Using Azure private endpoints
Striim can connect with Microsoft Azure services using private endpoints in Azure. For services managed in Azure you connect using a resource ID, while for external services you connect through the Azure Private Link service. You can also connect with on-premise databases that are connected to Azure using Private Link.
For an introduction to Azure private endpoints and Azure Private Link, see:
Note
Your Striim Cloud bill can increase when you enable Azure Private Link as a result of increased compute and data transfer costs. For details, contact your Striim account representative.
Using private endpoints has been certified with the following Microsoft services:
Azure Cosmos for MongoDB
Azure Data Lake Storage Gen2
Azure Database for MySQL
Azure Event Hub
Azure SQL Database
Azure Synapse (SQL)
Using private endpoints has been certified with the following non-Microsoft services:
MongoDB Atlas
Snowflake
Note
To configure a private endpoint for Snowflake, contact Striim support.
Prerequisites
You may need permissions in Azure to create a database, virtual machine, standard load balancer, Azure Private Link service, or private endpoint. You may also need permission to approve the endpoints created. Some Microsoft services auto-approve private endpoints.
Before configuring Striim Cloud, do the following in Azure.
For Microsoft services
Get the Resource ID for the Azure-managed service. The Resource ID can be obtained by navigating to the resource in the Azure Portal, selecting Properties and copying the 'ID' field. The tooltip says 'Resource ID'.
For MongoDB Atlas
Create a private endpoint from the MongoDB Atlas endpoint page. This creates a Private Link service which has a Resource ID attached to it. Once you configure the resource ID in Striim Console, you will receive an email from Striim that contains the Resource ID and IP address of the private endpoint. You will use these values to configure the private endpoint in MongoDB Atlas.
See Quickstart: Create a Private Link service by using the Azure portal.
See What is a private endpoint? and related topics.
Configuring an Azure private endpoint in Striim Cloud
Make sure the Striim Cloud service is running.
In the Striim Cloud Console, select the Services tab, then select More > View Details > Secure connection for the Striim Cloud service.
In the Private Endpoints section, click Create Private Endpoint and enter the following:
Name: a unique name for your private endpoint.
Service Alias:
For Microsoft services: enter the resource ID for the service.
For MongoDB Atlas: enter the alias from the Private Link Service page in Azure Portal (see Learn / Azure / Networking / Private Link / What is Azure Private Link service? / Alias).
Click Create Private Endpoint.
The new private endpoint will be in the Creating state while connecting to Azure. For MongoDB only, it will then be in the Pending state until you provide the Resource ID and IP address that you receive through an email from Striim, at which point the state of the private endpoint will be auto-approved and in the Running state.
Other services may require approval before going to the Running state.
The private endpoint in Striim will then be in the Running state.
Specifying Azure private endpoints in sources and targets
For ADLS Gen2 Writer or Azure Event Hub Writer, if a running Striim Cloud private endpoint is associated with the same service as the SAS key specified in the adapter properties, the adapter will use it automatically.
For MongoDB Reader or MongoDB Writer for MongoDB Atlas, obtain the connection string URL from MongoDB Atlas and use this URL in the TQL to connect with the private endpoint. In the MongoDB Atlas Database home page, click on Connect. Click Connect with MongoDB Compass. Copy the provided connection string.
For Database Reader, Database Writer, or MySQL Reader for Azure Database for MySQL:
In the Striim Cloud Console, select the Services tab, then select More > View Details > Secure connection for the Striim Cloud service.
In the Private Endpoints section, copy the appropriate FQDN value and use it in place of the IP address, host name, or network name in the adapter's Connection URL property value.
