Mutiple Private endpoints to a single private link service

C.J. Vieleers 106 Reputation points
2022-10-11T09:26:23.967+00:00

Hello
I would like to know if it's possible to have multiple private endpoints to a single private link service.
Here is our situation. A third party that is offering a cloud service in Azure and supports Azure private link. We already created a private endpoint to their service in our hub-spoke architecture.
Now if another vendor wants to make a connection to the same third-party service in a secure way as well. Can they simply setup a private endpoint (in the vendor environment) to the private link service too without interfering our private endpoint in the hub-spoke architecture?
Are there any drawbacks in having multiple private endpoints to a single private link service?

Kick

Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
550 questions
0 comments No comments
{count} votes

Accepted answer
  1. GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator
    2022-10-17T14:49:30.087+00:00

    Hello @C.J. Vieleers ,

    I understand that you would like to know if you can have multiple private endpoints to a single private link service.

    Yes, multiple private endpoints can be created with the same private-link resource. You can have upto 1000 private endpoints on the same private link service.
    Refer : https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#private-link-limits

    A single Private Link Service can be accessed from multiple Private Endpoints belonging to different VNets, subscriptions and/or Active Directory tenants.

    Some considerations on this setup:

    • Existing Private DNS Zones tied to a single service should not be associated with two different Private Endpoints as it will not be possible to properly resolve two different A-Records that point to the same service. However, Private DNS Zones tied to multiple services would not face this resolution constraint.
    • Adding multiple DNS zone groups to a single Private Endpoint is not supported.

    Refer : https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview
    https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview
    https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. JimmySalian-2011 42,511 Reputation points
    2022-10-11T10:37:28.767+00:00

    Hi @C.J. Vieleers ,

    AFAIK, it should be okay to have multiple private endpoints just need to take care of the duplicate and conflicts with the name resolution issues. private-endpoint-overview

    249351-image.png

    Check the limits as well, if Premium should be covered - azure-subscription-service-limits

    Hope this helps.

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.