AMPLS with Multiple Endpoints

Question

If I have a single AMPLS with multiple endpoints (let's say one per region to a management VNET), how does each region send traffic to its local endpoint?

Answer 1

Hi @Warner, Timothy D , I understand that you are creating a single AMPLS (Azure Monitor Private Link Scope) with multiple endpoints.

It's important that your virtual networks do not share the same Private DNS Zone. Why? Because creating a private endpoint will update Private DNS Zone. If the second virtual network is using the same Private DNS Zone, creating the second private endpoint for the same AMPLS will overwrite the entry of the first private endpoint, impact: first virtual network can't connect to its local private endpoint.

There's a Caution note on Private Endpoint DNS documentation:

• Existing Private DNS Zones linked to a single Azure service should not be associated with two different Azure service Private Endpoints. This will cause a deletion of the initial A-record and result in resolution issue when attempting to access that service from each respective Private Endpoint. Create a DNS zone for each Private Endpoint of like services. Don't place records for multiple services in the same DNS zone.

If your virtual networks aren't peered, you must also separate their DNS to use private links. After that's done, create a separate private endpoint for each network, and a separate AMPLS object. Your AMPLS objects can link to the same workspaces/components or to different ones.

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.