![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 67%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,628 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 17%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
Hi @Sundarakannan M,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
Validation of Understanding: Can the private endpoint approach work without VNet peering or VPN? Or are there other configurations I should consider?
Yes, you are correct. You can establish connectivity between Kafka and Azure Event Hub using private endpoints without requiring VNet peering or a VPN. Private endpoints allow you to securely access Azure services over a private IP address within your virtual network (VNet).What is a private endpoint? - Azure Private Link | Microsoft Learn
Kafka Configuration: What details do I need to configure connectivity from Kafka to the Event Hub? For example, do I need specific DNS settings, IP configurations, or endpoint details?
When setting up the private endpoint for the Event Hub, the IP and DNS configurations are automatically handled.
https://learn.microsoft.com/en-us/azure/event-hubs/private-link-service
https://learn.microsoft.com/en-us/azure/event-hubs/event-hubs-quickstart-kafka-enabled-event-hubs?form=MG0AV3&tabs=passwordless
Note: Please ensure that the virtual network for Kafka is linked within the private DNS zone.
https://learn.microsoft.com/en-us/azure/dns/private-dns-getstarted-portal#link-the-virtual-network
Verification of Connectivity: Once the private endpoint is set up, how can I validate the connectivity between Kafka and Event Hub at the network level without sending any actual data?
Perform the nslookup using the FQDN private endpoint. Once you obtain the private IP, you can proceed to send the data.
Command:
nslookup <FQDN>
Traffic Routing via Azure Firewall: Instead of directly connecting Kafka to the Event Hub, can I route traffic through an Azure Firewall in Subscription XYZ? If yes, what are the necessary steps to configure the firewall, private endpoint, and other network components in Subscriptions ABC and XYZ?
Yes.
Refer this doc for Azure Firewall scenarios to inspect traffic destined to a private endpoint: https://learn.microsoft.com/en-us/azure/private-link/inspect-traffic-with-azure-firewall?form=MG0AV3 https://learn.microsoft.com/en-us/azure/private-link/tutorial-inspect-traffic-azure-firewall?form=MG0AV3
Note: If you want to use the Azure firewall, you'll need to set up VNet peering. https://learn.microsoft.com/en-us/azure/virtual-network/create-peering-different-subscriptions?tabs=create-peering-portal
If above is unclear and/or you are unsure about something add a comment below.
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.
Regards,
Rohith