Lesson Learned #238: Configuring Private Endpoint Connections in Azure SQL Managed Instance

Posted by

This post has been republished via RSS; it originally appeared at: Azure Database Support Blog articles.

Today, I worked on a service request that our customer had some doubts about how to Configure Private Endpoint Connections in Azure SQL Managed instance (In Preview). Our customer reported us that the IP resolution of Azure SQL Managed Instance always points to the normal one instead of resolving the private endpoint IP. Following, I would like to share my lessons learned how to fix it. 

 

We are going to configure two main components:

 

  • Private Endpoint Connection in Azure SQL Managed Instance.
  • Private DNS Zone.

Step #1: Configuring Private Endpoint Connection

 

  • The process is prety much the same process that we are using for Azure SQL Database but, in this case, for Azure SQL Managed Instance the Integrated Private DNS Zone needs to be configured in another way, for this reason is disabled nowdays. Let's create the Private Endpoint using the portal.
 
  • First, we are going to specify the basic details of the Private Endpoint.

 

Jose_Manuel_Jurado_1-1663858570470.png

 

  • In terms of Resource, we need to configure only the name of the Azure SQL Managed Instance.

Jose_Manuel_Jurado_0-1663858801911.png

  • For Virtual Network, we need to choose the Virtual Network and Subnet of the client (Virtual Machines, for example) that are going to connect to the Private Endpoint.

 

Jose_Manuel_Jurado_1-1663856541578.png

  • Finally, as you could see the DNS configuration is disabled for Managed Instance and we are going to configure later.

Jose_Manuel_Jurado_2-1663856557337.png

 

Step #2: Private DNS Zone

 

  • Here is the main different, Private DNS Zone in Azure SQL Database will be privatelink.database.windows.net but Azure SQL Managed Instance we need to use privatelink.{dnszone}.database.windows.net. If we try to associate privatelink.database.windows.net to Azure SQL Managed Instance you are not going to have any issue in the definition but in terms of resolution won't work. Please, see the following URL
  • For example, my manage instance name is: mymanagedinstance.a34e740a3aca.database.windows.net
    • mymanagedinstance is the name of the instance.
    • a34e740a3aca is the DNS Zone
    • database.windows.net is the rest of FQDN (domain).
  • For this reason, we are going to create a new Private DNS Zone, with the name of, privatelink.{dnszone}.database.windows.net

 

Jose_Manuel_Jurado_3-1663860428466.png

 

  • After it, going back to Private Ednpoint definition, we need to add the configuration using the new Private DNS Zone in Private Endpoint connection, specifying the privatelink.{dnszone}.database.windows.net

Jose_Manuel_Jurado_0-1663860774953.png

 

 

  • Finally, modify the Private DNS Zone and add a virtual network link with the VNET/Subnet where client (Virtual Machines for example, will use this private endpoint to connect to your Azure SQL Managed Instance. 

 

Jose_Manuel_Jurado_2-1663860855596.png

 

 

Step #3: Testing the resolution.

 

  • Once we have configured, basically, we need to connect to our Virtual Machine, run the following command to review if the resolution is working well:
    • ipconfig /flushdns to renew the DNS.
    • ping or nslookup with the name of your manage instance and you could obtain the name of the private endpoint instead of the normal one. 

Jose_Manuel_Jurado_10-1663856777233.png

 

Enjoy!

 

 

 

 

 

 

 

This articles are republished, there may be more discussion at the original link. But if you found this helpful, you're more than welcome to let us know!

This site uses Akismet to reduce spam. Learn how your comment data is processed.