Skip to main content Skip to complementary content

Activating Azure Private Link with Talend

Procedure

  1. In your Azure VNet, create the Private endpoint to be used for Private Link.
    If you need assistance to do this, contact the administrator of your Azure system. In the Resource step, select the Connect to an Azure resource by resource ID or alias radio box and in the Resource ID or alias, enter the endpoint name of the Talend PrivateLink service:
    Talend Azure region Talend specific PrivateLink service names
    US WEST talend_cloud_privatelink.b5e2f5d0-670b-4535-9b73-f1720592427f.westus.azure.privatelinkservice

    Example

  2. Repeat this step to create another endpoint using the following service name for Talend disaster recovery. This allows you to trigger the disaster recovery failover when needs be.
    talend_cloud_privatelink.ac2a62c6-d63c-47ec-8575-8e08e3b7aba7.eastus.azure.privatelinkservice

    If Talend informs you that the PrivateLink services need to be switched to the disaster recovery (DR) services, the endpoint you are creating at this step cannot be automatically unpaired from the regular services and paired with the DR ones. In order to pair your endpoint with the DR services, you need to repeat the current procedure. To speed up the procedure and prevent sudden spikes in requests, it is recommended that you create both the endpoint for regular services and the endpoint for DR services in parallel and request their pairing, respectively, with the Talend regular services and the DR services for PrivateLink.

  3. Configure DNS for the main private endpoint, the US WEST one explained above.
    1. Create a private DNS zone and name it as us-west.cloud.talend.com.
      This is the destination domain to which you need to route traffic. For further information about an Azure private DNS zone, see What is a private DNS zone from the Azure documentation.
    2. In this private hosted zone, create an @ record and a wildcard (*) record, both of type A (meaning an Alias record), to match all the hostnames of a given Talend environment.
    3. In the Value fields of both the @ and the * records, enter the private IP address for PrivateLink.
      This configuration ensures that the principal domain and the sub-domains, specified or not, of your Talend environment are all directed to this private IP address for PrivateLink.
    4. Associate this private DNS zone with the VNet in which you need to deploy your engines.
    For further information about Azure private endpoint DNS configuration, see Azure private DNS configuration from the Azure documentation.
  4. Trigger the Talend disaster recovery failover when needs be, by updating the above-mentioned DNS to the disaster recovery private endpoint.
    1. Open the existing private DNS zone named as us-west.cloud.talend.com.
    2. In this private hosted zone, create a wildcard (*) record of type A (meaning an Alias record) to match all the hostnames of a given Talend environment.
    3. In the Value field of this record, enter the private IP address for the disaster recovery Private Link.
  5. Send to Talend a request for Private Link pairing with Talend Cloud.
    Note that you need to provide Talend with the following information:
    • The name of this Private Endpoint.
    • Create a Talend support case and provide the case number.
  6. Wait for Talend to accept the pairing.

    Once receiving your request, Talend sends this request to a verification workflow and eventually accepts the Private Link pairing from your VNet. Then Talend informs you of this update.

  7. Deploy Talend Remote Engine as usual. If your engines have been already deployed, restart them.

    All Talend engines on a same VNet must be all using Private Link or none using Private Link. If you want some engines to use Private Link and some others not to, use multiple VNets.

Results

Starting from the date your request is received, the entire process takes up to 5 business days.

Once your PrivateLink connections with Talend start to work, only the requests sent to the <env>.cloud.talend.com sub-domains are routed via a PrivateLink connection. If you need to use resources outside these domains, you must allow access to the public Internet. For example, if you need to use the Talend Cloud login page in a browser, set up a NAT gateway.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!