Azure Private Link for ingesting data from Azure Blob Storage

Azure Private Link is a networking service in Microsoft Azure that allows you to establish a secure connection between Azure Blob Storage and Imply Polaris over a private endpoint. This ensures that all network traffic between Polaris and Azure Blob Storage remains within the Microsoft backbone network, avoiding the public internet.

This topic explains how to set up a secure connection between Polaris and Azure Blob Storage using Azure Private Link. The screen capture and instructions in this topic reflect the Azure service configurations as of September 2024. They may not represent the current state of the product.

info

All traffic that flows through Azure Private Link incurs interface endpoint expenses. For information on interface endpoint pricing, see Azure Private Link pricing.

Connect to Azure Blob Storage

Follow the instructions in Tutorial: Connect to a storage account using an Azure Private Endpoint to configure private access for your Azure Blob Storage namespace. After you complete the setup, contact Polaris support to finalize the configuration on the Polaris side.

Polaris requires the following information to subscribe to the service:

• Resource ID: Resource ID for the Azure Blob Storage namespace. For example: /subscriptions/1234f700-xxxx-1234-b088-abcdcfea8ac3/resourceGroups/polaris-demo-eastus/providers/Microsoft.Storage/storageAccounts/engtestconnection. To obtain the resource ID, go to the Azure Blob Storage namespace page, click Overview > Essentials > JSON View. For more information, see Get the resource ID for a storage account.
• Storage account name: Name of your Azure Blob Storage namespace. For example: engtestconnection.

Wait for Polaris to complete the deployment, then manually approve the connection request:

1. In the Azure portal, navigate to Storage accounts.
2. Select the namespace you want to manage.
3. Go to Security + networking > Networking.
4. In the Private endpoint connections tab, select the private endpoint you want to approve and click Approve.
   For more information, refer to the Azure documentation on how to approve a private endpoint connection.

The following screen capture shows a pending request to establish a private connection to an Azure storage account:

Learn more

See the following topics for more information:

• Azure Private Link for querying and publishing data
• Azure Private Link for consuming data from an event stream