Set up network integration

Set up network integration with the customer environment

읽는 시간 2분

최근 업데이트: 4일 전

To set up network integration, complete these steps:

1. Optionally, connect the solution VNet to the corporate network

Optionally, connect the solution VNet to the corporate network. For example, peer the Vnet with a network hub or create a connection to a virtual WAN (VWAN) hub. The solution itself doesn't need access to any resources in the corporate network.

2. Establish the client connectivity to the solution frontend

To establish this connectivity, choose one of these methods:

Create a private endpoint to the target Azure Private Link service
Establish connectivity directly to the AKS load balancer frontend

2.1 Create a private endpoint to the target Azure Private Link service

Create a private endpoint to the Azure Private Link service that is attached to the AKS load balancer frontend. Connect this private endpoint to a VNet that is in the customer Azure environment and that is accessible from the corporate network, so that end users can reach it. The private endpoint must reside in the same region as the deployed solution. To locate the target Private Link service, look in the infrastructure resource group of the deployed AKS cluster. Alternatively, search for Private Link service resources in the subscription. Create the private endpoint resource in a resource group that is different from the solution resource group and from the AKS infrastructure resource groups. These resource groups are managed and must not contain customer-created resources.

2.2 Establish connectivity directly to the AKS load balancer frontend

Establish connectivity directly to the AKS load balancer frontend to which the Private Link service is attached. You can use this method only if the solution VNet is connected to the corporate network and if clients can access it from their machines.

3. Create a DNS record for the domain name

Create a DNS record for the domain name of the solution, which you have entered when configuring Azure Marketplace offer:

This record must be a DNS A record.
The record must point to one of these IP addresses, depending on the connectivity method you chose:
- The IP address of the private endpoint to the Azure Private Link service, which you have created at the previous step
- The IP address of the AKS load balancer frontend

4. Optionally, configure the routing and firewall rules

Optionally, configure the routing and firewall rules to lock or control outbound internet access for the solution in the AKS cluster. If this configuration is required, complete these steps:

Connect the solution VNet to the corporate network.
Apply this additional configuration:
- To allow the required outbound access, configure the firewall rules on the central network virtual appliance, for example, Azure Firewall. Refer to the firewall rules for the outbound internet access.
- Configure routing. The
```
0.0.0.0/0
```
  route must point to the network virtual appliance.
- Change the outboundType setting of the AKS cluster from
```
loadBalancer
```
  to
```
userDefinedRouting
```
  . Refer to the procedure in the Azure documentation.
Run this command:
```
az aks update -g <resourceGroup> -n <clusterName> --outbound-type userDefinedRouting
```

Next steps

Set up the identity subsystem

기술 자료

엔진

서비스

Grow

산업 분야

지원