Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

APIM and Private Endpoints

  • May 4, 2023
  • 4 min read
Cloud and Virtualization Architect. Florent is specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.
Cloud and Virtualization Architect. Florent is specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.

Microsoft released the private endpoint feature, for APIM, for all SKUs. Before, it was only for developers and Premium SKU. In this article, we will see how to make our APIm fully private, to publish APIs internally only. The documentation is available here: https://learn.microsoft.com/en-us/azure/api-management/private-endpoint

To start, deploy a basic APIM for example. If I do a curl on the echo api deployed by default, we can see that it works:

curl -v https://starwind-apim.azure-api.net/echo/resource?param1=sample

Deploy a basic APIM for example

Now, we will add our private endpoint to be able to disable the public access. Go to the network tab of your APIM, Inbound private endpoint connections and create a new private endpoint, and register it in the private DNS zone:

Inbound private endpoint connections

I created a VM, in the same VNet, to test the connectivity to this Private Endpoint:

I created a VM, in the same VNet, to test the connectivity to this Private Endpoint

As you can see, we can access the API through the private endpoint. So next step is to disable the public access, with az rest command (not available in the portal currently):

Disable the public access, with az rest command

After a few minutes, the public access is disabled:

The public access is disabled

As you can see, we can’t access the APIM anymore through the public path, but we can always target it with the private endpoint:

We can’t access the APIM anymore through the public path, but we can always target it with the private endpoint

As you can see, it is very simple to put an APIM private now, and not pay too much 😊

In the next article, we will see how to expose the APIM, through an Azure Application Gateway to have it publicly available and keep the private part too.

 

Hey! Found Florent’s article helpful? Looking to deploy a new, easy-to-manage, and cost-effective hyperconverged infrastructure?
Alex Bykovskyi
Alex Bykovskyi StarWind Virtual HCI Appliance Product Manager
Well, we can help you with this one! Building a new hyperconverged environment is a breeze with StarWind Virtual HCI Appliance (VHCA). It’s a complete hyperconverged infrastructure solution that combines hypervisor (vSphere, Hyper-V, Proxmox, or our custom version of KVM), software-defined storage (StarWind VSAN), and streamlined management tools. Interested in diving deeper into VHCA’s capabilities and features? Book your StarWind Virtual HCI Appliance demo today!