can we connect to Azure cosmos db using service/privatelink endpoint from the onprem network over express route?

Ratish Kumar 71 Reputation points
2021-03-14T11:47:51.407+00:00

my onpremise network is connected to Azure via Express route. if i enable service enpoints/private link on my paas services, will the traffic towards (Azure paas sql database) from onprem network travel over the express route utilising the service endpoints/private link or will it travel via the internet and hit the public endpoint ?

Azure ExpressRoute
Azure ExpressRoute
An Azure service that provides private connections between Azure datacenters and infrastructure, either on premises or in a colocation environment.
342 questions
0 comments
Accepted answer
  1. GitaraniSharma-MSFT 49,171 Reputation points Microsoft Employee
    2021-03-15T15:20:53.877+00:00

    Hello @Ratish Kumar ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    There are 2 steps involved in order to connect to Azure Cosmos DB from your on-premises network over ExpressRoute for both Service Endpoint and Private Link. They are as below:

    If you want to use Service Endpoints:

    1. You can configure access to Azure Cosmos DB from Vnet by following : https://video2.skills-academy.com/en-us/azure/cosmos-db/how-to-configure-vnet-service-endpoint
    2. For accessing Azure Cosmos account over Express route from on premises, you would need to enable Microsoft peering. Once you put IP firewall or virtual network access rules, you can add the public IP addresses used for Microsoft peering on your Azure Cosmos account IP firewall to allow on premises services access to Azure Cosmos account.
      Please refer : https://video2.skills-academy.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview#secure-azure-service-access-from-on-premises
      https://video2.skills-academy.com/en-us/azure/cosmos-db/how-to-configure-vnet-service-endpoint#can-i-enable-access-from-vpn-and-express-route

    If you want to use Private Link:

    1. You can connect to an Azure Cosmos account using an Azure Private Endpoint from your Vnet by following:
      Please refer : https://video2.skills-academy.com/en-us/azure/private-link/tutorial-private-endpoint-cosmosdb-portal
    2. You can access services running in Azure from on-premises over ExpressRoute private peering using private endpoints. There's no need to configure ExpressRoute Microsoft peering or traverse the internet to reach the service. In order to do so, you need to use a DNS forwarder to resolve the Azure service public DNS zone deployed in Azure.
      Please refer : https://video2.skills-academy.com/en-us/azure/private-link/private-endpoint-dns#on-premises-workloads-using-a-dns-forwarder

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest