What is a Synapse Private Link Hub?
Synapse Private Link Hubs are used to connect to the WEB endpoint for Synapse Studio, web.azuresynapse.net. The Web endpoint is used to load the studio (loading the static content Synapse Studio over private links). NOTE: This is different from the Dev and provisioned/dedicated SQL pools, or Spark pools endpoints. You must create separate, private endpoints to the resources you wish to connect to within the workspace.
Synapse Analytics private link hubs are Azure resources which act as connectors between your secured network and the Synapse Studio web experience.
Why would I need a Synapse Private Link Hub?
Private link hubs are required to secure the end-to-end connection to Synapse Studio where public traffic is blocked from the customer’s environment. Link hub enables private connection from a customer’s environment to the Synapse Studio.
Do I need a different web endpoint for each workspace?
The web endpoint is the same for all workspaces, customers only need one private link hub and one endpoint per subscription. They do not need a separate hub/endpoint for each workspace.
Can we Deny Public Network Access enabled for Link Hub?
It’s not possible to Deny public access, because the endpoint is same for every single workspace web.azuresynapse.net. Deny Public Network access can be enabled at workspace level specific endpoints (DEV, SQL, SQL-On Demand).
Always good idea to keep Link Hub and Private endpoint in core subscription. NOTE: Only when Private link hub and private end point can’t be accessible in another subscription then we need separate per subscription.
References:
Connect to a Synapse Studio using private links — Azure Synapse Analytics | Microsoft Learn
