Private Link for multiple services

Manoj Priyankara Widana Ralalage 25 Reputation points
2023-05-11T07:15:00.34+00:00

Hi,

Can a single private link support multiple backend services? To elaborate more, a client requires connectivity to Azure BOT service (a PVA BOT) and Speech Services. Do we have to create two private links (one for each service) or can we use a single private link with two FQDNs?

Also, on the client side, do we need two private endpoints (one for each service)?

Cheers!
Manoj

Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
484 questions
0 comments No comments
{count} votes

1 additional answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 48,531 Reputation points Microsoft Employee
    2023-05-11T09:30:07.1366667+00:00

    Hello @Manoj Priyankara Widana Ralalage ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you would like to know if you can have multiple private endpoints to a single private link service.

    Yes, multiple private endpoints can be created with the same private-link resource. You can have upto 1000 private endpoints on the same private link service.

    enter image description here

    Refer: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#private-link-limits

    A single Private Link Service can be accessed from multiple Private Endpoints belonging to different VNets, subscriptions and/or Active Directory tenants.

    Some considerations on this setup:

    • Existing Private DNS Zones tied to a single service should not be associated with two different Private Endpoints as it will not be possible to properly resolve two different A-Records that point to the same service. However, Private DNS Zones tied to multiple services would not face this resolution constraint.
    • Adding multiple DNS zone groups to a single Private Endpoint is not supported.

    Refer: https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview

    https://learn.microsoft.com/en-us/azure/private-link/private-link-service-overview#details

    https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-dns

    And yes, you need to create 2 private endpoints, one for each service.

    Refer: https://learn.microsoft.com/en-us/azure/cognitive-services/speech-service/speech-services-private-link?tabs=portal

    https://learn.microsoft.com/en-us/azure/bot-service/dl-network-isolation-concept?view=azure-bot-service-4.0#use-of-private-endpoints

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.