Configure Azure Private Link

Published

October 24, 2024

To keep your network traffic private and minimize its attack surface, configure Azure Private Link1 to establish a private connection between ValidMind and your company network.

A graphic showing Azure Private Link establishing a private connection to ValidMind

Azure Private Link establishing a private connection to ValidMind

Azure Private Link is a networking service that allows secure and private communication between Azure Virtual Network (VNet) resources and services hosted in other VNets or in Azure partner services, such as ValidMind. With Azure Private Link, you can connect to services over the Azure network without exposing your network traffic to the public internet.

Private Link works by creating a private endpoint for a supported Azure service within your virtual private cloud. This endpoint acts as a proxy between your VNet and ValidMind, allowing traffic to be routed privately over the Azure network. To make the endpoint easier to use, ValidMind provides a private DNS name that model developers and validators can connect to in a browser.

The responsibility of setting up a private endpoint for Azure Private Link falls to your IT department, such as the cloud engineering, infrastructure, or security teams.

Prerequisites

You must have access to the Azure portal for your company and the necessary expertise to set up, configure, and maintain Azure services.

These steps assume that you already have established connectivity between your own company network and an Azure virtual network (VNet) and know which company VNet you want to connect to.

VNet service information

Region Service name Private DNS name
us-west-2 Email Email

Steps

  1. Create an Azure Private Endpoint:

    1. Log in to the Azure portal.
    2. Search for Private Endpoints under the services section.
    3. Click Create:
      • Select the subscription and resource group.
      • Provide a name for the endpoint.
    4. In the Resource tab, select:
      • The resource type
      • The specific resource
      • The sub-resource
    5. For networking, select:
      • The virtual network (VNet)
      • The subnet for the private endpoint
    6. Recommended: When prompted, integrate with an Azure Private DNS zone to simplify private IP name resolution.
    7. Review the configuration and then click Create to deploy the private endpoint.
  2. Contact ValidMind at support@validmind.ai to get your new private endpoint connection request accepted. Include the following information:

    • The owner or account ID
    • The private endpoint IP address
  3. After ValidMind has accepted your endpoint connection request, verify the endpoint is available:

    1. In the Azure portal, go to the Private Endpoints section.
    2. Verify that the connection status is Approved. This indicates that the endpoint is properly connected to the target service.
  4. Enable the private DNS name:

    1. Check the private endpoint you created, click the Actions menu, and select Modify private DNS name.
    2. Select Enable for this endpoint.
    3. Click Save changes.
    4. Verify that Private DNS names shows the name shown in the VNet service information.
  5. Test the connection:

    1. From your company network, access ValidMind using the private DNS name from the VNet service information.
    2. In a browser, confirm that you can successfully connect to ValidMind and log in.
    3. From your developer environment, confirm that you can connect to ValidMind with the developer framework.

What’s next

After completing these steps, users on your company network can connect to ValidMind via Azure Private Link using the private DNS name from the VNet service information.