Another resource in the Azure ARM deployment model gets support for Azure Private Link. This time is the Azure Container Registry. This is one of the top features customers have asked for from the product team.
By using Azure Private Link the Registry endpoints get private IPs within your Virtual Network preventing any data exfiltration since all the traffic stays within the Microsoft Azure backbone.
Currently, the public endpoint can still be accessible to other teams i.e. the development team. With firewall rules in-place it limits the general public access. In future releases of the ACR Private Link, will support disabling the public endpoints completely and use only the private connection. Maybe it will be like that when it reaches GA, although GA is not far.
ACR Private Link is available in all public regions. Check the availability for all the resources that support Azure Private Link and their respective supported regions here.
For information on how to configure Azure Private Link for an Azure Container Registry click here.
Azure Private Link
Azure Private Link provides private connectivity from a virtual network to Azure platform as a service (PaaS), customer-owned, or Microsoft partner services. It simplifies the network architecture and secures the connection between endpoints in Azure by eliminating data exposure to the public internet.microsoft.com
Main features oof Azure Private Link:
- Private connectivity to Azure services directly in your virtual network without the traffic going out of the Azure backbone
- Integrate your virtual networks and its peers with your on-premises network
- Achieve desired security compliance because data traveling does not traverse the internet
- Private Link utilizes Microsoft Azure global backbone network that makes it ideal to connect your services with no regional restriction.