@Erwin Kramer , a managed private endpoint for a private link service is not useful for your scenario as private link service can be enabled only for services running behind a load balancer which is not true in your case.
The recommended way is to use Synapse SHIR that has line of sight to your app gateway private IP.
Connecting from Synapse Managed private endpoint to an Application Gateway Private Link Configuration
Is it possible to connect to an Application Gateway, which has a Private Link Configuration set (see https://learn.microsoft.com/en-us/azure/application-gateway/private-link-configure?tabs=portal), through a Synapse managed private endpoint? Currently, when selecting "New managed private endpoint (Private link service)" inside Synapse, you only have the option to select a dedicated Private Link Services resource, this type of resource is not something that a Private Link Configuration inside an Application Gateway generates or provides. I understand that this stuff is all new and some of it is in preview, but i like to know the possibilities and possible roadmap.
The use case is calling API's behind an API Management instance, which is positioned behind an Application Gateway, we want to figure out if this is a good way to create secure network connections (using the private IP address from our Application Gateway), we are aware that Self hosted runtimes are a possibility too for Synapse.
EDIT: Managed Private endpoints for Application Gateway work great now, I've posted a detailed article about it on https://github.com/erwinkramer/reference-architecture-secure-cross-tenant-API-traffic?tab=readme-ov-file#reference-implementation-for-microsoft-managed-origins . This should be the way to go forward for anyone struggling with secure cross-tenant connections.
2 answers
Sort by: Most helpful
-
Vidya Narasimhan 2,126 Reputation points Microsoft Employee
2022-07-29T10:27:39.467+00:00 -
Erwin Kramer 6 Reputation points
2024-05-15T20:25:12.7+00:00 Managed Private endpoints for Application Gateway work great now, I've posted a detailed article about it on https://github.com/erwinkramer/reference-architecture-secure-cross-tenant-API-traffic?tab=readme-ov-file#reference-implementation-for-microsoft-managed-origins
This should be the way to go forward for anyone struggling with secure cross-tenant connections.