Connect from Azure VM (VNet) to an Azure SQL Database

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Azure Database Support Blog articles.

I'm going to show you different configurations to connect your Azure VM (Vnet) to your Azure SQL Database. These are the four options:

 

OPTION 1

PUBLIC ENDPOINT: DISABLED

PRIVATE ENDPOINT: ENABLED

OPTION 2

PRIVATE ENDPOINT: DISABLED

PUBLIC ENDPOINT: ENABLED

FIREWALL RULE: VIRTUAL NETWORK RULE

OPTION 3

PRIVATE ENDPOINT: DISABLED

PUBLIC ENDPOINT: ENABLED

FIREWALL RULE: ALLOW AZURE SERVICES AND RESOURCES TO ACCESS THIS SERVER 

OPTION 4

PRIVATE ENDPOINT: DISABLED

PUBLIC ENDPOINT: ENABLED

FIREWALL RULE: PUBLIC IP ADDRESS OF THE AZURE VM 

 

 

In all my examples I will use the default "connectivity" configuration:

 

hugo_sql_0-1690030489181.png

 

 

OPTION 1 

PUBLIC ENDPOINT: DISABLED

PRIVATE ENDPOINT: ENABLED

 

I have disabled the "Public Access":

 

hugo_sql_0-1689845798687.png

 

Then I'm going to create a Private Endpoint Connection:

hugo_sql_1-1689845923374.png

 

hugo_sql_2-1689846023112.png

 

hugo_sql_3-1689846062030.png

 

 

hugo_sql_0-1689846772118.png

 

hugo_sql_1-1689846813359.png

 

hugo_sql_2-1689846883654.png

 

hugo_sql_3-1689847078951.png

 

hugo_sql_4-1689847175490.png

 

Don't forget to verify that your VNet is linked to your Private Endpoint:

hugo_sql_0-1690032588364.png

 

This is my Virtual Machine:

hugo_sql_5-1689847249296.png

 

The subnet of my Vnet:

 

hugo_sql_0-1689847871975.png

 

Default outbound rules in the NSG:

hugo_sql_1-1689847980962.png

If I check the Azure SQL Server FQDN through "nslookup" command, it resolves the correct private IP address:

 

hugo_sql_0-1690028139573.png

 

The connection is successful:

 

hugo_sql_0-1690024587318.png

 

hugo_sql_1-1690028304276.png

 

OPTION 2

PRIVATE ENDPOINT: DISABLED

PUBLIC ENDPOINT: ENABLED

FIREWALL RULE: VIRTUAL NETWORK RULE

 

I don't have a private endpoint connection:

 

hugo_sql_2-1690028561230.png

 

I have created a Virtual Network rule in the Public Endpoint firewall:

 

hugo_sql_4-1690028957930.png

 

 

 

hugo_sql_3-1690028721479.png

 

hugo_sql_5-1690029108269.png

 

When I check the Azure SQL Database FQDN in the Azure VM through "nslookup" command, it resolves the Public IP address (Public Endpoint):

hugo_sql_6-1690029298657.png

 

The connection is successful:

 

hugo_sql_7-1690029409668.png

 

hugo_sql_8-1690029605564.png

 

 

 

OPTION 3

PRIVATE ENDPOINT: DISABLED

PUBLIC ENDPOINT: ENABLED

FIREWALL RULE: ALLOW AZURE SERVICES AND RESOURCES TO ACCESS THIS SERVER 

 

I don't have a private endpoint connection:

 

hugo_sql_2-1690028561230.png

 

I have to enable the exception firewall rule  "Allow Azure services and resources to access this server":

 

hugo_sql_1-1690029972341.png

 

 

When I check the Azure SQL Database FQDN in the Azure VM through "nslookup" command, it resolves the Public IP address (Public Endpoint):

hugo_sql_6-1690029298657.png

 

The connection is successful:

 

hugo_sql_7-1690029409668.png

 

hugo_sql_8-1690029605564.png

 

OPTION 4

PRIVATE ENDPOINT: DISABLED

PUBLIC ENDPOINT: ENABLED

FIREWALL RULE: PUBLIC IP ADDRESS OF THE AZURE VM 

 

If I try to add a firewall rule in the Public Endpoint to allow access to the Azure SQL Server from the Public IP address of the Azure VM, the connection will fail because the Azure VM will try to access through the Private IP address and these rules only support Public IP addresses:

 

hugo_sql_0-1690031707615.png

 

The connection fails:

 

hugo_sql_7-1690029409668.png

 

hugo_sql_1-1690031819734.png

 

 

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.