, as well as customer-managed solutions (backed by a standard load balancer). In this lab, you will have the opportunity to configure the Private Link service for Azure Blob storage. This will enable private connectivity between a virtual machine and Blob storage, within a virtual network. After completing this lab, you’ll be familiar with how to configure a Private Endpoint for the Azure Blob service, using Private Link.
**Note:** In the lab, use the `West US` for the creation of resources.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Configure a Private Endpoint for Blob Storage
Log in to the Azure portal using the credentials provided in the lab.
Navigate to the storage account that was created for this lab, and create a new private endpoint called
privatelink1
in the West US region that uses the existing resource group and hands-on lab subscription. Set the Target sub-resource toblob
, the Virtual network tovnet1
, and the Subnet tosubnet1
.- Verify the Private Endpoint from VM1
Copy the details for the blob endpoint:
- Navigate to the storage account that was created for the lab.
- On the left-side menu, navigate to Endpoints (under Settings), and copy the FQDN without copying
https://
or the trailing slash/
(e.g.,azurelalab123.blob.core.windows.net
). - Open a terminal session, and use
nslookup
followed by the FQDN you copied to see a public IP address
Connect to
vm1
using RDP:- Navigate to the Virtual Machines service page.
- Select
vm1
, and connect using RDP. You can use the RDP file, downloaded from the Azure portal, with your preferred RDP client. You can also copy the public IP address forvm1
from your lab credentials and connect via RDP manually with your RDP client. The username and password forvm1
are provided in your lab credentials.
Verify the private endpoint from
vm1
:- From the RDP session, open a command prompt.
- Use
nslookup
(along with the FQDN from earlier) to verify the DNS now points to a private IP address.