You can now use private endpoints for your Azure Cosmos DB for MongoDB vCore clusters to allow hosts on a virtual network (VNet) to securely access data over a Private Link.
The cluster’s private endpoint utilizes an IP address from the virtual network’s address space, ensuring that traffic between hosts on the virtual network and the database nodes passes through the Microsoft backbone network. This setup eliminates exposure to the public Internet and allows applications within the virtual network to connect to the database nodes seamlessly, using the same connection strings and authorization mechanisms as they would under standard conditions.
You have the option to select private access during the cluster creation process, and it is possible to switch from public to private access at any point.
Why Azure Private Link for Azure Cosmos DB?
Azure Private Link provides a secure bridge between your virtual network and Azure services, such as Azure Cosmos DB, via a private endpoint. This means that your database traffic never traverses the public internet, reducing exposure and significantly mitigating the risk of data exfiltration.
Key Benefits
- Enhanced Security: Connections use private IP addresses, restricting database access to authorized users within your network.
- Reduced Latency: Traffic remains on the Microsoft Azure backbone network, ensuring data travels more directly and quickly.
- Flexible Access: Azure Cosmos DB can be accessed from within your virtual network, through peered networks, or even from on-premises environments via private peering, VPN, or Azure ExpressRoute.
Getting Started
Whether setting up a new cluster with a private endpoint or integrating Private Link into an existing cluster, comprehensive step-by-step guides are available in the documentation.
For New Clusters:
The Azure portal’s user-friendly interface guides you to create a new Azure Cosmos DB for MongoDB vCore cluster with a private endpoint. You will configure your cluster settings, including selecting the “Private access” option under networking, to securely route your database traffic through your virtual network.
For Existing Clusters:
Adding a private endpoint to an existing cluster is straightforward using the Azure portal. This involves navigating to the “Networking” section of your cluster settings and configuring the private endpoint to match your network’s specifications.
Follow the official documentation for all the necessary information, including prerequisites, step-by-step guides for creating a cluster with a private endpoint using the Azure portal, and instructions for adding a private endpoint to an existing cluster. Additionally, it covers how to automate these processes using Azure CLI, offering flexibility for those who prefer scripting or need to automate their deployment processes.
Conclusion
Integrating Azure Private Link with Azure Cosmos DB for MongoDB vCore provides a secure, efficient, and flexible way to connect to your databases. Using Azure Private Link helps keep your sensitive data safe from unauthorized access and keeps it off the public internet. This move is a big step in making your cloud database environment more secure while keeping it fast and easy to use.
About Azure Cosmos DB
Azure Cosmos DB is a fully managed and serverless distributed database for modern app development, with SLA-backed speed and availability, automatic and instant scalability, and support for open-source PostgreSQL, MongoDB, and Apache Cassandra. Try Azure Cosmos DB for free here. To stay in the loop on Azure Cosmos DB updates, follow us on Twitter, YouTube, and LinkedIn.
Try Azure Cosmos DB free with Azure AI Advantage
Sign up for the Azure AI Advantage! The Azure AI Advantage offer is for existing Azure AI and GitHub Copilot customers who want to use Azure Cosmos DB as part of their solution stack. With this offer, you get 40,000 free RUs, equivalent of up to $6,000 in savings.
0 comments