0
# Private Link Resources
1
2
Management of private endpoint connections and private link resources for Azure Recovery Services vaults. Private Link enables secure, private connectivity to Recovery Services vaults over Azure's backbone network, ensuring that backup and recovery traffic doesn't traverse the public internet.
3
4
## Capabilities
5
6
### List Private Link Resources
7
8
Retrieves all private link resources that need to be created for backup and site recovery operations.
9
10
```python { .api }
11
def list(resource_group_name: str, vault_name: str, **kwargs) -> ItemPaged[PrivateLinkResource]:
12
"""
13
Returns the list of private link resources that need to be created for Backup and SiteRecovery.
14
15
Parameters:
16
- resource_group_name: str - The name of the resource group
17
- vault_name: str - The name of the recovery services vault
18
19
Returns:
20
ItemPaged[PrivateLinkResource]: An iterator of private link resources
21
"""
22
```
23
24
**Usage Example:**
25
26
```python
27
# List all private link resources for a vault
28
private_link_resources = client.private_link_resources.list(
29
resource_group_name="my-rg",
30
vault_name="my-vault"
31
)
32
33
for resource in private_link_resources:
34
print(f"Private Link Resource: {resource.name}")
35
print(f" Group IDs: {resource.properties.group_ids}")
36
print(f" Required Members: {resource.properties.required_members}")
37
print(f" Required Zone Names: {resource.properties.required_zone_names}")
38
```
39
40
### Get Private Link Resource
41
42
Retrieves details about a specific private link resource.
43
44
```python { .api }
45
def get(
46
resource_group_name: str,
47
vault_name: str,
48
private_link_resource_name: str,
49
**kwargs
50
) -> PrivateLinkResource:
51
"""
52
Returns a specified private link resource that needs to be created for Backup and SiteRecovery.
53
54
Parameters:
55
- resource_group_name: str - The name of the resource group
56
- vault_name: str - The name of the recovery services vault
57
- private_link_resource_name: str - The name of the private link resource
58
59
Returns:
60
PrivateLinkResource: The private link resource details
61
"""
62
```
63
64
**Usage Example:**
65
66
```python
67
# Get specific private link resource
68
private_link_resource = client.private_link_resources.get(
69
resource_group_name="my-rg",
70
vault_name="my-vault",
71
private_link_resource_name="AzureBackup"
72
)
73
74
print(f"Resource Name: {private_link_resource.name}")
75
print(f"Resource Type: {private_link_resource.type}")
76
print(f"Group IDs: {private_link_resource.properties.group_ids}")
77
78
# Check if DNS zone names are required
79
if private_link_resource.properties.required_zone_names:
80
print("Required DNS Zones:")
81
for zone in private_link_resource.properties.required_zone_names:
82
print(f" - {zone}")
83
```
84
85
## Private Link Types
86
87
### Private Link Resource
88
89
```python { .api }
90
class PrivateLinkResource:
91
"""
92
Information of the private link resource.
93
94
Parameters:
95
- id: Optional[str] - Fully qualified identifier of the resource
96
- name: Optional[str] - Name of the resource
97
- type: Optional[str] - Type of the resource
98
- properties: Optional[PrivateLinkResourceProperties] - Properties of private link resource
99
"""
100
```
101
102
### Private Link Resource Properties
103
104
```python { .api }
105
class PrivateLinkResourceProperties:
106
"""
107
Properties of a private link resource.
108
109
Parameters:
110
- group_ids: Optional[List[str]] - Group Ids of the private link resource
111
- required_members: Optional[List[str]] - Required members of private link resource
112
- required_zone_names: Optional[List[str]] - Required private DNS zone names
113
"""
114
```
115
116
### Private Link Resources Collection
117
118
```python { .api }
119
class PrivateLinkResources:
120
"""
121
Class to represent the private link resources.
122
123
Parameters:
124
- value: Optional[List[PrivateLinkResource]] - List of private link resources
125
- next_link: Optional[str] - Link to the next set of results
126
"""
127
```
128
129
### Private Endpoint Connection
130
131
```python { .api }
132
class PrivateEndpointConnection:
133
"""
134
Private endpoint connection resource.
135
136
Parameters:
137
- id: Optional[str] - Fully qualified identifier of the resource
138
- name: Optional[str] - Name of the resource
139
- type: Optional[str] - Type of the resource
140
- properties: Optional[PrivateEndpointConnectionVaultProperties] - Private endpoint connection properties
141
"""
142
```
143
144
### Private Endpoint Connection Properties
145
146
```python { .api }
147
class PrivateEndpointConnectionVaultProperties:
148
"""
149
Information of the private endpoint connection resource.
150
151
Parameters:
152
- private_endpoint: Optional[PrivateEndpoint] - Private endpoint resource
153
- private_link_service_connection_state: Optional[PrivateLinkServiceConnectionState] - Connection state
154
- provisioning_state: Optional[ProvisioningState] - Provisioning state of the private endpoint connection
155
"""
156
```
157
158
### Private Endpoint
159
160
```python { .api }
161
class PrivateEndpoint:
162
"""
163
The Private Endpoint resource.
164
165
Parameters:
166
- id: Optional[str] - The ARM identifier for private endpoint
167
"""
168
```
169
170
### Private Link Service Connection State
171
172
```python { .api }
173
class PrivateLinkServiceConnectionState:
174
"""
175
A collection of information about the state of the connection between service consumer and provider.
176
177
Parameters:
178
- status: Optional[PrivateEndpointConnectionStatus] - Connection status
179
- description: Optional[str] - The reason for approval/rejection of the connection
180
- actions_required: Optional[str] - A message indicating if changes on the service provider require any updates
181
"""
182
```
183
184
## Enums
185
186
### Private Endpoint Connection Status
187
188
```python { .api }
189
class PrivateEndpointConnectionStatus(str, Enum):
190
"""
191
The private endpoint connection status.
192
"""
193
PENDING = "Pending"
194
APPROVED = "Approved"
195
REJECTED = "Rejected"
196
DISCONNECTED = "Disconnected"
197
```
198
199
### Vault Private Endpoint State
200
201
```python { .api }
202
class VaultPrivateEndpointState(str, Enum):
203
"""
204
Private endpoint state for backup.
205
"""
206
NONE = "None"
207
ENABLED = "Enabled"
208
```
209
210
### Vault Sub Resource Type
211
212
```python { .api }
213
class VaultSubResourceType(str, Enum):
214
"""
215
Sub-resource type for vault private endpoint.
216
"""
217
AZURE_BACKUP = "AzureBackup"
218
AZURE_BACKUP_SECONDARY = "AzureBackup_secondary"
219
AZURE_SITE_RECOVERY = "AzureSiteRecovery"
220
```
221
222
## Usage Patterns
223
224
### Setting Up Private Endpoint
225
226
```python
227
def setup_private_endpoint_for_vault(client, resource_group: str, vault_name: str):
228
"""
229
Example of how to discover and set up private endpoints for a Recovery Services vault.
230
Note: This example shows the discovery process. Actual private endpoint creation
231
requires additional Azure networking resources and permissions.
232
"""
233
234
print(f"Discovering private link resources for vault: {vault_name}")
235
236
# List all available private link resources
237
private_link_resources = client.private_link_resources.list(
238
resource_group_name=resource_group,
239
vault_name=vault_name
240
)
241
242
backup_resource = None
243
site_recovery_resource = None
244
245
for resource in private_link_resources:
246
print(f"\nPrivate Link Resource: {resource.name}")
247
print(f" Type: {resource.type}")
248
print(f" Group IDs: {resource.properties.group_ids}")
249
print(f" Required Members: {resource.properties.required_members}")
250
251
if resource.properties.required_zone_names:
252
print(f" Required DNS Zones:")
253
for zone in resource.properties.required_zone_names:
254
print(f" - {zone}")
255
256
# Identify backup and site recovery resources
257
if resource.properties.group_ids and "AzureBackup" in resource.properties.group_ids:
258
backup_resource = resource
259
elif resource.properties.group_ids and "AzureSiteRecovery" in resource.properties.group_ids:
260
site_recovery_resource = resource
261
262
# Provide setup guidance
263
if backup_resource:
264
print(f"\nTo enable private endpoint for Azure Backup:")
265
print(f" - Create private endpoint for group ID: {backup_resource.properties.group_ids[0]}")
266
if backup_resource.properties.required_zone_names:
267
print(f" - Configure private DNS zones: {', '.join(backup_resource.properties.required_zone_names)}")
268
269
if site_recovery_resource:
270
print(f"\nTo enable private endpoint for Azure Site Recovery:")
271
print(f" - Create private endpoint for group ID: {site_recovery_resource.properties.group_ids[0]}")
272
if site_recovery_resource.properties.required_zone_names:
273
print(f" - Configure private DNS zones: {', '.join(site_recovery_resource.properties.required_zone_names)}")
274
275
return {
276
"backup_resource": backup_resource,
277
"site_recovery_resource": site_recovery_resource
278
}
279
```
280
281
### Monitoring Private Endpoint Connections
282
283
```python
284
def monitor_private_endpoint_connections(vault_properties):
285
"""
286
Monitor the status of private endpoint connections for a vault.
287
"""
288
289
if not vault_properties or not vault_properties.private_endpoint_connections:
290
print("No private endpoint connections found")
291
return
292
293
print("Private Endpoint Connections Status:")
294
295
for connection in vault_properties.private_endpoint_connections:
296
print(f"\nConnection: {connection.name}")
297
print(f" ID: {connection.id}")
298
299
if connection.properties:
300
# Check connection state
301
if connection.properties.private_link_service_connection_state:
302
state = connection.properties.private_link_service_connection_state
303
print(f" Status: {state.status}")
304
print(f" Description: {state.description}")
305
306
if state.actions_required:
307
print(f" Actions Required: {state.actions_required}")
308
309
# Check provisioning state
310
if connection.properties.provisioning_state:
311
print(f" Provisioning State: {connection.properties.provisioning_state}")
312
313
# Show private endpoint details
314
if connection.properties.private_endpoint:
315
print(f" Private Endpoint ID: {connection.properties.private_endpoint.id}")
316
```
317
318
### Checking Private Endpoint State
319
320
```python
321
def check_vault_private_endpoint_state(vault):
322
"""
323
Check the private endpoint state for backup and site recovery.
324
"""
325
326
if not vault.properties:
327
print("Vault properties not available")
328
return
329
330
props = vault.properties
331
332
# Check backup private endpoint state
333
if hasattr(props, 'private_endpoint_state_for_backup'):
334
backup_state = props.private_endpoint_state_for_backup
335
print(f"Private Endpoint State for Backup: {backup_state}")
336
337
if backup_state == VaultPrivateEndpointState.ENABLED:
338
print(" ✓ Private endpoints are enabled for backup operations")
339
else:
340
print(" ⚠ Private endpoints are not enabled for backup operations")
341
342
# Check site recovery private endpoint state
343
if hasattr(props, 'private_endpoint_state_for_site_recovery'):
344
sr_state = props.private_endpoint_state_for_site_recovery
345
print(f"Private Endpoint State for Site Recovery: {sr_state}")
346
347
if sr_state == VaultPrivateEndpointState.ENABLED:
348
print(" ✓ Private endpoints are enabled for site recovery operations")
349
else:
350
print(" ⚠ Private endpoints are not enabled for site recovery operations")
351
```