Private endpoints

Tiger Cloud supports private connectivity through Azure Private Link. Once configured, applications in your Azure Virtual Network reach your service through a private endpoint on Microsoft’s internal network, with no exposure to the public internet. This page walks you through authorizing your Azure subscription in Tiger Console, provisioning the private endpoint in Azure, and attaching it to your service.

Prerequisites

To follow the steps on this page:

• Create a target Tiger Cloud service with the Real-time analytics capability.

• Create an Azure account with an active subscription.
• Configure permissions to create private endpoints.
• Create an Azure Virtual Network with a subnet for the resources you will connect to Tiger Cloud.

Set up a private endpoint connection

Note

Private endpoint connections in Tiger Cloud are currently in private preview. To request access in Tiger Console, go to Security > Private Endpoints and click Request access. Then refresh the page and follow the steps below.

Take the following steps to connect your Tiger Cloud service to a Private Link endpoint.

1. Create an Azure subscription authorization

   1. In Tiger Console, select Security > Private Endpoints > Configure Private Endpoint Connection.

      

   2. In Cloud provider, select Azure.

   3. In Principal ID, enter your Azure subscription ID. Give your authorization a name, for convenience.

      Warning

      Click the checkmark next to Connection name to save your authorization. Otherwise, your input is discarded.

   4. Under Alias, copy the alias for the region in which you need to create the connection. Choose the region closest to your Azure resources for optimal performance.

   5. Click Done. Tiger Cloud confirms your authorization. Once it is confirmed, you can connect multiple endpoints from the same authorized subscription.

2. Create a private endpoint in Azure

   1. In Azure Portal, go to Private endpoints and click Create.

      

   2. In Subscription, select the subscription you have previously authorized in Tiger Cloud.

   3. In Resource group, select an existing resource group or create a new one for your private endpoint.

   4. Provide a name for your endpoint.

   5. Select the region where your Virtual Network is deployed, then click Next: Resource.

   6. In Connection method, select Connect to an Azure resource by resource ID or alias.

   7. In Resource ID or alias, paste the alias you have copied from Tiger Console.

   8. In Request message, enter your Tiger Cloud project ID, then click Next: Virtual Network.

   9. Select the Virtual Network that contains the resources you want to connect to Tiger Cloud, then choose the subnet where the endpoint’s private IP will be created. Optionally select an application security group, then click Next: DNS.

   10. Optionally configure private DNS integration and tags for your endpoint, then click Next: Review + create.

   11. Review your config and click Create. Azure creates your private endpoint. Wait for the deployment to succeed.

   12. Go to Private endpoints and copy the private endpoint IP from the Private IP column.

3. Sync the connection

   1. In Tiger Console > Security > Private Endpoints, click Refresh. Tiger Cloud automatically approves connections from authorized subscriptions. Your connection appears in the list.

      

   2. Under IP Address click Add IP and paste the private endpoint IP address you have copied from Azure Portal.

   3. Under Services click Attach service. Select your service from the dropdown and click Attach. You can attach a service to one private endpoint.

   4. From a VM inside your Azure VNet, connect to your service using a connection string with your connection details. You should be able to connect successfully.

Manage connections

• To detach a service from a private endpoint connection, go to Security > Private Endpoints, expand the arrow in the Services column, and click the trash icon next to the service connection string.
• To edit or remove an endpoint connection, go to Security > Private Endpoints and click the three dots next to the connection in the list. Select Edit or Disconnect, respectively. You need to detach all services from a private endpoint connection before deleting it.
• To remove an authorization, click Manage Authorizations > trash bin icon. You need to disconnect all relevant endpoint connections before removing an authorization.