Create a separate private endpoint for the secondary instance of the storage service

Pasquini, Matteo (Admin) 45 Reputation points
2024-12-12T10:58:10.0266667+00:00

Hello,

in this doc: https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json
I can read the TIP "Create a separate private endpoint for the secondary instance of the storage service for better read performance on RA-GRS accounts. Make sure to create a general-purpose v2(Standard or Premium) storage account."

Cause geo-replica the secondary resource is not visible (like happen KeyVault).
How identify the secondary resource so that I can create the pep?
or

How identify the secondary resource to attach to a NIC and attach to the pep?

Thanks

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,292 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
526 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Hari Babu Vattepally 1,195 Reputation points Microsoft Vendor
    2024-12-16T18:24:11.3633333+00:00

    Hi @Pasquini, Matteo (Admin)

    Apologize for delay in response and for any inconvenience caused.

    Yes, you are correct that when you create a Private Endpoint, it creates a NIC as read-only and it cannot be attached to Private Endpoint.

    By following the below steps, you can identify the NIC of secondary resources.

    • Identify the secondary resource.
    • Locate the private endpoint associated with that resource.
    • Use Azure CLI or PowerShell to list the NICs and their IP addresses.

    For example, using Azure CLI:-

    az network private-endpoint list --resource-group <ResourceGroupName> --query "[].{Name:name, NicId:nic.id, IpAddress:ipAddress}"
    
    

    And then, update your Private DNS Zone with the correct IP address. Once you have the IP address, you can update the Private DNS Zone with the new A record pointing to the NIC IP address.

    For more additional information, please refer the below links.

    cross-tenant-secure-access-private-endpoints.

    private-endpoint-overview.

    I hope this helps and addressed your query. Please let us know if the issue is resolved or still persist. We will be glad to assist you closely.

    Thanks!


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.