PostgreSQL is a powerful, open-source object-relational database system with over 35 years of active development that has earned it a strong reputation for reliability, feature robustness, and performance. The origins of PostgreSQL date back to 1986 as part of the POSTGRES project at the University of California at Berkeley and has more than 35 years of active development on the core platform.
Ever since Azure Database for PostgreSQL - Flexible Server went public years ago we have seen dramatic adoption with customers in number of industries that require secure private network access that provides flexibility, easy connectivity to other Azure services, as well as high security and isolation. To meet these customer needs, in November 2023, we announced support for Azure Private Link for private networking with Azure Database for PostgreSQL - Flexible server in Public Preview, in addition to already existing networking capabilities provided by VNET injection.
Today, we are proud to announce General Availability for Private Link based networking feature in Azure Database for PostgreSQL - Flexible Server in all public Azure regions where service is currently available.
For tutorial on how to create Postgres Flexible Server with Private Link based networking see this doc.
With Azure Private Link, traffic between your virtual network and the service navigates the Microsoft backbone network. Exposing your service to the public internet is no longer necessary. You can create your own private ink service in your virtual network and deliver it to your customers. Setup and consumption using Azure Private Link is consistent across Azure PaaS, customer-owned, and shared partner services.
Pic 1. Azure Private Link diagram
VNet injection is the virtual network integration pattern for services whose architecture is based on dedicated resources that can be deployed (aka “injected”) into the instance owner’s network. Until now it has been the only way to provide private networking for Azure PostgreSQL Flexible Server. It has certain advantages over other networking methodologies when it comes to security, isolation and technical simplicity. Well known advantages for deploying private networking with VNET injection include:
At the same time, Private Link based networking has some advantages over VNET injection , such as:
If the above disadvantages of VNET injection are important to you, we recommend you use Private Link for your private networking with PostgreSQL Flexible Server, on the other hand, if network isolation and segmentation are paramount, VNET injection may present a better choice.
At this time, you can create Private Endpoints for servers created with public networking option after GA announcement or during our public preview for subscriptions that added a preview feature, as documented previously. We are working on migration tooling that would allow older servers with public networking model to be capable of adding Private Endpoints with minimum effort and downtime.
Today, easiest way to do so is via point in time backup restore to another server. We are working on migration tooling that would allow servers under VNET Injection networking model to be migrated to public networking model and capable of adding Private Endpoints with minimum effort and downtime.
You can get more details on Private Link networking with PostgreSQL Flexible Server on our docs overview page, as well as follow how-to tutorial to add PostgreSQL Flexible Server to private network with Private Endpoint.
To learn more about our Flexible Server managed service, see the Azure Database for PostgreSQL service page. We’re always eager to hear customer feedback, so please reach out to us at Ask Azure DB for PostgreSQL.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.