locked
Connect to Azure SQL DB - from onPrem with and without azure SQL Public IP RRS feed

  • Question

  • Hi,

    I have an azure managed db and I'm connecting to it with SSMS from office using a target server ip of 10.xx.xx.xx. So, being this an internal IP, I guess some networking was defined (site-to-site??)

    Now, I have this 2 questions:

    Q1: I can connect to my Azure SQL (personal subscription) public IP from home, but I can´t connect from the office. I was told I need to request a Firewall rule for this to be allowed. makes sense?

    Q2: I would like to connect to my Azure SQL (personal subscription) from my office network but without using a public IP on Azure SQL. what do I need to setup? site-to site or something else? Do I have to involve the company network administrators or is it something I (as a developer) can easily do just on my pc? Any step by step docs?

    Thanks,

    JD

    Sunday, May 31, 2020 8:42 AM

Answers

  • For Q2)

    There are 2 parts to this: You will either need to connect to your VNET via a S2S VPN, or join a single machine via a P2S VPN to your Virtual Network. a S2S VPN will require your Network Administrators, and I would also speak with your Network Admins before creating a P2S, as they will need to advise on an IP Address range. 

    VNET Service Endpoints will not work in this scenario, as they do not allow traffic to come from a VPN Gateway. 

    You will want to use Azure Private Endpoints. Here is a doc on how to configure them for Azure SQL. This will allow you to use an internal address to connect to your Azure SQL application. 

    Thursday, June 4, 2020 12:08 AM

All replies

  • Hi,

    Q1: I can connect to my Azure SQL (personal subscription) public IP from home, but I can´t connect from the office. I was told I need to request a Firewall rule for this to be allowed. makes sense?

    ---it make sense. You can add your IP to your Firewall rules so that only from that particular IP, you will be able to access and you still did not loose the security but public IP is enable in this approach. It is fine to do, but if you have any security concerns regarding this approach, express route is best option but you need to go through a process to setup and expensive than P2S S2S.

    Q2: I would like to connect to my Azure SQL (personal subscription) from my office network but without using a public IP on Azure SQL. what do I need to setup? site-to site or something else? Do I have to involve the company network administrators or is it something I (as a developer) can easily do just on my pc? Any step by step docs?

    --- These concepts are easy to establish like P2S and S2S, but express route is bit complex and different process, you will be able to easily manage. It's better to involve your network team if you do not want take risk on establishing connection. Please check the below links.

    https://azure.microsoft.com/es-es/blog/vnet-service-endpoints-for-azure-sql-database-now-generally-available/

    https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal


    -Malleswar My Channel - https://www.youtube.com/channel/UCkuE012zWq355GZUAew2THg/


    Wednesday, June 3, 2020 8:51 AM
  • For Q2)

    There are 2 parts to this: You will either need to connect to your VNET via a S2S VPN, or join a single machine via a P2S VPN to your Virtual Network. a S2S VPN will require your Network Administrators, and I would also speak with your Network Admins before creating a P2S, as they will need to advise on an IP Address range. 

    VNET Service Endpoints will not work in this scenario, as they do not allow traffic to come from a VPN Gateway. 

    You will want to use Azure Private Endpoints. Here is a doc on how to configure them for Azure SQL. This will allow you to use an internal address to connect to your Azure SQL application. 

    Thursday, June 4, 2020 12:08 AM