Set up a Private Link (Azure)

This guide demonstrates the procedure for setting up a private link from a Zilliz Cloud cluster to your service hosted in different Microsoft Azure VPCs.

📘Notes

Zilliz Cloud does not charge you for private links. However, your cloud provider may charge you for each endpoint that you create to access Zilliz Cloud.

Before you start

Make sure the following conditions are met:

• You have signed up for Zilliz Cloud.

• A cluster has been created. For information on how to create a cluster, see Create Cluster.

Add a private link

Zilliz Cloud offers you an intuitive wizard to add a private link. On the Private Link tab in your project, click + Add Private Link and configure the settings.

Copy your Cluster ID

On the Cluster Details tab in the Zilliz Cloud console, copy your cluster ID.

Start creating a Private Link on Zilliz Cloud

In the Create Private Link dialog box,

1. Select a provider and region.

   

2. Enter your user ID from the Microsoft Azure Subscription page.

   

3. Click Add to have Zilliz Cloud verify the submitted user ID and whitelist it.

   

4. Copy the endpoint service alias in the above dialog box similar to the following.

   

Create a Private Endpoint on the Azure portal

1. Go to Private Link Center, and click + Create.

   

2. Fill in the basic information for the private endpoint to create.

   

3. Click Next: Resource > and choose Connect to an Azure resource by resource ID or alias. Then paste the one copied from the Zilliz Cloud console into Resource ID or alias.

   

4. Select proper values in Virtual network and Subnet, and keep the default for other settings on this tab.

   

5. Click Next until you reach the Review + create tab. If the validation passes, click Create to create the private endpoint.

   

6. Once the deployment succeeds, you will see the following.

   

7. Click Go to resource and see the overview page of the created Private Endpoint.

8. Click JSON View in the upper right corner on the Overview page. Note that the Connection Status is displayed as Pending.

   

   In the Resource JSON panel, copy the values of name and properties.resourceGuid. Your endpoint ID should be these two values joined by a period (.).

   

   For example, the value of the key name is zilliz, and the value of the key properties.resourceGuid is d73e9b55-7b9c-4f8d-8f0a-40e737f1ccbf. Your Private Endpoint ID should be zilliz.d73e9b55-7b9c-4f8d-8f0a-40e737f1ccbf.

9. Fill your Private Endpoint ID in the Create Private Link dialog box on the Zilliz Cloud console and click Create.

   

   Upon creation, Zilliz Cloud starts processing your private link request. The private link should be available within 5 minutes.

10. Once the private link is ready, you will see the link URI on the Cluster Details tab of your Zilliz Cloud cluster. Copy the private link URI for the next step.

    

Create a Private DNS Zone on the Azure portal

1. On the Overview page of the created Private Endpoint, choose Settings > DNS configuration, and copy the IP address of the network interface created along with the Private Endpoint.

   

   The example value in the screen shot above is 10.0.0.4.

2. Go to Create a Private DNS zone, and click + Create to start the process.

3. In the Basics tab, select the subscription and resource group used above, and paste the Private Link URI copied from the Zilliz Cloud console in Instance details > Name. Then click Review create.

   

4. Once the validation passes, click Create to start the process.

   

5. If the deployment succeeds, you will see the following.

   

6. Click Go to resource to see the Overview page of the created Private DNS zone.

   

Link the Private DNS Zone to your virtual network.

1. On the Overview page of the created Private DNS Zone, choose Settings > Virtual network links in the left navigation pane.

2. Click + Add. In the Add virtual network link dialog box, enter a Link name, and select Subscription and Virtual network you have used above. In the Configuration section, select Enable auto registration also.

   

   Once everything is set up as expected, click OK to continue. The link status of the created virtual network link will change to Completed after the deployment succeeds.

   

3. Click Overview in the left navigation pane to go back to the Overview page of the Private DNS zone.

   

4. Click + Record set. In the Add record set dialog box, enter your cluster ID suffixed with -privatelink in Name, select A - Address record in Type, and set TTL to 10 Minutes. Check whether the listed IP address is the one you have noted down.

   

   Click OK to save the record set.

   

5. Go back to the Overview page of the created Private Endpoint on the Azure portal, and you will see that the Connection Status of the Private Endpoint turns from Pending to Approved.

   

   Now the resources in your Azure virtual network can access the Zilliz Cloud cluster privately.

Manage internet access to your clusters

After configuring your private endpoint, you can choose to disable the cluster public endpoints to restrict internet access to your project. Once you have disabled the public endpoint, users can only connect to the cluster using the private link.

To disable public endpoints:

1. Go to the Cluster Details page of your target cluster.

2. Navigate to the Connection section.

3. Click on the configurations icon next to the cluster public endpoint.

4. Read the information and click Disable in the Disable Public Endpoint dialog box.

📘Notes

• Private endpoints only impact data plane access. Control plane can still be accessed over the public internet.

• After you re-enable the public endpoint, you may need to wait until the local DNS cache to expire before you can access the public endpoint.