none
azure database connection through ssl tunnel RRS feed

  • Question

  • Hello,
     we're connecting to the azure Windows virtual and other resources through a small linux. Virtuals has not open the RDP port to the Internet. To connect there we have to estabilish a SSL tunel localPort to azureVirtualNetwork:3389.

    I had the same idea to do this in the same way with connecting to the Azure Sql Database.
    I made a mydb.database.windows.net azure db server
    and set up a tunnel
    5433 to <mydb.database.windows.net azure translated to IP>:1433
    and made a host record at my computer
    127.0.0.1 mydb

    But when I tried to connect via SSMS, the sql server replied with error 11001, no such host
     (provider: TCP Provider, error: 0 - Není znám žádný takový hostitel.) (.Net SqlClient Data Provider)

    And also I tried to put to the hosts
    127.0.0.1 mydb.database.windows.net

    and I got error 10060, connection timeout or failed: (provider: TCP Provider, error: 0 - Pokus o připojení selhal, protože připojená strana v časovém intervalu řádně neodpověděla, nebo vytvořené připojení selhalo, protože neodpověděl připojený hostitel.)

    The benefit of such scenario is to put client certificate authentication to the dabase access control by using simple ssh client (putty).

    Are there some additional connection options that I can use?


    • Edited by Jan Vávra Friday, January 26, 2018 2:49 PM typo
    Friday, January 26, 2018 2:47 PM

All replies

  • Hi Jan,

    I don't believe that this is something you would be able to currently configure. You can, however, configure server firewall to allow connectivity from individual subnets of a virtual network in Azure, which would eliminate the need to connect to the SQL database via its public endpoint. In other words, you would be able to connect via SSL to an Azure VM (the same way you already are) - and then, use that Azure VM as a jump host to connect to Azure SQL database.

    Pls note that this functionality is currently in preview. Details at https://docs.microsoft.com/en-us/azure/sql-database/sql-database-vnet-service-endpoint-rule-overview

    hth
    Marcin



    Friday, January 26, 2018 2:54 PM
  • Thank you for sharing your scenario Jan. As mentioned by Marcin, we recommend you try to use a virtual network within Azure. Regarding your specific scenario, could you try to connect after whitelisting all IP addresses on your Azure database and opening port 1433 on your proxy server?

    Best regards.

    Tuesday, January 30, 2018 1:06 AM