Configure Azure Private Link for Azure database PaaS

23 mins remaining

1. Tutorial overview

Last Updated: 2024-04-16

Background

Azure Private Link is a Microsoft Azure service that enables you to securely connect your Azure Virtual Network to Azure Platform as a Service (PaaS) resources, Azure Virtual Machine (VM) instances, and Azure Kubernetes Service (AKS) clusters. This approach provides a secure way to access these services over a private endpoint located inside your virtual network, eliminating the need to expose connections to the public internet.

Starburst Galaxy extends support for Azure Private Link across specific catalogs. This tutorial will guide you through the process of configuring Private Link for Azure database PaaS.

Scope of tutorial

In this tutorial, you will learn how to configure Azure Private Link for Azure database PaaS.

Learning objectives

Once you've completed this tutorial, you will be able to:

  • Configure an Azure Private Link connection between Starburst Galaxy and your Azure database.
  • Use Private Link to securely connect Starburst Galaxy to your Azure database.

Prerequisites

  • You need a Starburst Galaxy account to complete this tutorial. Please see Starburst Galaxy: Getting started for instructions on setting up a free account.
  • This tutorial comes with a bring your own storage requirement. Before continuing with this tutorial, you will need to set up an Azure database.
  • If your data source is configured with an internal firewall for access control, you will need to create an inbound rule for the Starburst Galaxy CIDR 10.0.0.0/8.

About Starburst tutorials

Starburst tutorials are designed to get you up and running quickly by providing bite-sized, hands-on educational resources. Each tutorial explores a single feature or topic through a series of guided, step-by-step instructions.

2. Working with a Starburst technical resource

Background

If you are configuring Private Link for the first time you are encouraged to work with a Starburst technical resource. This individual will work with you to set up the environment needed to complete the tutorial.

Contacting your technical resource

To be assigned this resource, you should reach out to your regular Starburst account team for assistance.

Working together

Once assigned, your Starburst technical resource will work with you to set up an environment where you can complete the tutorial.

Please review the following overview of this process before beginning the tutorial.

Your responsibilities:

  • If you have an Azure Database for PostgreSQL or Azure Database for MySQL, ensure that your database service is able to use Private Link.
  • Record your storage account resource ID.
  • Submit a support request via Starburst Galaxy to have a private endpoint created.
  • Starburst support will create a private endpoint in the Starburst Galaxy Virtual Network (Vnet).
  • Accept the endpoint connection.

3. Azure Private Link architecture

Background

Understanding the Azure Private Link architecture is important when completing the steps in this tutorial. In this section you will learn about this architecture and the way that Starburst Galaxy uses it to securely connect private clouds.

This tutorial also follows a corresponding Azure quickstart on the same topic. It is recommended that you consult this documentation if you want to learn more about Azure Private Link.

Reference architecture

The following diagram illustrates a Private Link connection to Azure SQL.

Review the diagram to ensure that you understand the architecture that you will create in this tutorial.

4. Check network connectivity setting

Background

This section of the tutorial is designed for users of either Azure Database for PostgreSQL or Azure Database for MySQL.

Both services offer a Private access (Vnet Integration) network configuration option that makes connections using Private Link impossible. If you are using either of these services, the instructions below will help you determine whether your Vnet Integration is enabled, and therefore whether your services are able to connect using Private Link.

Step 1: Sign in to Azure portal

You're going to start by signing in to the Azure portal. Remember to sign into the account containing the Azure database that you would like to connect using Private Link. If you use multiple Azure accounts, ensure that you pick the correct one.

  • Sign in to your Azure account.

Step 2: Check database network configuration

Now it's time to check your database network configuration. To do this, you'll need to find the correct database first.

  • In the Azure portal, navigate to either your Azure Database for PostgreSQL or Azure Database for MySQL service.
  • Using the left-hand navigation menu, select Networking.
  • Confirm that the Private endpoint section is listed in your menu.

5. Record database resource ID

Background

It's time to obtain your database resource ID. You'll need to provide this to Starburst support later in the tutorial. They will use this ID to create a private endpoint.

Step 1: Sign in to Azure portal

You're going to start by signing in to the Azure portal. Remember to sign into the account containing the Azure database that you would like to connect using Private Link. If you use multiple Azure accounts, ensure that you pick the correct one.

  • Sign in to your Azure account.
  • Navigate to your database.

Step 2: Record database resource ID

Now it's time to record your database resource ID so you can send it to Starburst support.

  • Using the left-hand navigation menu, select Overview.
  • Click the JSON View link.
  • Copy the Resource ID.

Step 3: Open support ticket

You are going to use the automated assistant in Starburst Galaxy to open a support ticket and provide support with the Resource ID that you just copied. You will also need to provide your preferred Starburst Galaxy Private Link configuration name.

  • Log in to Starburst Galaxy.
  • Click the support icon located at the bottom right of the screen.
  • Select Chat with technical support.
  • Select Submit a Support Ticket.
  • The automated assistant will ask you to provide your email address, first name, and last name.
  • When you receive the prompt to describe your issue, note that you would like support to create a private endpoint connection for you. Be sure to include the Resource ID you just copied and your preferred Starburst Galaxy Private Link connection name.
  • Wait for Starburst support to confirm that they have created the Endpoint in Starburst Galaxy. This should take no longer than 24 - 48 hours.

6. Accept private endpoint connection

Background

Starburst support will use the resource ID that you provided to create a private endpoint. This section will walk you through the process of accepting the endpoint connection.

Step 1: Access private endpoint connections settings

You're going to begin by selecting your private endpoint connection settings in the Azure portal. This process varies depending on your database type.

Follow the instructions that apply to your database type from the options listed below.

Option 1: Microsoft SQL Server

  • Using the left-hand navigation menu, select Networking.
  • Select the Private Access tab.

Option 2: Azure Database for PostgreSQL or Azure Database for MySQL

  • Using the left-hand navigation menu, select Networking.

Option 3: SQL managed instance

  • Using the left-hand navigation menu, select Private endpoint connections.

Step 2: Accept connections

Once Starburst support has created the private endpoint, you will see the connection listed as Pending.

  • Confirm with Starburst support that the endpoint has been created.
  • In the Private endpoint connections section, click the Refresh button until your connection appears.
  • When it has appeared, select the new connections.
  • Click the Approve button.
  • In the Description field, enter a meaningful description.
  • Click the Yes button.
  • In the Connection state column, confirm that the status of the endpoint has changed to Approved.

    Note: Click the Refresh button if necessary.
  • You are now ready to configure an Azure database catalog in Starburst Galaxy using a Private Link connection.

7. Tutorial wrap-up

Tutorial complete

Congratulations! You have reached the end of this tutorial, and the end of this stage of your journey.

You're all set! Now you can use Private Link to configure access to data in your Azure database.

Continuous learning

At Starburst, we believe in continuous learning. This tutorial provides the foundation for further training available on this platform, and you can return to it as many times as you like. Future tutorials will make use of the concepts used here.

Next steps

Starburst has lots of other tutorials to help you get up and running quickly. Each one breaks down an individual problem and guides you to a solution using a step-by-step approach to learning.

Tutorials available

Visit the Tutorials section to view the full list of tutorials and keep moving forward on your journey!

Cookie Notice

This site uses cookies for performance, analytics, personalization and advertising purposes. For more information about how we use cookies please see our Cookie Policy.

Cookie Policy | Privacy Policy

Manage Consent Preferences

Essential/Strictly Necessary Cookies

Required

These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website.

Analytical/Performance Cookies

These are analytics cookies that allow us to collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages.

Functional/Preference Cookies

These cookies allow our website to properly function and in particular will allow you to use its more personal features.

Targeting/Advertising Cookies

These cookies are used by third parties to build a profile of your interests and show you relevant adverts on other sites.