How to Establish Connectivity Between Kafka and Azure Event Hub in Cross-Tenant Subscriptions Using Private Endpoints?

Question

I have the following requirements:

Source: Kafka hosted in Azure Subscription ABC, Tenant ABC, and Region East US. Destination: Azure Event Hub configured with a private endpoint in Azure Subscription XYZ, Tenant XYZ, and Region East Asia.

Key Points and Assumptions:

I plan to follow the guidance provided in this Azure article https://learn.microsoft.com/en-us/azure/architecture/networking/guide/cross-tenant-secure-access-private-endpoints. My understanding is that I can establish connectivity between the Kafka instance and the Azure Event Hub using private endpoints without requiring VNet peering or a VPN. Is this assumption correct?

Questions:

Validation of Understanding: Can the private endpoint approach work without VNet peering or VPN? Or are there other configurations I should consider?

Kafka Configuration: What details do I need to configure connectivity from Kafka to the Event Hub? For example, do I need specific DNS settings, IP configurations, or endpoint details?

Verification of Connectivity: Once the private endpoint is set up, how can I validate the connectivity between Kafka and Event Hub at the network level without sending any actual data?

Traffic Routing via Azure Firewall: Instead of directly connecting Kafka to the Event Hub, can I route traffic through an Azure Firewall in Subscription XYZ? If yes, what are the necessary steps to configure the firewall, private endpoint, and other network components in Subscriptions ABC and XYZ?

I am looking for guidance or examples to ensure secure and efficient communication between Kafka and Event Hub in this cross-tenant setup. Any advice or recommendations would be greatly appreciated!