Do people use Azure Service Endpoint and Private Endpoint together?

akhan 201 Reputation points
2024-07-22T15:30:32.66+00:00

We are running into adoption issues with a hub/spoke topology with most customers complaining that access to hub/spoke resources becomes too hard. We are exploring use of both private endpoints and service endpoints to make things a little easier. Has anyone had any experience with this ?? and can share any pattern or reference architecture ??

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,382 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
500 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  2. ChaitanyaNaykodi-MSFT 25,611 Reputation points Microsoft Employee
    2024-07-30T21:25:54.97+00:00

    @akhan

    Thank you for getting back and apologies for the delay here.

    My question is around what are the uses cases of using both service/private endpoints together. Is it an improvement of security over something that is not in a hub/spoke design (legacy) . thanks

    Azure Service Endpoints and Private Endpoints are quite similar services where they help with network restrictions. The typical use cases are usually between using Service Endpoints or Private endpoints

    The benefit of Service endpoints is that they are more straight forward to set-up and less complex than Azure Private endpoint. Although Service endpoints are less secure the reason being the PaaS resources are still accessible on their public IPs and the traffic does exit your virtual network.

    Although private endpoint is more complex to set-up they are more secure as the traffic does not exit the virtual network and the PaaS resources are accessed using private IP.

    This a very good blog post you can refer to for the comparison between the two.

    As documented here Private endpoints can be created in subnets that use Service Endpoints. Although I will recommend the use of private endpoints only instead of using both for security reason mentioned above and more and more Azure Services are offering private endpoint support as compared to Service endpoints. Depending on your set-up, down the line suppose customers who are accessing a resource using Service endpoint might need to access another PaaS resource which supports only private endpoint this might increase the engineering complexity.

    Hope this helps! Please let me know if you have any additional questions. Thank you!

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.