Introduction to AWS and Azure PrivateLink Services

Estimated Reading Time:  3 minutes

Overview

Integration with PrivateLink provides an alternative and secure communication method between Unqork and a customer's resources by preventing traffic from leaving the private network. Unqork offers integration with two PrivateLink services: AWS (Amazon Web Services) and Azure. While Amazon PrivateLink and Azure Private Link are similar, there are slight differences between the two services.

NOTE  For simplicity, AWS PrivateLink and Azure Private Link are referred to as PrivateLink in this article.

What You'll Learn

In this article, you’ll learn about the benefits, similarities, and differences between AWS and Azure PrivateLink.

Benefits of AWS and Azure PrivateLink

AWS and Azure PrivateLink offer these benefits:

  • Enhanced Cloud Security: Removes attack vectors to the public internet by eliminating public endpoints to your services.

  • Private Cloud Connectivity: Provides a secure method of communication between Unqork and your resources by preventing traffic from leaving the private network.

  • Improved Application Performance: Keeps communication in the same region and the cloud provider's private network.

Differences and Similarities Between AWS and Azure PrivateLink Patterns

AWS and Azure PrivateLink perform the service of establishing private connections between a client's resources and AWS/Azure services. The patterns each service uses to set up PrivateLink are similar, but the technology used behind each pattern is different. Each service's technology uses unique methods and terminology to achieve a PrivateLink pattern.

The list below explains the similarity between AWS and Azure terminology. To learn more about what each function does, click on the name of the term to read the service's explanation of the feature.

Amazon Web Services Terminology Azure Terminology Description

AWS PrivateLink

Azure Private Link

Establishes private, stable, and secure connections between VPCs (virtual private clouds) and Unqork services.

VPC Endpoint Policy

Service Endpoint Policy

Dictates endpoint restrict/grant permissions for a service's API calls.

ENI (Elastic Network Interface)

Private Endpoint

A network interface that uses a private IP address from your virtual network to connect to AWS/Azure.

NLB (Network Load Balancer)

Load Balancer (Also known as Standard Load Balancer)

Distributes incoming network traffic across multiple targets, like containers and IP addresses. Load Balancers monitor the health of targets and redirect traffic to only healthy targets.

VPC (virtual private cloud) Peering

VNet (virtual network) Peering

A private network that enables access to AWS/Azure-specific resources.

Direct Connect

Express Route

Creates private connections between AWS/Azure data centers and corporate data centers.

AWS and Azure PrivateLink Patterns

AWS and Azure PrivateLinks have similar patterns with slightly different methodologies. These patterns are used when private connections are required for Unqork to consume a private service that doesn't have a public interface.

AWS PrivateLink:

A static image displaying the infrastructure of AWS PrivateLink.

Azure PrivateLink:

A static image displaying the layout of Azure PrivateLink Infrastructure.

AWS VPC and Azure VNet Privatelink Patterns

Building on PrivateLink, the AWS VPC, and Azure VNet patterns enable Unqork to consume a private service located in another region. Peering is useful when capacity limits or other constraints prevent Unqork and the customer from aligning on the region footprint.

AWS PrivateLink with VPC:

A static image displaying the infrastructure of AWS PrivateLink with VPC.

Azure PrivateLink with VNet:

A static image displaying the layout of Azure PrivateLink Infrastructure.

AWS Direct Connect and Azure Express Route PrivateLink Patterns

AWS Direct Connect and Azure Express Route PrivateLink patterns are used when Unqork needs to consume a service located on a corporate network or data center.

AWS PrivateLink with Direct Control:

A static image displaying the infrastructure of AWS PrivateLink with Dirrect Connect.

Azure PrivateLink with Express Route:

A static image displaying the layout of Azure PrivateLink with Express Route.

AWS PrivateLink + VPC + Direct Control and Azure Privatelink + Vnet + Express Route PrivateLink Patterns

All three patterns from each service can be combined to securely connect Unqork to anywhere in the world.

AWS PrivateLink with VPC and Direct Control:

A static image displaying an AWS PrivateLink pattern with VPC and Direct Connect.

Azure Privatelink with VNet and Express Route:

A static image displaying an Azure PrivateLink pattern with VNet and Express Route

PrivateLink Frequently Asked Questions

Below is a list of questions related to PrivateLink. If you cannot find an answer in the list below, please contact your CSM (customer success manager) for more information.

Can a single PrivateLink service be used for multiple services?

Yes, you can put multiple services behind a single, private API gateway. This is a common and recommended pattern to reduce the number of PrivateLinks and security policies to manage.

Can end-users initiate traffic over PrivateLink?

No, end-user traffic and traffic initiated by third parties goes over the public internet.

Are there additional hosting costs involved with PrivateLink?

Yes, there are minimal costs to PrivateLink services and network transfers.

Are there performance limitations to connections, bandwidth, transactions per second, or other features?

All of these depend on many factors that must be tested and measured. In general, there are performance benefits to private connections when compared to traversing the public internet.

When will Unqork support PrivateLink as the service owner?

We are tracking the idea, but it’s not a scheduled roadmap item at this time.

I’m an existing Unqork customer, can I use PrivateLink?

Yes, but you might require a migration to our next-generation architecture on Kubernetes. Speak to your CSM to learn more.

Resources