This page covers how to establish private connectivity between your dedicated instance and services running in your Azure environment that you self-host, such as MongoDB, Elasticsearch, or applications behind Azure API Management in internal VNet mode. For Azure-managed services that support Private Endpoint access natively (Blob Storage, Azure OpenAI, AI Search, Azure SQL, Cosmos DB, PostgreSQL, MySQL, Synapse, Azure Databricks), see Connecting to Azure-managed services.Documentation Index
Fetch the complete documentation index at: https://docs.unstructured.io/llms.txt
Use this file to discover all available pages before exploring further.
How it works
Customer-managed services on Azure require you to front them with an Azure Standard Load Balancer and expose them via a Private Link Service. Unstructured then creates a Private Endpoint in the Unstructured-managed environment to connect to your service privately. In Azure terminology, you are the service provider and Unstructured is the service consumer.Information exchange
The table below uses Order to indicate the general sequence of the information exchange — items with the same Order value can usually be provided at the same stage. The<DI_AZURE_SUBSCRIPTION_ID> value is a placeholder; contact your Unstructured account team or open a ticket in the Unstructured Support Portal to get the actual value for your dedicated instance.
Your service must be in the same Azure region as your dedicated instance — cross-region Private Link is not supported. The example region code in the table below is illustrative; use the region your dedicated instance is deployed in. See Known limitations.
| Order | Information Required | Description | Example | Provided by |
|---|---|---|---|---|
| 1 | Service Type | The service being accessed | MongoDB, Elasticsearch, Internal API | Customer |
| 1 | Service Region | Azure region where the service is hosted | eastus | Customer |
| 1 | Service Port | Port(s) the service listens on | 27017 (MongoDB), 9200 (Elasticsearch), 443 | Customer |
| 2 | Unstructured Azure Subscription ID | Subscription ID to add to the visibility settings of your Private Link Service | <DI_AZURE_SUBSCRIPTION_ID> | Unstructured |
| 3 | Private Link Service Resource ID | Full resource ID of your Private Link Service | /subscriptions/.../providers/Microsoft.Network/privateLinkServices/customer-app-pls | Customer |
| 3 | Service Endpoint | The endpoint hostname or IP for connection | Custom DNS or Private Link Service alias | Customer |
Steps
Step 1: Provide service information
Provide Unstructured with the service type, region, and port via support ticket. Unstructured will share the Unstructured Azure Subscription ID you need to complete Step 3.Step 2: Create a Standard Load Balancer and Private Link Service
Deploy an Azure Standard Load Balancer in front of your service, then create a Private Link Service attached to the load balancer’s frontend IP configuration. Learn how. Using the Azure CLI:<RESOURCE_GROUP>— Resource group for the Private Link Service and related resources<VNET_NAME>— Virtual network name<SUBNET_NAME>— Subnet used for the Private Link Service (must meet Azure subnet requirements for Private Link)<LOAD_BALANCER_NAME>— Name of the Standard Load Balancer fronting your application<FRONTEND_IP_CONFIG_NAME>— Frontend IP configuration name on the load balancer<REGION>— Azure region (for exampleeastus)
Step 3: Add Unstructured’s subscription to your Private Link Service visibility
Update the visibility settings on your Private Link Service to include Unstructured’s Azure Subscription ID so Unstructured can create a Private Endpoint connecting to it. Learn how.Step 4: Share your Private Link Service details with Unstructured
Provide Unstructured with your Private Link Service Resource ID and service endpoint via support ticket. Unstructured will create a Private Endpoint in the Unstructured-managed environment targeting your service.Step 5: Approve Unstructured’s connection request
Once Unstructured creates the Private Endpoint, a connection request appears on your Private Link Service. Approve it as soon as possible to avoid delays. Learn how. Using the Azure CLI:<CONNECTION_NAME> with the name of the pending connection request (shown in the Azure portal or provided by Unstructured).