Overview
Set up Azure Private Link to connect two in different Azure accounts. The first is a VNet in your Azure account, and the second is the dedicated VNet where your Unqork environment exists. If your Azure resources are connected to on-premises networks, Unqork services can also communicate services in your data center. Similarly, Unqork services can communicate with services in your other VNets, as long as they are peered.
Azure Private Link provides a secure transfer tunnel for data, keeping your traffic safe without traversing the public internet. Typically, services communicate by traveling the internet from one public endpoint to another. With Azure Private Link, communication travels between your endpoint service to a VNet endpoint in your hosted Unqork environment. The endpoint service using Private Link works with a . The endpoint service and NLB act as Unqork's entry point to your infrastructure. You do not need to use any special hardware or software to make this happen because you'll create the VNet endpoint in Azure.
How to Set Up Azure Private Link
To set up Azure Private Link, you'll first need to configure settings in Azure. Then, you’ll set up a Plug-In component in Unqork and connect to the service.
What You Need
In your Azure account, you need:
-
VNet subnets where the target resources reside.
-
An endpoint service, or the PrivateLink.
-
The endpoint service name from Azure.
In Unqork, you need:
Create an Azure Private Link (In Azure)
First, you'll set everything up on the Azure side.
Create the VNet, NAT Gateway, load balancer, Private Link Service, and Private Endpoint
Set up the VNet, NAT gateway, load balancer, Private Link Service, and private endpoint.
|
1.
|
In the Azure portal, select or create a VNet. |
|
2.
|
Configure the VNet to include subnet(s) in each Azure subscription. |
|
3.
|
Select or create the NAT gateway. |
|
4.
|
Select or create an Azure Virtual Machine (VM). |
The VM must be in the same region as the VNet. The VM must be on the same network as the VNet and the subnet(s).
|
5.
|
Select or create a load balancer. |
|
6.
|
Create the Private Link service. |
|
7.
|
Create the private endpoint. |
Copy the Azure Endpoint Service Name
Next, copy the Azure endpoint service name that you created. You'll need this to set up the Azure Private Link connection.
The endpoint service configuration makes the Private Link in Azure.
|
1.
|
In Azure, go to the Overview tab. |
|
3.
|
Copy the Alias. This endpoint service acts as the Azure Private Link to the Unqork environment. You'll enter this service name in Unqork, in PrivateLink Administration. |
Connecting to Azure Private Link from Unqork
Now, connect Unqork to Azure Private Link.
Adding an Azure Private Link Service in PrivateLink Administration (In Unqork)
Next, you'll create the Azure Private Link service in Unqork. Your Unqork application connects to your Azure resource with Azure Private Link.
|
1.
|
At the top-right of the Unqork Designer Platform, click . |
|
2.
|
Under Integration, click PrivateLink Administration. |
|
3.
|
Click Add PrivateLink. The Add PrivateLink page displays. |
|
4.
|
In the PrivateLink Friendly Name field, enter a name for your Private Link. For example, myPrivateLinkService. |
|
6.
|
In the PrivateLink Internal Name field, enter a name for your internal domain. For example, my.private.link. |
|
7.
|
Click Add PrivateLink. |
Finalizing the Azure Private Link Connection in Azure
You've set up the Azure Private Link Connection in Azure and Unqork. Now you’ll complete a couple more steps so the connection can transfer traffic.
|
1.
|
In the Azure portal, in the Private link service section, click Private Endpoint Connections. |
|
2.
|
Next to the request you made through Unqork, select the checkbox. |
Creating a Service Using Azure Private Link in Services Administration
The Azure Private Link configuration makes a connection, but you must connect the target resource or service. So, you’ll create a new integration in Services Administration.
|
1.
|
At the top-right of the Unqork Designer Platform, click . |
|
2.
|
Under Integration, click Services Administration. The Services Administration page displays. |
|
3.
|
Click + Add a Service.The Create New Service modal displays. |
|
4.
|
In the Service Title* field, enter a title. For example, My Private API. |
|
5.
|
In the Service Name* field, enter a name. For example, my-private-api. This value cannot include spaces or special characters. |
|
7.
|
From the Share To setting, choose to share with the environment or a specific workspace. |
|
8.
|
Click Create. The new service's configuration page displays. |
|
11.
|
Click Save Changes. The Services Administration page displays. |
|
12.
|
Navigate to the new API service. |
|
13.
|
From the Manage drop-down, select Check Status to confirm the service is reachable using the Azure Private Link connection. |
Configuring a Plug-In Component to Call Your Azure Private Link Service
Next, let’s look at how to use a Plug-In component to call your Azure Private Link service using an external API. You’ll also set up an Initializer component to trigger the Plug-In component.
To learn more about configuring an external API call, view our External APIs article.
How you choose to execute the Plug-In component depends on your use case’s needs. Common approaches include:
-
Using a Button component to trigger the Plug-In component on button-click.
-
Using an Initializer component to trigger the Plug-In component on page-load. This is a common option when using a remote execute to trigger an module.
What You Need
For this configuration, you’ll need:
Configure the Plug-In Component
Configure a Plug-In component that makes the external API call that runs your Azure Private Link service.
|
1.
|
In the Module Builder, drag and drop a Plug-In component onto the canvas. |
|
2.
|
In the field, enter pluginAzure. |
|
3.
|
In the field, enter pluginAzure. |
|
4.
|
From the Service Type drop-down, select External.. |
|
5.
|
From the External Services drop-down, enter or select your Azure Private Link service . |
|
6.
|
Complete the Data Source URL value based on the Azure resource. |
|
7.
|
From the Request Type drop-down, select an API method. The Request Type is based on the action you're performing. |
|
8.
|
Complete the Inputs table. |
Your inputs are based on your Azure resource.
To learn more about configuring a Plug-In component’s Inputs table, view our Plug-In component article.
Configure the Initializer Component
You'll configure this Initializer component to trigger the Plug-In component.
|
1.
|
Drag and drop an Initializer component onto your canvas, placing it above your pluginAzure Plug-In component. |
|
2.
|
In the field, enter initPlugin. |
|
3.
|
In the field, enter initPlugin. |
|
4.
|
From the Trigger Type drop-down, select an API method. |
The appropriate Trigger Type varies based on your use case needs. To trigger the Initializer component on page-load, select New Submission or Edit Submission. New Submission triggers on page-load when no submission is present. Edit Submission triggers on page-load when a submission is present.
|
5.
|
Complete the Outputs table as follows, using your Plug-In component's Property ID. |
You've successfully created an Azure Private Link connection between Unqork and your Azure resource.