Connecting storage using a private endpoint lab
This lab willguide you through connecting an Azure private endpoint to a storage account, which will connect to a virtual machine in the same VNet. You will then prove connectivity to the storage account through the private endpoint:
- Estimated time: 45 minutes.
- Lab method: PowerShell.
- Lab scenario: In this lab, you play the role of an administrator seeking to employ a secure method to communicate with an Azure Storage account. You have identified an Azure private endpoint as being a mechanism to control traffic over a local endpoint and want to prove its functionality before implementing it within your organization’s environment. This lab will guide you through each task step by step to achieve the following objectives.
Lab objectives:
- Task one: Provision the resource groups for the lab.
- Task two: Create and configure an Azure Storage account.
III. Task three: Create and configure the Azure Files shares.
IV. Task four: Provision a vNET.
- Task five: Provision a Virtual Machine (VM).
VI. Task six: Deploy a private endpoint to the storage account.
VII. Task seven: Test connectivity from the server to the file share over the local IP.
- Lab URL: Not applicable.
- Lab architecture diagram:
Figure 8.7 – Lab architecture diagram
Let’s now proceed toward the step-by-step execution of the lab.
Lab steps
In the following demonstration, we will attach a private endpoint to a storage account:
Task one: Provision the resource groups for the lab.
The following PowerShell code creates the resource groups for the lab environment:
#? TASK 1 – Provision the resource groups for the lab
#? ////////////////////////////////////////////////////////
# Resource Group 1
$resourceGroup1 = “Az104-07-rg0”;
New-AzResourceGroup -Name $resourceGroup1 -Location $Location;
Task two: Create and configure an Azure Storage account.
The following PowerShell code creates and configures the storage accounts for this lab:
#? TASK 2 – Create and configure the lab storage accounts #? //////////////////////////////////////////////////////// # Common Paramters / Variables
$date = Get-date -Format “yyMMddhhmm”; $SkuName = “Standard_LRS”;
#Storage Account 1
$storageAccountName1 = “$($resourceGroup1.ToLower() -replace(“-“))$date”;
New-AzStorageAccount -Name $storageAccountName1
-ResourceGroupName $resourceGroup1 -Location $Location -SkuName $SkuName;
Task three: Create and configure the Azure Files shares.
The following PowerShell code creates and configures the Azure file shares:
#Common Paramters / Variables $ShareName= “az104-07-share”;
#Storage Account 1
$Context1 = (Get-AzStorageAccount -ResourceGroupName
$ResourceGroup1 -AccountName $StorageAccountName1).Context; New-AzStorageShare -Name $ShareName -Context $Context1
Task four: Provision a vNET.
The following PowerShell code creates and configures the Azure vNET:
## Create backend subnet config. ##
$subnetConfig = New-AzVirtualNetworkSubnetConfig -Name myBackendSubnet -AddressPrefix 10.0.0.0/24
## Create the virtual network. ##
$parameters1 = @{
Name = ‘MyVNet’
ResourceGroupName = “$ResourceGroup1”
Location = “$Location”
AddressPrefix = ‘10.0.0.0/16’
Subnet = $subnetConfig
}
$vnet = New-AzVirtualNetwork @parameters1
Task 5: Provision a VM.