Virtual Networks and Private Links for Translator are now generally available
A new security feature for the Translator service is now in generally availability: Virtual Network (VNet) capabilities for Translator, which can be used in conjunction with private links within your own virtual network. You can use VNet to treat Azure the same as you would your own datacenter, giving you an isolated and highly-secure environment to run your virtual machines and applications. You can use private IP addresses and define subnets, access control policies, and more.
Translator, part of Azure’s suite of AI-powered Cognitive Services, lets you add automatic text translation to your apps and workflows in more than 70 languages. You can also add speech-to-speech or speech-to-text translation when you use Translator with the Azure Cognitive Services Speech service. Translator is always no-trace—no part of the text you send or receive will be recorded with the Translator service. By adding VNet and private links, Translator provides additional security options for your Translator subscription.
Virtual Networks
In Azure Virtual Networks, traffic from virtual machine to virtual machine, storage, and SQL communication only moves through the Azure network, regardless of the source and destination Azure region, whether that traffic is in one region or across regions.
VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own data center, but brings with it additional benefits of Azure’s infrastructure, such as scale, availability, and isolation.
Azure Cognitive Services provides a layered security model which lets you secure Translator in a specific subset of networks. When network rules are configured, only applications requesting data over the specified set of networks can access the account. You can limit access to your resources with request filtering, allowing only requests originating from specified IP addresses, IP ranges or from a list of subnets in Azure Virtual Networks.
Private Links
Private links allow you to access Translator and your Azure hosted services over a private endpoint in your virtual network.
You can use private endpoints for Translator to allow clients on a VNet to securely access data over a Private Link. The private endpoint uses an IP address from the VNet address space for your Translator resource. Network traffic between the clients on the VNet and the resource traverses the VNet and a private link on the Microsoft backbone network, eliminating exposure from the public internet.
Private endpoints for Cognitive Services resources let you:
- Secure your Cognitive Services resource by configuring the firewall to block all connections on the public endpoint for the Translator service.
- Increase security for the VNet by enabling you to block exfiltration of data from the VNet.
- Securely connect to Translator from on-premises networks that connect to the VNet using VPN or ExpressRoutes with private-peering.