DR: Azure Private Link networking - hackforla/tdm-calculator GitHub Wiki

Issue

Problem Statement

The project explored whether Azure Private Link could provide a secure and practical solution for connecting to remote cloud resources as if they were local network resources.

Azure Private Link is a service which makes cloud services and services available as local IP endpoints, rather than requiring client devices to instead access them via the web.

From Microsoft Learn:

Azure Private Link enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure hosted customer-owned/partner services over a private endpoint in your virtual network.

In simpler terms, it makes remote resources appear as if they are local resources from a networking perspective.

Potential Solution

Implement Azure Private Link to expose Azure-hosted services through private endpoints within a virtual network, allowing resources to be accessed as local IP addresses rather than public internet endpoints.

Feasibility Determination

Azure Private Link was determined not to be a standalone secure networking solution because it does not inherently provide tunneling or secure transport functionality required for remote connectivity.

To operate effectively, it would also require additional Azure networking services such as:

Azure Gateway
Azure Bastion
Azure ExpressRoute (VPN)

These dependencies would introduce:

Additional infrastructure cost
Increased implementation complexity
Ongoing technical oversight and maintenance requirements

Due to these added operational and architectural burdens, the solution was not implemented.

This page is part of the Decision Record section of the wiki