admin管理员组文章数量:1296883
Problem statement:
Company A - has a vNet. Some application is running in th4 vNet.
Company B - has APIM which consolidates all the APIs running in AKS.
Company A needs to connect Company B in private using Azure backbone network. So that it can push data to Company B.
I am trying to use Private EndPoint and Private Link Service to connect both companies.
A (vNet) --> Private EndPoint --> Private Link Service --> B (vNet) --> B (APIM)
But in Azure, Private Link service can only connect LB; and LB cannot connect to APIM.
I am stuck. Do we have any other somution to achive this?
Thanks, Suvendu
Problem statement:
Company A - has a vNet. Some application is running in th4 vNet.
Company B - has APIM which consolidates all the APIs running in AKS.
Company A needs to connect Company B in private using Azure backbone network. So that it can push data to Company B.
I am trying to use Private EndPoint and Private Link Service to connect both companies.
A (vNet) --> Private EndPoint --> Private Link Service --> B (vNet) --> B (APIM)
But in Azure, Private Link service can only connect LB; and LB cannot connect to APIM.
I am stuck. Do we have any other somution to achive this?
Thanks, Suvendu
Share Improve this question edited Feb 19 at 5:27 qkfang 1,7851 silver badge20 bronze badges asked Feb 11 at 22:54 Suvendu MandalSuvendu Mandal 1091 gold badge3 silver badges12 bronze badges 3- 1 You can use vNet Peering with Private APIM ,If both Company A and Company B are in the same Azure region,if different region use global vnet peering, you can deploy APIM in Internal mode (private-only) within Company B's vNet or Use Azure VPN Gateway If the two companies belong to different Azure tenants, the Azure VPN Gateway will establish a secure connection between the two vNets. – Venkat V Commented Feb 12 at 3:24
- Thanks. Companies are in different azure tenants. So I believe Azure VPN Gateway needs to be used. But private APIM is in Azure managed Vnet. How would I connect customer managed vNet with the managed vNet? – Suvendu Mandal Commented Feb 12 at 10:17
- You create VPN gateway in managed vnet and connect it from customer managed vnet devices, if limited you can set host entry for simple way or large devices go for DNS zone and DNS forwarder – Venkat V Commented Feb 12 at 18:05
1 Answer
Reset to default 0Connect external vNet with APIM
Since the two Companies are in different azure tenants private link cannot be used in the scenario so as Venkat V suggested we can use VPN gateway in managed vnet and connect it from customer managed vnet devices.
- Create VPN Gateways in both Company A's and Company B's vNets
Gateway configruation:
$vnetA = Get-AzVirtualNetwork -Name "CompanyAVNet" -ResourceGroupName "CompanyARG"
$subnetA = Get-AzVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnetA
$gwipconfA = New-AzVirtualNetworkGatewayIpConfig -Name "gwipconfA" -Subnet $subnetA -PublicIpAddress $gwpipA
Create VPN Gateway
New-AzVirtualNetworkGateway -Name "CompanyAGW" -ResourceGroupName "CompanyARG" -Location "West US" -IpConfigurations $gwipconfA -GatewayType Vpn -VpnType RouteBased -GatewaySku VpnGw2 -VpnGatewayGeneration "Generation2"
Follow the same for Company B this will this will ensure both the Companies has VPN gateways
- Create the connection btw Company A to Company B
New-AzVirtualNetworkGatewayConnection -Name "CompanyAToCompanyB" -ResourceGroupName "CompanyARG" -VirtualNetworkGateway1 $vnetAGW -VirtualNetworkGateway2 $vnetBGW -Location "West US" -ConnectionType Vnet2Vnet -SharedKey 'AzureA1b2C3'
And Vice-Versa connection from company B to company A.
Establish a Stable DNS connection as per the requirment depends on simple or larger setup to establish a proper and secure connection.
Refer:
https://learn.microsoft/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal
https://learn.microsoft/en-us/azure/vpn-gateway/vpn-gateway-vnet-vnet-rm-ps
Difference between private link and VPN Gateway
本文标签: Azure InfraConnect external vNet with APIMStack Overflow
版权声明:本文标题:Azure Infra - Connect external vNet with APIM - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741629943a2389300.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论