Share via

Service Endpoint impact on a service

P, John 240 Reputation points
2025-01-17T01:23:09.6266667+00:00

I am doing VNet integration for my azure resources. For ADLS storage:

  • on one side, we have on-premise machine to write data to the storage through default public endpoint
  • on the other side, we have VNet injected Databricks to talk with the ADLS storage thorough Service Endpoint (SE)

After I select the __“Enabled from selected virtual networks and IP addresses” __on the ADLS storage's Networking configuration, and select my VNet, a service endpoint is created automatically. Now the databricks can talk to the storage. My questions are:

  • After the SE was created, will on premise machine lose its connectivity to the Storage because the default public endpoint will be disabled?
  • If so, will the on-premise machine resumes its connectivity to storage after I add its public IP to the storage service's network firewall?

My understanding is the SE is just add a route from a VNet private IP to storage's default public IP. It shall not affect the existing open internet access through Storage's public IP, is this right understanding?

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,596 questions
0 comments
Accepted answer
  1. Rohith Vinnakota 2,090 Reputation points Microsoft Vendor
    2025-01-17T07:02:21.78+00:00

    Hi @P, John

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    Answer your questions

    After the SE was created, will on premise machine lose its connectivity to the Storage because the default public endpoint will be disabled?

    Yes, Your correct.

    If so, will the on-premises machine resume its connectivity to storage after I add its public IP to the storage service's network firewall?

    Yes, because you disabled the public network access. If you want access to the storage on the on-premises machine, we need to enable the 'Selected virtual networks and IP addresses' option in the storage firewall and add the IP address.

    Refer this link: https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?form=MG0AV3&tabs=azure-portal#about-virtual-network-endpoints

    My understanding is the SE is just add a route from a VNet private IP to storage's default public IP. It shall not affect the existing open internet access through Storage's public IP, is this right understanding?

    Yes, your understanding is correct.

    Refer this link: https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?form=MG0AV3&tabs=azure-portal#grant-access-from-a-virtual-network

    If above is unclear and/or you are unsure about something add a comment below.

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    Regards,

    Rohith

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.