Rediger

Del via

Connect to Azure Synapse Studio using Azure private link hubs

  • Artikel

This article explains how you can securely connect to Azure Synapse Studio from your Azure virtual network using private links. Azure Synapse Analytics private link hubs are Azure resources that act as connectors between your secured network and the Synapse Studio web experience.

There are two steps for connecting to Synapse Studio using private links:

  1. Create an Azure private link hubs resource.
  2. Create a private endpoint from your Azure virtual network to this private link hub.

You can then use private endpoints to securely communicate with Synapse Studio. You must integrate the private endpoints with your DNS solution, either your on-premises solution or Azure Private DNS.

You can use a single Azure Synapse private link hub resource to privately connect to all your Azure Synapse Analytics workspaces using Azure Synapse Studio. The workspaces don't have to be in the same region as the Azure Synapse private link hub. The Azure Synapse private link hub resource can also be used for connections to Synapse workspaces in different subscriptions or Microsoft Entra tenants.

Follow these steps to create an Azure private link hub:

  1. Sign in to the Azure portal and enter Synapse private link hubs in the search field.

  2. Select Azure Synapse Analytics (private link hubs) from the results under Services.

For a detailed guide, follow the steps in Connect to workspace resources from a restricted network. Certain URLs must be accessible from the client browser after enabling Azure Synapse private link hub.

Note

Private link hubs are intended for securely loading Synapse Studio static content over private links. You must create separate, private endpoints to the resources you wish to connect to within the workspace, such as provisioned/dedicated SQL pools, or Spark pools.

Create a private endpoint from your Azure virtual network

You must connect your Azure virtual network to the Synapse private link hub resource to secure the end-to-end connection to Synapse Studio. For this, you must create a private endpoint from your virtual network to the private link hub you created.

  1. In the Azure portal, select your private link hub and go to the private endpoint section.

  2. Select + Private endpoint to create a new private endpoint that connects to your private link hub.

    Screenshot that shows the private endpoint connections page.

  3. Choose the Microsoft.Synapse/privateLinkHubs resource type on the Resource tab.

    Screenshot that shows the 'Create a private endpoint' page with 'Resource type' highlighted.

  4. On the Configuration tab, select privatelink.azuresynapse.net for Private DNS zones when integrating with your virtual network and private DNS zone.

    Screenshot that shows the page to create a private endpoint to private link hub.

Related content