[SOLVED] Azure – difference between service endpoint and private endpoint in simple terms


This Content is from Stack Overflow. Question asked by user961

I am not able to understand the difference between service endpoints and private endpoints clearly.

Need help preferably with an example.


You might have seen this in the Private Link FAQ:

  • Private Endpoints grant network access to specific resources behind a given service providing granular segmentation. Traffic can reach the service resource from on premises without using public endpoints.
  • A Service Endpoint remains a publicly routable IP address. A Private Endpoint is a private IP in the address space of the virtual network where the private endpoint is configured.

For simplicity, let’s take the view of a VM in a VNET connecting to a storage account in the same subscription and same Azure region. There are three ways to connect.

Connect to PaaS Services

  1. Default

    By default all traffic goes against the public endpoint of the storage account. Source IP of the traffic is the Public IP of the VM.

  2. Service Endpoints

    Traffic is still directed against the public endpoint of the storage account but the source IP has changed to the private IP of the VM. In fact, the traffic is also using the VNET and Subnet as source in the network dataframe.

  3. Private Endpoints

    The PaaS service now gets a virtual network interface inside the subnet and traffic from the VM to the storage account is now directed against the private IP address.

By far the best collection of useful information around Private Link that I have seen on the web is in this repository: https://github.com/dmauser/PrivateLink

You can also find some examples here: https://jeffbrown.tech/azure-private-service-endpoint/

This Question was asked in StackOverflow by user961 and Answered by holger It is licensed under the terms of CC BY-SA 2.5. - CC BY-SA 3.0. - CC BY-SA 4.0.

people found this article helpful. What about you?