Private network access with Azure Private Link (preview)

Note

The Time Series Insights service will be retired on 7 July 2024. Consider migrating existing environments to alternative solutions as soon as possible. For more information on the deprecation and migration, visit our documentation.

Azure Private Link is a service that enables you to access Azure resources (like Azure Event Hubs, Azure Storage, and Azure Cosmos DB) and Azure-hosted customer and partner services over a private endpoint in your Azure Virtual Network (VNet).

Similarly, you can use private endpoints for your Time Series Insights instance to allow clients located in your virtual network to securely access the instance over Private Link.

About the private endpoints

The private endpoint uses an IP address from your Azure VNet address space. Network traffic between a client on your private network and the Time Series Insights instance traverses over the VNet and a Private Link on the Microsoft backbone network, eliminating exposure to the public internet. Here is a visual representation of this system:

Time Series Private Links DNS

Customers can also block access to TSI environment for public access so that it will be accessible from the VNET only. Configuring a private endpoint for your Time Series Insights instance enables you to secure your Time Series Insights instance and eliminate public exposure, as well as avoid data exfiltration from your VNet.

Time Series Private Links Network

Once a private endpoint is enabled and public access is restricted customer will have to use a different address for TSI Explorer to access TSI Environment. That address can be found in Azure portal under Overview section.

Next steps