Before you start
To configure an outbound Azure Private Link for CDF, you need:- The private link add-on purchased and part of the customer contract.
- A network administrator or infrastructure-as-code automation with permission to create Azure Private Link service resources.
Step 1: Set up the Private Link service and share the Private Link service alias/resource ID with Cognite
1
Create a Private Link service
Follow the Azure documentation to create a Private Link service.
2
Share the alias with Cognite
Share the Private Link service alias with Cognite.If you use Azure Event Grid as your MQTT broker, you don’t need to set up a Private Link service, but share the Azure Event Grid resource ID with Cognite. The resource ID has this format:
/subscriptions/<subscription_id>/resourceGroups/<resourcegroup_name>/providers/Microsoft.EventGrid/namespaces/<eventgridns_name>.Step 2: Approve the private endpoint connection request
Cognite will set up a private endpoint against the Private Link service alias/resource ID, and will provide you with the private IP address associated with the private endpoint. You need to approve the private endpoint request in the Azure portal. The request will have the nameNNN-outbound-plink-endpoint and the description Cognite Data Fusion (CDF) private endpoint.
Step 3: Set up DNS and TLS and share the hostname with Cognite
1
Create a DNS entry
Create a DNS entry for the private IP address provided by Cognite and configure TLS. The hosted extractors in CDF uses the hostname to connect to the MQTT broker. The hosted extractors uses the default MQTT ports for communication.
2
Complete the configuration
If the MQTT broker is an Azure Eventgrid namespace, follow the Azure documentation to configure a custom DNS and set up an a record to point to the above-mentioned private IP.