Jump to content

Connect from Azure VM (VNet) to an Azure SQL Database

Guest hugo_sql
Guest hugo_sql
in Microsoft Support & Discussions

Featured Replies

Posted

I'm going to show you different configurations to connect your Azure VM (Vnet) to your Azure SQL Database. These are the four options:

 

 

 

OPTION 1

 

PUBLIC ENDPOINT:
DISABLED

 

PRIVATE ENDPOINT:
ENABLED

 

OPTION 2

 

PRIVATE ENDPOINT:
DISABLED

 

PUBLIC ENDPOINT:
ENABLED

 

FIREWALL RULE:
VIRTUAL NETWORK RULE

 

OPTION 3

 

PRIVATE ENDPOINT:
DISABLED

 

PUBLIC ENDPOINT:
ENABLED

 

FIREWALL RULE:
ALLOW AZURE SERVICES AND RESOURCES TO ACCESS THIS SERVER

 

OPTION 4

 

PRIVATE ENDPOINT:
DISABLED

 

PUBLIC ENDPOINT:
ENABLED

 

FIREWALL RULE:
PUBLIC IP ADDRESS OF THE AZURE VM

 

 

 

 

 

In all my examples I will use the default "connectivity" configuration:

 

 

 

largevv2px999.png.2a3fefc7a45730102d6cf335dfd90376.png

 

 

 

 

 

OPTION 1

 

PUBLIC ENDPOINT: DISABLED

 

PRIVATE ENDPOINT: ENABLED

 

 

 

I have disabled the "Public Access":

 

 

 

largevv2px999.png.174d2275ddc40a888cfc6a4afd976165.png

 

 

 

Then I'm going to create a Private Endpoint Connection:

 

 

largevv2px999.png.66878bf6043c30336f3d845ad1ce21bf.png

 

 

 

largevv2px999.png.fbef70db1f3be045323bd889cc8ada1a.png

 

 

 

largevv2px999.png.a55264a1106bc572658319ec8c80475f.png

 

 

 

 

 

largevv2px999.png.00c7e4a8e0f6626c4fc8b265177c166d.png

 

 

 

largevv2px999.png.d33b389a732a7e4d952b44b0880f53fd.png

 

 

 

largevv2px999.thumb.png.3324a2bcbe54ac6d46b39a8f4f2ad2f3.png

 

 

 

largevv2px999.png.d793e0b9307ed6e691d427e41204d8a8.png

 

 

 

largevv2px999.png.f5a06378dae41bbba611295a3f045a98.png

 

 

 

Don't forget to verify that your VNet is linked to your Private Endpoint:

 

 

largevv2px999.png.da57c55294145fedbeff41eab05a64be.png

 

 

 

This is my Virtual Machine:

 

 

largevv2px999.png.baa883dc5f3724c25a57cdec56c666b2.png

 

 

 

The subnet of my Vnet:

 

 

 

largevv2px999.png.0ae1fc716c472128686b562b8ccc7cca.png

 

 

 

Default outbound rules in the NSG:

 

 

largevv2px999.png.daf74c7de6ace835698ab8d0e5da4703.png

 

If I check the Azure SQL Server FQDN through "nslookup" command, it resolves the correct private IP address:

 

 

 

mediumvv2px400.png.f32268cd1e1bebef02c53f8eb281edb5.png

 

 

 

The connection is successful:

 

 

 

mediumvv2px400.png.34636b9c330e1a12d5467c1592dd6a7e.png

 

 

 

largevv2px999.png.158ea12c7e99ef94a54df2341f96fe19.png

 

 

 

OPTION 2

 

PRIVATE ENDPOINT: DISABLED

 

PUBLIC ENDPOINT: ENABLED

 

FIREWALL RULE: VIRTUAL NETWORK RULE

 

 

 

I don't have a private endpoint connection:

 

 

 

mediumvv2px400.png.5a5b6802be876e41dfb167141f3854ab.png

 

 

 

I have created a Virtual Network rule in the Public Endpoint firewall:

 

 

 

largevv2px999.png.5d2c0bb42ab98590f85c5f1ee02127a4.png

 

 

 

 

 

 

 

largevv2px999.png.a421ee9e3f5446a9fc26a73493c0a77d.png

 

 

 

mediumvv2px400.png.8692dbc7a9ba1ea76ea299eb2e8e2ee8.png

 

 

 

When I check the Azure SQL Database FQDN in the Azure VM through "nslookup" command, it resolves the Public IP address (Public Endpoint):

 

 

mediumvv2px400.png.659484ed99b1833cd1da38ce5b8af23a.png

 

 

 

The connection is successful:

 

 

 

mediumvv2px400.png.c73d55b14eda447eb6d81b218131c20c.png

 

 

 

largevv2px999.png.ae439dbe6843a0f9e8926b3b646503be.png

 

 

 

 

 

 

 

OPTION 3

 

PRIVATE ENDPOINT: DISABLED

 

PUBLIC ENDPOINT: ENABLED

 

FIREWALL RULE: ALLOW AZURE SERVICES AND RESOURCES TO ACCESS THIS SERVER

 

 

 

I don't have a private endpoint connection:

 

 

 

mediumvv2px400.png.717bf53f30ff4362a1a8fad3a825c144.png

 

 

 

I have to enable the exception firewall rule "Allow Azure services and resources to access this server":

 

 

 

largevv2px999.thumb.png.8fc2bfdb0114603d3b42ed06565b9e15.png

 

 

 

 

When I check the Azure SQL Database FQDN in the Azure VM through "nslookup" command, it resolves the Public IP address (Public Endpoint):

 

 

mediumvv2px400.png.b921da34a270cc53b18df0d813af50d8.png

 

 

 

The connection is successful:

 

 

 

mediumvv2px400.png.8b277491167c6a48a8eaf96b5209f611.png

 

 

 

largevv2px999.png.ba7290f1b8acc11928256fc5b0440670.png

 

 

 

OPTION 4

 

PRIVATE ENDPOINT: DISABLED

 

PUBLIC ENDPOINT: ENABLED

 

FIREWALL RULE: PUBLIC IP ADDRESS OF THE AZURE VM

 

 

 

If I try to add a firewall rule in the Public Endpoint to allow access to the Azure SQL Server from the Public IP address of the Azure VM, the connection will fail because the Azure VM will try to access through the Private IP address and these rules only support Public IP addresses:

 

 

 

largevv2px999.png.2550956f867972c902e6dfb0075b259b.png

 

 

 

The connection fails:

 

 

 

mediumvv2px400.png.09e2f06dd14f46e81adf9cebc362f9c8.png

 

 

 

mediumvv2px400.png.f9c5797d54a175ae1bc1d97ae8e1ce9a.png

 

Continue reading...

  • Quote

    • Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Reply to this topic...
    Go to topic listing