Practitioner Level

Creating Service Endpoints Between Virtual Machines and Blob Storage

Pricing
45 minutes
  • 3 Learning Objectives

About this Hands-on Lab

In this lab, we configure a service endpoint that allows direct and non-public communications between virtual machines running in Azure and blobs within a storage account. The lab starts with a pre-created Windows Server VM / associated virtual network, and also a pre-created storage account. We then configure a service endpoint from the VM’s virtual network to the storage account. The service endpoint is then established by going to the virtual network and opening the ‘Service endpoints’ page, where we then establish the connectivity.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Log in to the Azure Portal

Log in to the Azure Portal using the username and password supplied by the lab:

  1. Open a browser.
  2. Navigate to the provided Azure Portal URL.
  3. Use the supplied username and password to authenticate.
Go to the VM’s virtual network page
  1. Navigate to the virtual networks page in the portal
  2. Select the virtual network named lab-VN
Configure the service endpoint

From the lab-VN page, perform the following:

  1. Click the Service endpoints link/menu item.
  2. Click the + Add button at the top of the form that opens.

A panel will open on the right side of the portal with the title Add service endpoints. In that panel:

  1. In the Service drop-down, select Microsoft.Storage
  2. Do not change the options for Service endpoint policies
  3. Under subnets, select default
  4. Click the Add button at the bottom of the page.

The panel will close, and after a few seconds, you will see a service endpoint named Microsoft.Storage appears.
We need to connect the service endpoint to the storage account.

  1. Click on the on the default subnet.
  2. On the menu that pops up, click on Configure virtual network…

This will open a list of the available storage accounts. In this lab, there will only be one. Let’s go to it.

  1. Click on the storage account to be taken to its overview

Now let’s configure the storage account to only allow connectivity to the default subnet:

  1. In the menu, click on Firewalls and virtual networks.
  2. Click on the Selected networks radio button.

The form will reconfigure, and you will see an empty list of Virtual networks:

  1. Click on the Add existing virtual network link.
  2. A panel will open. Under virtual networks select lab-VN.
  3. Under subnets, select default.
  4. Click the Add button.
  5. Back on the Firewalls and networks form, click the Save button.

After a moment, the firewall will be configured, and traffic from your virtual network will be routed across the Azure backbone (and not the Internet), and other sources will be blocked.

Contact SalesSee Pricing

Additional Resources

Your employer needs to provide access to applications running on virtual machines stored in blobs within an Azure storage account. However, they want the blobs to not be accessible over the Internet and only from the virtual machines. You decide the solution is to create a service endpoint between the VM's virtual network and the storage account, which will allow dedicated and non-Internet based connectivity between those VM's and the storage account.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization