Temenos Cloud Private Endpoint Configuration - V2

Private Endpoint Configuration
Information in this document is subject to change without notice.
No part of this document may be reproduced or transmitted in any form or by any means,
for any purpose, without the express written permission of TEMENOS HEADQUARTERS SA.
© 2020 Temenos Headquarters SA - all rights reserved.

Temenos Cloud Services – Private Endpoint Configuration
Table of Contents
Table of Contents .................................................................................................................................... 2
Document History.................................................................................................................................... 3
Ownership ............................................................................................................................................... 3
Distribution and Confidentiality ............................................................................................................... 3
Introduction ............................................................................................................................................. 4
Prerequisites ........................................................................................................................................... 4
Configure Private Endpoint ..................................................................................................................... 4
Additional Configurations for File Transfer ............................................................................................. 9
Create the Private DNS Zone .............................................................................................................. 9
Use as File Share .............................................................................................................................. 13
Access File Service using Azure Storage Explorer ........................................................................... 14
2 Temenos Cloud Services

Document History
Author Version Date
Temenos Cloud Services 1.0 March 2020
Temenos Cloud Services 2.0 May 2020
Comments:
Ownership
This document is written, owned and managed by Temenos Cloud Services business.
The document may be updated from time to time.
Distribution and Confidentiality

The information contained in this document is intended for Temenos internal use only and is Temenos
confidential information. Any reproduction, disclosure or distribution of this document, in whole or in
part, is strictly prohibited. This document is confidential for external use and is only distributed to certain
clients under terms of confidentiality for review and informational purposes only. The document is
provided on an as is basis and no warranties are made as to the information in this document.

Introduction
This document provides guidance on how to configure Private Endpoint to connect Temenos Cloud
Services, such as File Transfer service or the services to be published using bank’s public Internet
domain, such as API services and Internet Banking services.
Azure Private Endpoint is a network interface that connects you privately and securely to a service
powered by Azure Private Link.
The Private Endpoint uses a private IP address from your VNet, effectively bringing the service into
your VNet.
More information about Azure Private Link and Private Endpoint is available in Microsoft Azure
documentation at https://docs.microsoft.com/en-us/azure/private-link/
Prerequisites
Find below the prerequisites needed to configure the Private Endpoint of Temenos Cloud:
1. Azure VNet.
2. A subnet in the VNet to provision the Private Endpoint.
3. Owner permission to the Azure VNet.
4. Owner permission to the Azure Resource Group.
Configure Private Endpoint

Find below the steps on how to configure the Private Endpoint using Azure Portal:
1. Logon to Azure portal.
2. Select the Create a resource option from the top let menu.
3. Search and select the Private Link option.
4. Click on the Create button to open Private Link Center page.

5. From the displayed left menu select Private endpoints.
6. To create an endpoint, click on the Add button on the top toolbar. This will open the Create a
private endpoint page.

7. On the Basics tab:

• Select the Subscription from the drop-down list.
• Select the Resource group from the drop-down list.
• Type the Name for the instance.
• Select the Region of your VNet.
• Fill all the information and click on the Next Resource > button.
8. On the Resource tab:

• Select from the Connection method field the option: Connect to an Azure resource by
resource ID or alias.
• Complete the field Resource ID or alias* with the information that will be provided by
Temenos Cloud.

When creating a Private Endpoint for file service, depending on the alias or the resource id provided by
Temenos Cloud, the Resource tab may get populated with additional fields, such as Target sub-
resource field.
When required, the additional information related to target sub-resources field will be provided by
Temenos Cloud.
Note: Some of the Azure resource ids and values are case sensitive, therefore, always use the
information provided by Temenos Cloud with the same case.
• In the Request message field, type a message that will be visible to Temenos Cloud.
• Click on the Next : Configuration > button.

9. On the Configuration tab:

• Select the Virtual network option.
• Select the Subnet where you need to have the Private Endpoint.
• Click on the Next: Tags > button.
10. Add any Tags you need in the Tags tab.

11. Click on the Next : Review + create > button.
12. Review the information and click on the Create button to provision the Private Endpoint.
13. Once the deployment is completed you can find the Private Endpoint resource in the Resource
group section.
Note: The connection will be in Pending Approval status. Please contact Temenos Cloud to
approve your endpoint. Once approved, the status will be changed to Approved.
The Private IP of the resource is your local IP to connect to Temenos Cloud service endpoint. Please
make a note of Private IP and Private link resource value, which would be required for the next steps.
Note: Once the Temenos Cloud Private Endpoint is configured and approved, please contact Temenos
Cloud for additional information on how to consume the service offered by the Private Endpoint

Additional Configurations for File Transfer

The steps in this section should only be followed if the Private Endpoint created using the previous
steps is for a File Transfer service.
Create the Private DNS Zone

In some cases, Azure Portal will automatically create and configure the private DNS zone in your
resource group. Please check whether “privatelink.file.core.windows.net” is available in your
resource group, prior to continue the steps. If it is available, please skip to the step 10 to
create/validate the DNS “A” record.
1. Logon to Azure portal.
2. Select the Create a resource option from the top left menu.
3. Search and select the Private DNS zone option.
4. Click on the Create button to open Create Private DNS zone page

5. On the Basics tab:

• Select the Subscription from the drop-down list.
• Select the Resource group from the drop-down list.
• Type the Name privatelink.file.core.windows.net for the instance.
• Complete all the information and click on the Next : Tags > button.
6. Add any tags you need in the Tags tab.

7. Click on the Next : Review + create > button.
8. Review and click on the Create button to provision the Private DNS zone.
9. Once the deployment is completed, you can find the Private DNS zone resource in the Resource
group section.

10. Click the newly created Private DNS zone, privatelink.file.core.windows.net, to open the
Overview page.
11. Click on the + Record set button on the top toolbar to open Add record set window
• Type the Name provided by Temenos Cloud or the Private link resource noted at the end
of Private Endpoint creation
• Leave the record Type as A
• Change TTL as necessary. Default value 1 hour is the general recommendation
• Type the Private Endpoint IP address noted at the end of Private Endpoint in the IP address
field
• Click on the OK button to create the DNS record

12. Once the DNS record is created, select Virtual network links from the left menu, under Settings
13. Click + Add button on the top toolbar to open Add virtual network link page.
• Type a name for the virtual network link.
• Select your subscription from the drop-down list.
• Select the Virtual Network where the Private Endpoint was created from the drop-down list.
• Click on the OK button to create the virtual network link.
14. Once the virtual network link is created, close the privatelink.file.core.windows.net Private
DNS zone window.
Private DNS zone is now configured to connect to the file transfer service using your Private
Endpoint IP. Any VMs in the VNet may need to restart to pick up the DNS changes.
The file transfer service can access from the VMs as a mount drive or using Azure Storage
Explorer. Please refer the respective sections for the user guide.

15. To test the name resolution,

• Remote Desktop to a VM in your VNet where the Private Endpoint is created
• Enter nslookup <FQDN of the Private Endpoint created above>. You'll receive a message
similar to below:
“Server: UnKnown
Address: 168.63.129.16
Non-authoritative answer:
Name: mystorageaccount123123.privatelink.blob.core.windows.net
Address: 10.0.0.5
Aliases: mystorageaccount.blob.core.windows.net”
Use as File Share

Temenos Cloud file transfer service can be used as a standard Azure file share within your Azure
VNet. Following articles describe how to use an Azure file share with Windows and Linux
• Windows
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
• Linux
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-linux
The required parameters or values for the configuration are explained below:
• The “Private link resource” noted at the end of Private Endpoint creation is to be used as the
“Storage account name”.
• The key to be used as the “Storage account key” will be provided by Temenos Cloud.
• “File share name” will be provided by Temenos Cloud.

Access File Service using Azure Storage Explorer

If the file service going to be access using a tool rather than as a mount drive, Temenos Cloud
recommends using Azure Storage Explorer instead of 3rd party tools.
https://azure.microsoft.com/en-us/features/storage-explorer/
1. Remote Desktop to a VM in your VNet where the Private Endpoint is created.
2. Install Azure Storage Explorer.
3. Within Azure Storage Explorer, select “Storage Accounts” with the right-click.
4. Select “Connect to Azure storage…”

5. In the Connect to Azure Storage, select the option: Use a storage account name and a key.
• Click on the Next button.

6. In the Connect with Name and Key screen:

• Type in the Display name field a preferred name.
• In the Account name field, enter the Private link resource noted at the end of Private
Endpoint creation.
• In the Account key field, enter the key that will be provided by Temenos Cloud.
• Click on the Next button.

7. In the Connection Summary screen, review the information and click on the Connect button
8. Expand the storage account added to Azure Storage Explorer and Files Shares to access the
file share.

Temenos Cloud Private Endpoint Configuration - V2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Temenos Cloud Private Endpoint Configuration - V2

Uploaded by

Copyright:

Available Formats

Private Endpoint Configuration

Information in this document is subject to change without notice.

© 2020 Temenos Headquarters SA - all rights reserved.

2 Temenos Cloud Services

Author Version Date

Temenos Cloud Services 1.0 March 2020

Temenos Cloud Services 2.0 May 2020

Distribution and Confidentiality

3 Temenos Cloud Services

Configure Private Endpoint

4 Temenos Cloud Services

5. From the displayed left menu select Private endpoints.

5 Temenos Cloud Services

7. On the Basics tab:

8. On the Resource tab:

6 Temenos Cloud Services

7 Temenos Cloud Services

9. On the Configuration tab:

10. Add any Tags you need in the Tags tab.

8 Temenos Cloud Services

Additional Configurations for File Transfer

Create the Private DNS Zone

9 Temenos Cloud Services

5. On the Basics tab:

6. Add any tags you need in the Tags tab.

10 Temenos Cloud Services

11 Temenos Cloud Services

12 Temenos Cloud Services

15. To test the name resolution,

Use as File Share

13 Temenos Cloud Services

Access File Service using Azure Storage Explorer

14 Temenos Cloud Services

15 Temenos Cloud Services

6. In the Connect with Name and Key screen:

16 Temenos Cloud Services

17 Temenos Cloud Services

You might also like