Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

APIM and Private Endpoints

  • May 4, 2023
  • 4 min read
Cloud and Virtualization Architect. Florent is specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.
Cloud and Virtualization Architect. Florent is specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.

Microsoft released the private endpoint feature, for APIM, for all SKUs. Before, it was only for developers and Premium SKU. In this article, we will see how to make our APIm fully private, to publish APIs internally only. The documentation is available here: https://learn.microsoft.com/en-us/azure/api-management/private-endpoint

To start, deploy a basic APIM for example. If I do a curl on the echo api deployed by default, we can see that it works:

curl -v https://starwind-apim.azure-api.net/echo/resource?param1=sample

Deploy a basic APIM for example

Now, we will add our private endpoint to be able to disable the public access. Go to the network tab of your APIM, Inbound private endpoint connections and create a new private endpoint, and register it in the private DNS zone:

Inbound private endpoint connections

I created a VM, in the same VNet, to test the connectivity to this Private Endpoint:

I created a VM, in the same VNet, to test the connectivity to this Private Endpoint

As you can see, we can access the API through the private endpoint. So next step is to disable the public access, with az rest command (not available in the portal currently):

Disable the public access, with az rest command

After a few minutes, the public access is disabled:

The public access is disabled

As you can see, we can’t access the APIM anymore through the public path, but we can always target it with the private endpoint:

We can’t access the APIM anymore through the public path, but we can always target it with the private endpoint

As you can see, it is very simple to put an APIM private now, and not pay too much 😊

In the next article, we will see how to expose the APIM, through an Azure Application Gateway to have it publicly available and keep the private part too.

 

Found Florent’s article helpful? Looking for a reliable, high-performance, and cost-effective shared storage solution for your production cluster?
Dmytro Malynka
Dmytro Malynka StarWind Virtual SAN Product Manager
We’ve got you covered! StarWind Virtual SAN (VSAN) is specifically designed to provide highly-available shared storage for Hyper-V, vSphere, and KVM clusters. With StarWind VSAN, simplicity is key: utilize the local disks of your hypervisor hosts and create shared HA storage for your VMs. Interested in learning more? Book a short StarWind VSAN demo now and see it in action!