Connect to Azure resources securely using managed private endpoints (Preview)
Managed Private Endpoint is a network security feature of the Fabric platform that allows Fabric items to securely access data sources behind a firewall or not accessible from the public internet. By integrating Eventstream with the Managed Private Endpoint, a managed virtual network (VNet) is automatically created for Eventstream, allowing you to securely connect to your Azure resources within a private network. This feature ensures that your data is securely transmitted over a private network.
The following diagram shows a sample architecture for connecting Eventstream to Azure event hub within a virtual network:
Supported data sources and regions
Supported data sources: In alignment with the Managed Private Endpoints in Fabric, Eventstream only supports private connections for the following Azure resources:
- Azure Event Hubs
- Azure IoT Hub
Supported regions for Eventstream managed VNet: Only selected Fabric tenant regions are supported for Eventstream managed VNet. These regions include:
- Australia Southeast
- East US
- Canada Central
- East US 2
- North Central US
- North Europe
- West Europe
- West US
Coming soon: Support for additional regions is planned, including:
- Australia East
- Brazil South
- Central India
- France Central
- Japan East
- Southeast Asia
- UAE North
- UK South
To learn more about the Managed Private Endpoints and supported data sources, visit Managed Private Endpoints for Fabric.
Connect to Azure Event Hubs using a managed private endpoint
Setting up a private connection in Eventstream is straightforward. Follow these steps to create a managed private endpoint for an Azure event hub and stream data to Eventstream over private network.
Prerequisites
- Managed private endpoints are supported for Fabric trial and all Fabric F SKU capacities.
- Only users with Workspace Admin permissions can create Managed Private Endpoints
- An Azure event hub with public access disabled, and its Resource ID ready for creating a private endpoint.
- A Fabric tenant region that supports managed VNet for Eventstream.
Step 1: Create an eventstream
- Switch your Power BI experience to Real-time Intelligence.
- Navigate to the Eventstream section and select Create. Name your Eventstream such as “eventstream-1."
Step 2: Create a private endpoint
- In the Fabric workspace, go to the Workspace settings and navigate to the Network security section.
- Select Create to add a new private endpoint.
- For the Resource identifier, enter the resource ID of your Azure Event Hubs such as
/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/my-resourcegroup/providers/Microsoft.EventHub/namespaces/my-eh-namespace
. - For Target Sub-resource, select Azure Event Hub.
- Select Create to finalize the private endpoint creation.
Step 3: Approve the private endpoint in Azure Event Hubs
- Go to the Azure portal and open your Azure event hub.
- In the Networking section, navigate to the Private endpoint connections tab.
- Locate the private endpoint request from your Fabric workspace and approve it.
- Once approved, the managed private endpoint status updates to Approved.
Step 4: Add an Azure Event Hubs source to Eventstream
- Go back to the eventstream you created in Fabric.
- Select Azure Event Hubs and add it as a source to your Eventstream.
- When creating a new connection to your Azure event hub, uncheck the Test connection option if your event hub isn't publicly accessible.
- Manually enter the Consumer group.
Once added, Eventstream starts pulling data from your Azure event hub over the private network.
By following these steps, you have a fully operational Eventstream running over a secure private network, using the managed private endpoint to ensure secure data streaming.
Limitations
- The Data Preview feature may not be available for data sources that aren't publicly accessible when connected through a managed private endpoint. However, the data is securely transmitted and flows correctly to the Eventstream.