Using Azure private endpoints with managed services
Note
This topic applies only to Striim Cloud on Azure (Enterprise and Mission Critical).
The use of private endpoints as a source or target has been certified with the following Microsoft services:
Azure Cosmos for MongoDB
Azure Data Lake Storage Gen2
Azure Database for MySQL
Azure Databricks
Azure Event Hub
Azure Key Vault
Azure Managed SQL Instance
Azure SQL Database
Azure Synapse (SQL)
Using private endpoints has been certified with the following non-Microsoft services:
MongoDB Atlas
Snowflake
Databricks
Note
To configure a private endpoint for Snowflake, contact Striim support.
Prerequisites
You may need permissions in Azure to create a database, virtual machine, standard load balancer, Azure Private Link service, or private endpoint. You may also need permission to approve the endpoints created.
Before configuring Striim Cloud, do the following in Azure.
For Azure Managed SQL Instance
Obtain the resource ID and host name of the Managed SQL Instance:
Get the Resource ID:
Navigate to the Azure Managed SQL Instance page in the Azure portal.
Click on the JSON view.
copy the Resource ID.
Get the host name:
Navigate to the Azure Managed SQL Instance page in the Azure portal.
In the Essentials section at the top, look for the host.
For example,
my-managed-instance.public.<random>.database.windows.net.
Azure-managed services
Get the Resource ID for the Azure-managed service. The Resource ID can be obtained from the Overview > JSON View for any Azure-managed service.
For MongoDB Atlas
To establish a private endpoint connection between MongoDB Atlas and Striim, first initiate the creation of a private endpoint through the MongoDB Atlas endpoint configuration page. MongoDB Atlas will generate a Private Link service accompanied by a unique Resource ID. When prompted, you'll provide the Azure endpoint's Resource ID and IP address to continue the setup.
Next, within the Striim console, utilize the Resource ID provided by MongoDB Atlas to create the corresponding Azure endpoint. Following this, Striim will send an email containing the newly created private endpoint's Resource ID and IP address.
Finally, return to the MongoDB Atlas interface, and enter the details provided in the email from Striim to complete and activate the private endpoint configuration.
See Quickstart: Create a Private Link service by using the Azure portal.
See What is a private endpoint? and related topics.
Configuring an Azure private endpoint in Striim Cloud
Make sure the Striim Cloud service is running.
In the Striim Cloud Console, select the Services tab, then select More > View Details > Secure connection for the Striim Cloud service.
In the Private Endpoints section, click Create Private Endpoint and enter the following:
Name: a unique name for your private endpoint.
Service Alias:
For Managed SQL Instance: enter the resource ID, Host Name and Target Sub Resource
For Microsoft services: enter the resource ID for the service.
For MongoDB Atlas: enter the Atlas private endpoint resource ID from the Atlas Network Access page (see Learn / Azure / Networking / Private Link / What is Azure Private Link service? / Alias).
Host Name: required for Managed SQL Instance.
Target Sub Resource: required for Managed SQL Instance. Specify the target sub-resource as a managed instance.
Other parameters as required for the endpoint.
Click Create Private Endpoint.
The new private endpoint will be in the Creating state while connecting to Azure. For MongoDB only, it will then be in the Pending state until you provide the Resource ID and IP address that you receive through an email from Striim, at which point the state of the private endpoint will be auto-approved and in the Running state.
All Azure services require approval before going to the Running state.
The private endpoint in Striim will then be in the Running state.
Specifying Azure private endpoints in sources and targets
For ADLS Gen2 Writer or Azure Event Hub Writer, if a running Striim Cloud private endpoint is associated with the same service as the SAS key specified in the adapter properties, the adapter will use it automatically.
For MongoDB Reader or MongoDB Writer for MongoDB Atlas, obtain the connection string URL from MongoDB Atlas and use this URL in the TQL to connect with the private endpoint. In the MongoDB Atlas Database home page, click on Connect. Click Connect with MongoDB Compass. Copy the provided connection string.
For Database Reader, Database Writer, or MySQL Reader for Azure Database for MySQL:
In the Striim Cloud Console, select the Services tab, then select More > View Details > Secure connection for the Striim Cloud service.
In the Private Endpoints section, copy the appropriate FQDN value and use it in place of the IP address, host name, or network name in the adapter's Connection URL property value.
