I want to restrict the Azure redis cache using private endpoint

Sadanand Madpathy (Harman Connected ServicesCorpo) 20 Reputation points Microsoft Vendor
2023-11-09T06:43:01.4266667+00:00

Hi

I need to restrict the redis cache using private endpoint .

I have created the private endpoint and DNS configured and selected the Vnet and subnet as well

In the redis cache i have enabled the private endpoint to access.

Now i am not able to access the redis console when i do "PING" from the portal.

How to resolve the below issue to work with my app service.

Azure Redis cache is having already with the standard tier .

In firewall I have added the rule with IP address from where its being accessed.

I unable to connect from local machine and from redis console as well.

Can anyone please help.ASAP

User's image

Azure Cache for Redis
Azure Cache for Redis
An Azure service that provides access to a secure, dedicated Redis cache, managed by Microsoft.
229 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
484 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,285 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. ShaktiSingh-MSFT 14,281 Reputation points Microsoft Employee
    2023-11-09T09:44:30.94+00:00

    Hi Sadanand Madpathy (Harman Connected ServicesCorpo) •,

    Welcome to Microsoft Q&A forum.

    As I understand, you want to restrict the Azure redis cache using private endpoint.

    Your application should connect to <cachename>.redis.cache.windows.net on port 6380. We recommend avoiding the use of <cachename>.privatelink.redis.cache.windows.net in configuration or connection string.

    A private DNS zone, named *.privatelink.redis.cache.windows.net, is automatically created in your subscription. The private DNS zone is vital for establishing the TLS connection with the private endpoint.

    For more information, see Azure services DNS zone configuration.

    Why can't I connect to a private endpoint?

    • Private endpoints can't be used with your cache instance if your cache is already a VNet injected cache.
    • You have a limit of one private link for clustered caches. For all other caches, your limit is 100 private links.
    • You try to persist data to storage account where firewall rules are applied might prevent you from creating the Private Link.
    • You might not connect to your private endpoint if your cache instance is using an unsupported feature.

    What features aren't supported with private endpoints?

    • Trying to connect from the Azure portal console is an unsupported scenario where you'll see a connection failure.
    • Private links can't be added to caches that are already geo-replicated. To add a private link to a geo-replicated cache: 1. Unlink the geo-replication. 2. Add a Private Link. 3. Last, relink the geo-replication.

    Refer https://video2.skills-academy.com/en-us/azure/azure-cache-for-redis/cache-private-link#how-do-i-verify-if-my-private-endpoint-is-configured-correctly

    Please check and let us know if above pointers are correctly done in your Redis Cache.

    Also verify that your app service is deployed in the same virtual network and subnet as the private endpoint for the Redis Cache.

    Share screenshots or other relevant details to troubleshoot the issue.

    Thanks

    1 person found this answer helpful.
    0 comments
  2. ShaktiSingh-MSFT 14,281 Reputation points Microsoft Employee
    2023-11-10T07:01:58.4566667+00:00

    Hi Sadanand Madpathy (Harman Connected ServicesCorpo) •,

    There's a publicNetworkAccess flag that is Disabled by default. When set to Enabled, this flag is allows both public and private endpoint access to the cache. When set to Disabled, it allows only private endpoint access. You can set the value to Disabled or Enabled in the Azure portal or with a RESTful API PATCH request.

    To change the value in the Azure portal, follow these steps:

    1. In the Azure portal, search for Azure Cache for Redis. Then, press enter or select it from the search suggestions.
    2. Select the cache instance you want to change the public network access value.
    3. On the left side of the screen, select Private Endpoint.
    4. Select the Enable public network access button.

    As suggested above, please file a support ticket for deeper investigation.

    Thanks

    0 comments