This page provides instructions on how to enable the PrivateLink feature for the EMQX Cloud deployment on the Microsoft Azure platform. Once the PrivateLink is enabled, the EMQX Cloud deployment can access Azure PaaS Services and Azure hosted customer-owned/partner services through a private connection in your virtual network. In the private connection, the EMQX Cloud deployment's Virtual Private Cloud (VPC) functions as the service user, sending requests to the VPC where your cloud-based resources reside, namely, the service provider's VPC.
The following contents are demonstrated on this page:
Create a Private Link Service Using the Azure Portal
To access the Azure services through a private connection from the EMQX Cloud, you need to create a Private Link Service in Azure and expose the service to EMQX Cloud. This section demonstrates how to create a private link service by using the Azure portal.
This demonstration assumes that you already have an Azure account and have created your own virtual network. For more information about creating the virtual network, see the Azure documentation.
Subnet: Select the subnet of your virtual network.
Click Next: Backend pools.
In Backend pools, click + Add a backend pool.
Select NIC for Backend Pool Configuration. Click +Add to associate to the backend virtual machine server. Select demo-redis as the virtual machine.
Click Next: Inbound rules.
In Inbound rules, click + Add an Inbound nat rule to configure the rule for port forwarding.
The Network Address Translation (NAT) rule defines how to redirect external traffic from a specific port to a specific port on a virtual machine, allowing external users to access services on the virtual machine.
Frontend IP configuration: Select the name you configured in the Frontend IP configuration tab.
Frontend Port and Backend port: 6379 is used in the demonstration to facilitate the testing in Test the PrivateLink Connection. If you use other resources in data integration for testing, the port should be changed.
Configure other settings according to your real case.
By creating a PrivateLink connection in your deployment, you enable the PrivateLink feature for your deployment.
Go to your deployment in EMQX Cloud Console. Scroll down the Overview page until you see PrivateLink. Click + PrivateLink. On the pop-up dialogue, copy the Azure subscription ID in the Subscription ID field.
Go to the private link service demo you created in Azure Portal.
Click Access security under Settings. Select Restricted by subscription and click Add subscription. Paste the Azure subscription ID copied from EMQX Cloud Console in the Subscription textbox.
Click OK. Go to the Overview page and copy the alias for the private link service.
Go to the EMQX Cloud Console. Click Next Step, paste the alias you just copied in the Enter the ID of Private Link Service textbox. Click Create PrivateLink.
Once completed, go to the private link service demo and click Private endpoint connections. Select the connection and click Approve.
Wait for a while and check the status of the PrivateLink in the deployment details. When the status turns to running, it means the PrivateLink has been created successfully.
Before removing a PrivateLink connection, you need to check the following:
Ensure that the PrivateLink status is running.
Verify that there are no linked resources within the deployment, as neglecting this step could lead to unpredictable risks.
If you intend to remove the private link service from your Azure platform, it is important to first remove the PrivateLink from the EMQX Cloud Console. Failing to do so may result in a "Failed" PrivateLink status for the deployment.
Go to the deployment details page.
Click the removal icon in the Actions column of the PrivateLink and click Confirm to delete.