Professional Documents
Culture Documents
No part of this document may be reproduced or transmitted in any form or by any means,
for any purpose, without the express written permission of TEMENOS HEADQUARTERS SA.
Table of Contents
Table of Contents .................................................................................................................................... 2
Document History.................................................................................................................................... 3
Ownership ............................................................................................................................................... 3
Distribution and Confidentiality ............................................................................................................... 3
Introduction ............................................................................................................................................. 4
Prerequisites ........................................................................................................................................... 4
Configure Private Endpoint ..................................................................................................................... 4
Additional Configurations for File Transfer ............................................................................................. 9
Create the Private DNS Zone .............................................................................................................. 9
Use as File Share .............................................................................................................................. 13
Access File Service using Azure Storage Explorer ........................................................................... 14
Document History
Comments:
Ownership
This document is written, owned and managed by Temenos Cloud Services business.
The document may be updated from time to time.
Introduction
This document provides guidance on how to configure Private Endpoint to connect Temenos Cloud
Services, such as File Transfer service or the services to be published using bank’s public Internet
domain, such as API services and Internet Banking services.
Azure Private Endpoint is a network interface that connects you privately and securely to a service
powered by Azure Private Link.
The Private Endpoint uses a private IP address from your VNet, effectively bringing the service into
your VNet.
More information about Azure Private Link and Private Endpoint is available in Microsoft Azure
documentation at https://docs.microsoft.com/en-us/azure/private-link/
Prerequisites
Find below the prerequisites needed to configure the Private Endpoint of Temenos Cloud:
1. Azure VNet.
2. A subnet in the VNet to provision the Private Endpoint.
3. Owner permission to the Azure VNet.
4. Owner permission to the Azure Resource Group.
6. To create an endpoint, click on the Add button on the top toolbar. This will open the Create a
private endpoint page.
When creating a Private Endpoint for file service, depending on the alias or the resource id provided by
Temenos Cloud, the Resource tab may get populated with additional fields, such as Target sub-
resource field.
When required, the additional information related to target sub-resources field will be provided by
Temenos Cloud.
Note: Some of the Azure resource ids and values are case sensitive, therefore, always use the
information provided by Temenos Cloud with the same case.
• In the Request message field, type a message that will be visible to Temenos Cloud.
• Click on the Next : Configuration > button.
The Private IP of the resource is your local IP to connect to Temenos Cloud service endpoint. Please
make a note of Private IP and Private link resource value, which would be required for the next steps.
Note: Once the Temenos Cloud Private Endpoint is configured and approved, please contact Temenos
Cloud for additional information on how to consume the service offered by the Private Endpoint
10. Click the newly created Private DNS zone, privatelink.file.core.windows.net, to open the
Overview page.
11. Click on the + Record set button on the top toolbar to open Add record set window
• Type the Name provided by Temenos Cloud or the Private link resource noted at the end
of Private Endpoint creation
• Leave the record Type as A
• Change TTL as necessary. Default value 1 hour is the general recommendation
• Type the Private Endpoint IP address noted at the end of Private Endpoint in the IP address
field
• Click on the OK button to create the DNS record
12. Once the DNS record is created, select Virtual network links from the left menu, under Settings
13. Click + Add button on the top toolbar to open Add virtual network link page.
• Type a name for the virtual network link.
• Select your subscription from the drop-down list.
• Select the Virtual Network where the Private Endpoint was created from the drop-down list.
• Click on the OK button to create the virtual network link.
14. Once the virtual network link is created, close the privatelink.file.core.windows.net Private
DNS zone window.
Private DNS zone is now configured to connect to the file transfer service using your Private
Endpoint IP. Any VMs in the VNet may need to restart to pick up the DNS changes.
The file transfer service can access from the VMs as a mount drive or using Azure Storage
Explorer. Please refer the respective sections for the user guide.
• Linux
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-linux
The required parameters or values for the configuration are explained below:
• The “Private link resource” noted at the end of Private Endpoint creation is to be used as the
“Storage account name”.
• The key to be used as the “Storage account key” will be provided by Temenos Cloud.
• “File share name” will be provided by Temenos Cloud.
5. In the Connect to Azure Storage, select the option: Use a storage account name and a key.
• Click on the Next button.
7. In the Connection Summary screen, review the information and click on the Connect button
8. Expand the storage account added to Azure Storage Explorer and Files Shares to access the
file share.