or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

asset-management.mdasset-tracks.mdcontent-delivery-streaming.mdcontent-protection.mdencoding-transforms.mdindex.mdlive-streaming.mdlocation-management.mdmedia-filters.mdmedia-services-management.mdnetwork-security.mdoperations-monitoring.md

network-security.mddocs/

0
# Network Security
1


2
Comprehensive network security capabilities through private endpoints and private link resources for secure connectivity to media services. Enables access through private networks without exposure to the public internet, supporting Azure virtual network integration and secure media workflows.
3


4
## Capabilities
5


6
### Private Endpoint Connection Management
7


8
Manage private endpoint connections that provide secure, private connectivity to media services from virtual networks.
9


10
```python { .api }
11
def list(
12
    resource_group_name: str,
13
    account_name: str
14
) -> PrivateEndpointConnectionListResult:
15
    """
16
    List all private endpoint connections for a media service account.
17
    
18
    Parameters:
19
    - resource_group_name: Name of the resource group (str)
20
    - account_name: Name of the media service account (str)
21
    
22
    Returns:
23
    PrivateEndpointConnectionListResult containing all private endpoint connections
24
    """
25


26
def get(
27
    resource_group_name: str,
28
    account_name: str,
29
    name: str
30
) -> PrivateEndpointConnection:
31
    """
32
    Get a specific private endpoint connection with complete configuration.
33
    
34
    Parameters:
35
    - resource_group_name: Name of the resource group (str)
36
    - account_name: Name of the media service account (str)
37
    - name: Name of the private endpoint connection (str)
38
    
39
    Returns:
40
    PrivateEndpointConnection object with connection details and status
41
    """
42


43
def create_or_update(
44
    resource_group_name: str,
45
    account_name: str,
46
    name: str,
47
    parameters: PrivateEndpointConnection
48
) -> PrivateEndpointConnection:
49
    """
50
    Create or update a private endpoint connection.
51
    
52
    Parameters:
53
    - resource_group_name: Name of the resource group (str)
54
    - account_name: Name of the media service account (str)
55
    - name: Name for the private endpoint connection (str)
56
    - parameters: Private endpoint connection configuration (PrivateEndpointConnection)
57
    
58
    Returns:
59
    Created or updated PrivateEndpointConnection object
60
    """
61


62
def delete(resource_group_name: str, account_name: str, name: str) -> None:
63
    """
64
    Delete a private endpoint connection.
65
    
66
    Parameters:
67
    - resource_group_name: Name of the resource group (str)
68
    - account_name: Name of the media service account (str)
69
    - name: Name of the private endpoint connection (str)
70
    
71
    Returns:
72
    None
73
    """
74
```
75


76
### Private Link Resource Management
77


78
Manage private link resources that define the sub-resources available for private endpoint connections.
79


80
```python { .api }
81
def list(
82
    resource_group_name: str,
83
    account_name: str
84
) -> PrivateLinkResourceListResult:
85
    """
86
    List all private link resources for a media service account.
87
    
88
    Parameters:
89
    - resource_group_name: Name of the resource group (str)
90
    - account_name: Name of the media service account (str)
91
    
92
    Returns:
93
    PrivateLinkResourceListResult containing available private link resources
94
    """
95


96
def get(
97
    resource_group_name: str,
98
    account_name: str,
99
    name: str
100
) -> PrivateLinkResource:
101
    """
102
    Get a specific private link resource with configuration details.
103
    
104
    Parameters:
105
    - resource_group_name: Name of the resource group (str)
106
    - account_name: Name of the media service account (str)
107
    - name: Name of the private link resource (str)
108
    
109
    Returns:
110
    PrivateLinkResource object with resource details and supported sub-resources
111
    """
112
```
113


114
## Data Types
115


116
```python { .api }
117
class PrivateEndpointConnection:
118
    """Private endpoint connection configuration."""
119
    name: str
120
    id: str
121
    type: str
122
    private_endpoint: PrivateEndpoint
123
    private_link_service_connection_state: PrivateLinkServiceConnectionState
124
    provisioning_state: str  # PrivateEndpointConnectionProvisioningState enum
125
    
126
class PrivateEndpoint:
127
    """Private endpoint reference."""
128
    id: str
129
    
130
class PrivateLinkServiceConnectionState:
131
    """Connection state for private link service."""
132
    status: str  # PrivateEndpointServiceConnectionStatus enum (Pending, Approved, Rejected)
133
    description: str
134
    actions_required: str
135
    
136
class PrivateEndpointConnectionListResult:
137
    """List of private endpoint connections."""
138
    value: List[PrivateEndpointConnection]
139
    
140
class PrivateLinkResource:
141
    """Private link resource definition."""
142
    name: str
143
    id: str
144
    type: str
145
    group_id: str
146
    required_members: List[str]
147
    required_zone_names: List[str]
148
    
149
class PrivateLinkResourceListResult:
150
    """List of private link resources."""
151
    value: List[PrivateLinkResource]
152
```
153


154
## Usage Examples
155


156
### List Available Private Link Resources
157


158
```python
159
from azure.mgmt.media import AzureMediaServices
160
from azure.identity import DefaultAzureCredential
161


162
client = AzureMediaServices(
163
    credential=DefaultAzureCredential(),
164
    subscription_id="your-subscription-id"
165
)
166


167
# List available private link resources
168
private_link_resources = client.private_link_resources.list(
169
    resource_group_name="my-resource-group",
170
    account_name="my-media-service"
171
)
172


173
print("Available private link resources:")
174
for resource in private_link_resources.value:
175
    print(f"Name: {resource.name}")
176
    print(f"Group ID: {resource.group_id}")
177
    print(f"Required members: {', '.join(resource.required_members)}")
178
    if resource.required_zone_names:
179
        print(f"Required DNS zones: {', '.join(resource.required_zone_names)}")
180
    print()
181
```
182


183
### Manage Private Endpoint Connections
184


185
```python
186
from azure.mgmt.media.models import (
187
    PrivateEndpointConnection, PrivateLinkServiceConnectionState,
188
    PrivateEndpointServiceConnectionStatus
189
)
190


191
# List existing private endpoint connections
192
connections = client.private_endpoint_connections.list(
193
    resource_group_name="my-resource-group",
194
    account_name="my-media-service"
195
)
196


197
print("Existing private endpoint connections:")
198
for connection in connections.value:
199
    print(f"Name: {connection.name}")
200
    print(f"Status: {connection.private_link_service_connection_state.status}")
201
    print(f"Description: {connection.private_link_service_connection_state.description}")
202
    print(f"Provisioning state: {connection.provisioning_state}")
203
    print()
204


205
# Approve a pending private endpoint connection
206
if connections.value:
207
    connection = connections.value[0]
208
    
209
    if connection.private_link_service_connection_state.status == "Pending":
210
        # Update connection state to approved
211
        connection.private_link_service_connection_state = PrivateLinkServiceConnectionState(
212
            status=PrivateEndpointServiceConnectionStatus.APPROVED,
213
            description="Connection approved for secure media access"
214
        )
215
        
216
        updated_connection = client.private_endpoint_connections.create_or_update(
217
            resource_group_name="my-resource-group",
218
            account_name="my-media-service",
219
            name=connection.name,
220
            parameters=connection
221
        )
222
        
223
        print(f"Connection approved: {updated_connection.name}")
224
```
225


226
### Create Private Endpoint (ARM Template Example)
227


228
Since private endpoint creation typically happens from the client side (virtual network), here's an example of the configuration that would be used:
229


230
```python
231
# This would typically be done via ARM template or Azure CLI
232
# Here's the conceptual configuration for reference
233
private_endpoint_config = {
234
    "type": "Microsoft.Network/privateEndpoints",
235
    "name": "media-service-private-endpoint",
236
    "location": "East US",
237
    "properties": {
238
        "subnet": {
239
            "id": "/subscriptions/sub-id/resourceGroups/network-rg/providers/Microsoft.Network/virtualNetworks/my-vnet/subnets/media-subnet"
240
        },
241
        "privateLinkServiceConnections": [
242
            {
243
                "name": "media-service-connection",
244
                "properties": {
245
                    "privateLinkServiceId": "/subscriptions/sub-id/resourceGroups/my-resource-group/providers/Microsoft.Media/mediaservices/my-media-service",
246
                    "groupIds": ["keydelivery"]  # or "streamingendpoint"
247
                }
248
            }
249
        ]
250
    }
251
}
252


253
print("Private endpoint would be created with this configuration in the virtual network")
254
print("The media service will then show the connection as pending for approval")
255
```
256


257
### Monitor Private Endpoint Connection Status
258


259
```python
260
import time
261


262
def monitor_private_endpoint_connection(
263
    client, 
264
    resource_group_name: str, 
265
    account_name: str, 
266
    connection_name: str
267
):
268
    """Monitor private endpoint connection status."""
269
    
270
    while True:
271
        connection = client.private_endpoint_connections.get(
272
            resource_group_name=resource_group_name,
273
            account_name=account_name,
274
            name=connection_name
275
        )
276
        
277
        status = connection.private_link_service_connection_state.status
278
        provisioning_state = connection.provisioning_state
279
        
280
        print(f"Connection status: {status}")
281
        print(f"Provisioning state: {provisioning_state}")
282
        
283
        if status == "Approved" and provisioning_state == "Succeeded":
284
            print("Private endpoint connection is ready")
285
            break
286
        elif status == "Rejected":
287
            print("Private endpoint connection was rejected")
288
            break
289
        elif provisioning_state == "Failed":
290
            print("Private endpoint connection provisioning failed")
291
            break
292
        
293
        time.sleep(10)
294


295
# Example usage
296
# monitor_private_endpoint_connection(
297
#     client, 
298
#     "my-resource-group", 
299
#     "my-media-service", 
300
#     "media-private-endpoint-connection"
301
# )
302
```
303


304
### Configure DNS for Private Endpoint
305


306
```python
307
# Example DNS configuration for private endpoint resolution
308
dns_config_example = {
309
    "private_dns_zone": "privatelink.media.azure.net",
310
    "dns_records": [
311
        {
312
            "name": "my-media-service",
313
            "type": "A", 
314
            "value": "10.0.1.4"  # Private IP of the private endpoint
315
        }
316
    ],
317
    "virtual_network_links": [
318
        {
319
            "vnet_id": "/subscriptions/sub-id/resourceGroups/network-rg/providers/Microsoft.Network/virtualNetworks/my-vnet",
320
            "registration_enabled": False
321
        }
322
    ]
323
}
324


325
print("DNS configuration for private endpoint resolution:")
326
print(f"Private DNS Zone: {dns_config_example['private_dns_zone']}")
327
print("This would typically be configured via Azure Private DNS zones")
328
```