> Software > Secure > Cleanroom recovery > Cloud-based cleanrooms > Technical reference

Using an Azure private endpoint with a cleanroom recovery site

You can use an Azure private endpoint with a cleanroom recovery site.

Prerequisites

  • The cleanroom recovery feature used for secure data recovery/testing.

  • An existing Azure environment with customer storage account configured to use a private endpoint.

  • An existing virtual network and subnet.

    Note

    The subnet must NOT have service endpoints for storage.

Procedure

  1. Navigate to the Azure Portal.

  2. Go to the Storage Account for which you want to enable the private endpoint.

  3. In the left-hand navigation pane, select Networking under Security + Networking.

  4. Go to Private endpoints and then click Create private endpoint.

    The Private Endpoint creation wizard appears.

  5. Select the Subscription and Resource Group where the private endpoint will be created. You may use any existing resource group.

  6. Enter a name for the private endpoint.

    The Network Interface (NIC) name is auto-generated.

  7. Select the Region.

    Ensure the region matches the region where your Virtual Network (VNet) is located.

  8. Proceed to the Resource step.

    Confirm the Resource type is set to "Microsoft.Storage/storageAccounts".

    Verify that the Resource selected is the target storage account.

  9. Under Target sub-resource, select Blob.

  10. Proceed to the Virtual Network step.

  11. Select the Virtual network (VNet) where the infrastructure exists or will be created.

    Ensure this is the same VNet selected in the infrastructure configuration for the Cleanroom target/site. For more information, see Modify settings for a cleanroom site.

    virtual network

  12. Select a compatible Subnet within the chosen VNet.

  13. Proceed to the DNS step.

  14. Create a new private DNS zone, or use an existing one, if available.

    Private DNS ensures the service hostname resolves to a private IP address instead of a public IP. If DNS is not configured:

    • The service hostname resolves to its public IP.

    • Traffic does not use the private endpoint.

    • If public access is disabled, the connection fails.

    • If public access is enabled, traffic uses the public endpoint, rendering the private endpoint ineffective.

  15. Optional: Proceed to the Tags step and then add any required or optional tags for the private endpoint and DNS resources.

  16. Proceed to the Review + Create step.

    Validate all settings.

  17. Click Create and then wait for the deployment to complete.

Page contents

×

Loading...