什么是 Azure 专用链接?What is Azure Private Link?

使用 Azure 专用链接,可以通过虚拟网络中的专用终结点访问 Azure PaaS 服务(例如,Azure 存储和 SQL 数据库)和 Azure 托管的客户拥有的服务/合作伙伴服务。Azure Private Link enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure hosted customer-owned/partner services over a private endpoint in your virtual network.

虚拟网络与服务之间的流量将通过 Azure 主干网络。Traffic between your virtual network and the service travels the Azure backbone network. 不再需要向公共 Internet 公开服务。Exposing your service to the public internet is no longer necessary. 可以在虚拟网络中创建自己的专用链接服务,并将其交付给客户。You can create your own private link service in your virtual network and deliver it to your customers. 使用 Azure 专用链接的设置和使用体验在 Azure PaaS、客户自有服务和共享合作伙伴服务中是一致的。Setup and consumption using Azure Private Link is consistent across Azure PaaS, customer-owned, and shared partner services.

重要

Azure 专用链接现已推出正式版。Azure Private Link is now generally available. 专用终结点和专用链接服务(标准负载均衡器后面的服务)都已推出正式版。Both Private Endpoint and Private Link service (service behind standard load balancer) are generally available. 不同的 Azure PaaS 会按不同计划加入 Azure 专用链接。Different Azure PaaS will onboard to Azure Private Link at different schedules. 有关专用链接上的 Azure PaaS 的准确状态,请参阅专用链接可用性See Private Link availability for an accurate status of Azure PaaS on Private Link. 有关已知的限制,请参阅专用终结点专用链接服务For known limitations, see Private Endpoint and Private Link Service.

Azure 门户中的 Azure 专用链接中心

主要优点Key benefits

Azure 专用链接提供以下优势:Azure Private Link provides the following benefits:

  • 以私密方式访问 Azure 平台上的服务:无需在源或目标上使用公共 IP 地址,即可将虚拟网络连接到 Azure 中的服务。Privately access services on the Azure platform: Connect your virtual network to services in Azure without a public IP address at the source or destination. 服务提供商可在自己的虚拟网络中呈现其服务,而使用者可在其本地虚拟网络中访问这些服务。Service providers can render their services in their own virtual network and consumers can access those services in their local virtual network. 专用链接平台将通过 Azure 主干网络处理使用者与服务之间的连接。The Private Link platform will handle the connectivity between the consumer and services over the Azure backbone network.

  • 本地网络和对等互连的网络:使用专用终结点通过 ExpressRoute 专用对等互连、VPN 隧道和对等互连的虚拟网络从本地访问 Azure 中运行的服务。On-premises and peered networks: Access services running in Azure from on-premises over ExpressRoute private peering, VPN tunnels, and peered virtual networks using private endpoints. 无需配置 ExpressRoute Azure 对等互连或遍历 Internet 即可访问服务。There's no need to configure ExpressRoute Azure peering or traverse the internet to reach the service. 专用链接可让客户安全地将工作负荷迁移到 Azure。Private Link provides a secure way to migrate workloads to Azure.

  • 防范数据泄露:专用终结点映射到 PaaS 资源的某个实例,而不是映射到整个服务。Protection against data leakage: A private endpoint is mapped to an instance of a PaaS resource instead of the entire service. 使用者只能连接到特定的资源。Consumers can only connect to the specific resource. 对服务中任何其他资源的访问将遭到阻止。Access to any other resource in the service is blocked. 此机制可以防范数据泄露风险。This mechanism provides protection against data leakage risks.

  • 全球覆盖:以私密方式连接到在其他区域中运行的服务。Global reach: Connect privately to services running in other regions. 使用者的虚拟网络可以位于区域 A,而且可以连接到区域 B 中专用链接后面的服务。The consumer's virtual network could be in region A and it can connect to services behind Private Link in region B.

  • 扩展到自己的服务:实现相同的体验和功能,以私密方式将服务呈现给 Azure 中的使用者。Extend to your own services: Enable the same experience and functionality to render your service privately to consumers in Azure. 将服务放在标准 Azure 负载均衡器的后面即可为其启用专用链接。By placing your service behind a standard Azure Load Balancer, you can enable it for Private Link. 然后,使用者可以使用其自己的虚拟网络中的专用终结点直接连接到你的服务。The consumer can then connect directly to your service using a private endpoint in their own virtual network. 可以使用审批调用流来管理这些连接请求。You can manage the connection requests using an approval call flow. Azure 专用链接适用于属于不同 Azure Active Directory 租户的使用者和服务。Azure Private Link works for consumers and services belonging to different Azure Active Directory tenants.

可用性Availability

有关支持专用链接的 Azure 服务的信息,请参阅 Azure 专用链接可用性For information on Azure services that support Private Link, see Azure Private Link availability.

有关最新通知,请查看 Azure 专用链接更新页面For the most up-to-date notifications, check the Azure Private Link updates page.

日志记录和监视Logging and monitoring

Azure 专用链接可与 Azure Monitor 集成。Azure Private Link has integration with Azure Monitor. 通过这种组合可以:This combination allows:

  • 将日志存档到存储帐户。Archival of logs to a storage account.
  • 将事件流式传输到事件中心。Streaming of events to your Event Hub.
  • 启用 Azure Monitor 日志记录。Azure Monitor logging.

可以在 Azure Monitor 中访问以下信息:You can access the following information on Azure Monitor:

  • 专用终结点Private endpoint:

    • 专用终结点处理的数据(传入/传出)Data processed by the Private Endpoint  (IN/OUT)
  • 专用链接服务Private Link service:

    • 专用链接服务处理的数据(传入/传出)Data processed by the Private Link service (IN/OUT)
    • NAT 端口可用性NAT port availability

定价Pricing

有关定价详细信息,请参阅 Azure 专用链接定价For pricing details, see Azure Private Link pricing.

常见问题解答FAQs

有关常见问题解答,请参阅 Azure 专用链接常见问题解答For FAQs, see Azure Private Link FAQs.

限制Limits

有关限制,请参阅 Azure 专用链接的限制For limits, see Azure Private Link limits.

服务级别协议Service Level Agreement

有关 SLA,请参阅 Azure 专用链接的 SLAFor SLA, see SLA for Azure Private Link.

后续步骤Next steps