Connect Azure Synapse to MongoDB Database with a Private Endpoint

Sergio Mendoza 1 Reputation point
2022-09-29T17:28:00.157+00:00

We have a MongoDB Atlas Cluster deployed using Azure as our Cloud Provider and I'm trying to use a Private Endpoint to allow the connection from our Azure Synapse Workspace but I keep getting a Timeout Issue whenever I try to test the connection from the MongoDb Linked Service.

I'll share some details here:

We are creating a new Private Endpoint using the Azure Wizard from the Azure Synapse Workspace that we want to connect. It's curious how we can create the Private Endpoint successfully but the resource won't appear in the Endpoint's list from Synapse:

246193-image.png

This Private Endpoint is linked to the MongoDb Private Link Service and the connection seems to be successful. From both ends, since both the Private Endpoint ant the Private Link have an "Approved" status.

246154-image.png

The VNet has its own firewall and network security rules and we've double-checked that it allows TCP on the necessary ports. But for some reason, testing the connection from the Azure Synapse Linked Service always returns a Connection Timeout issue. The only way to get a successful connection is by allowing access from any IP in the MongoDB Cluster:

246108-image.png

Are we missing something?
Why we are not able to see the Private Endpoint in the Azure Synapse Resource even when we create it from the resource's tab using the Wizard?
Why do I still need to allow access from any IP Adress?
How can we verify if the Synapse is in fact, using that endpoint?

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,422 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Priya Kumar 1,096 Reputation points Microsoft Employee
    2022-09-30T05:06:25.46+00:00

    Hello @Sergio Mendoza

    Thank you for reaching to Q&A platform.

    Please do correct me if my understanding of this issue is wrong. As per the explanation I believe below is your setup:
    246313-image.png

    1. So, the PE is located in the Synapse Workspace.
    2. You can access the PE from the Mango DB.
    3. But when you access it via the Synapse Mango DB, it’s not working? (You mean the traffic is generated from Synapse? )

    If the issue of the third point, then below could be the reason behind it.

    1. Private Endpoint with PLS is a one-way communication, to enable a secure access to the Paas services from the Vnet.
    2. Since the Synapse Workspace is an PAAS service, you cannot generate the traffic from Synapse on the PE IP address, it’s not the NIC attached directly to the Workspace.
    3. Things would have not worked when you allow the PE IP address in the Mango DB, but when you allow all the IP address, the Synapse traffic would get resolved to Public IP and the Communication would be happening on the Public IP without the intervention of the PE.