Introduction to AWS and Azure PrivateLink Services
Overview
Integration with PrivateLink provides an alternative and secure communication method between Unqork and a customer's resources by preventing traffic from leaving the private network. Unqork offers integration with two PrivateLink services: AWS (Amazon Web Services) and Azure. While Amazon PrivateLink and Azure Private Link are similar, there are slight differences between the two services.
For simplicity, AWS PrivateLink and Azure Private Link are referred to as PrivateLink in this article.
What You'll Learn
In this article, you’ll learn about the benefits, similarities, and differences between AWS and Azure PrivateLink.
Benefits of AWS and Azure PrivateLink
AWS and Azure PrivateLink offer these benefits:
-
Enhanced Cloud Security: Removes attack vectors to the public internet by eliminating public endpoints to your services.
-
Private Cloud Connectivity: Provides a secure method of communication between Unqork and your resources by preventing traffic from leaving the private network.
-
Improved Application Performance: Keeps communication in the same region and the cloud provider's private network.
Differences and Similarities Between AWS and Azure PrivateLink Patterns
AWS and Azure PrivateLink perform the service of establishing private connections between a client's resources and AWS/Azure services. The patterns each service uses to set up PrivateLink are similar, but the technology used behind each pattern is different. Each service's technology uses unique methods and terminology to achieve a PrivateLink pattern.
The list below explains the similarity between AWS and Azure terminology. To learn more about what each function does, click on the name of the term to read the service's explanation of the feature.
Amazon Web Services Terminology | Azure Terminology | Description |
---|---|---|
Establishes private, stable, and secure connections between VPCs (virtual private clouds) and Unqork services. |
||
Dictates endpoint restrict/grant permissions for a service's API calls. |
||
A network interface that uses a private IP address from your virtual network to connect to AWS/Azure. |
||
Load Balancer (Also known as Standard Load Balancer) |
Distributes incoming network traffic across multiple targets, like containers and IP addresses. Load Balancers monitor the health of targets and redirect traffic to only healthy targets. |
|
A private network that enables access to AWS/Azure-specific resources. |
||
Creates private connections between AWS/Azure data centers and corporate data centers. |
AWS and Azure PrivateLink Patterns
AWS and Azure PrivateLinks have similar patterns with slightly different methodologies. These patterns are used when private connections are required for Unqork to consume a private service that doesn't have a public interface.
AWS VPC and Azure VNet Privatelink Patterns
Building on PrivateLink, the AWS VPC, and Azure VNet patterns enable Unqork to consume a private service located in another region. Peering is useful when capacity limits or other constraints prevent Unqork and the customer from aligning on the region footprint.
AWS Direct Connect and Azure Express Route PrivateLink Patterns
AWS Direct Connect and Azure Express Route PrivateLink patterns are used when Unqork needs to consume a service located on a corporate network or data center.
AWS PrivateLink + VPC + Direct Control and Azure Privatelink + Vnet + Express Route PrivateLink Patterns
All three patterns from each service can be combined to securely connect Unqork to anywhere in the world.
AWS PrivateLink with VPC and Direct Control:
Azure Privatelink with VNet and Express Route:
PrivateLink Frequently Asked Questions
Below is a list of questions related to PrivateLink. If you cannot find an answer in the list below, please contact your CSM (customer success manager) for more information.
Can a single PrivateLink service be used for multiple services?
Yes, you can put multiple services behind a single, private API gateway. This is a common and recommended pattern to reduce the number of PrivateLinks and security policies to manage.
Can end-users initiate traffic over PrivateLink?
No, end-user traffic and traffic initiated by third parties goes over the public internet.
Are there additional hosting costs involved with PrivateLink?
Yes, there are minimal costs to PrivateLink services and network transfers.
Are there performance limitations to connections, bandwidth, transactions per second, or other features?
All of these depend on many factors that must be tested and measured. In general, there are performance benefits to private connections when compared to traversing the public internet.
When will Unqork support PrivateLink as the service owner?
We are tracking the idea, but it’s not a scheduled roadmap item at this time.
I’m an existing Unqork customer, can I use PrivateLink?
Yes, but you might require a migration to our next-generation architecture on Kubernetes. Speak to your CSM to learn more.
Resources