| title | description | services | author | ms.service | ms.topic | ms.date | ms.author | ms.custom |
|---|---|---|---|---|---|---|---|---|
Tutorial: Connect to an Azure SQL server using an Azure Private Endpoint - Azure portal |
Get started with this tutorial to learn how to connect to a storage account privately via Azure Private Endpoint using the Azure portal. |
private-link |
abell |
azure-private-link |
tutorial |
12/04/2024 |
abell |
template-tutorial, fasttrack-edit, template-tutorial, linux-related-content |
Azure Private endpoint is the fundamental building block for Private Link in Azure. It enables Azure resources, like virtual machines (VMs), to privately and securely communicate with Private Link resources such as Azure SQL server.
:::image type="content" source="./media/create-private-endpoint-portal/private-endpoint-qs-resources-sql.png" alt-text="Diagram of resources created in private endpoint quickstart." lightbox="./media/create-private-endpoint-portal/private-endpoint-qs-resources-sql.png":::
In this tutorial, you learn how to:
[!div class="checklist"]
- Create a virtual network and bastion host.
- Create a virtual machine.
- Create an Azure SQL server and private endpoint.
- Test connectivity to the SQL server private endpoint.
If you don't have an Azure subscription, create a free account before you begin.
- An Azure subscription
Sign in to the Azure portal.
[!INCLUDE virtual-network-create-with-bastion.md]
[!INCLUDE create-test-virtual-machine-linux.md]
In this section, you create a SQL server in Azure.
-
In the search box at the top of the portal, enter SQL. Select SQL databases in the search results.
-
In SQL databases, select + Create.
-
In the Basics tab of Create SQL Database, enter or select the following information:
Setting Value Project details Subscription Select your subscription. Resource group Select test-rg. Database details Database name Enter sql-db. Server Select Create new.
Enter sql-server-1 in Server name (Server names must be unique, replace sql-server-1 with a unique value).
Select (US) East US 2 in Location.
Select Use SQL authentication.
Enter a server admin sign-in and password.
Select OK.Want to use SQL elastic pool? Select No. Workload environment Leave the default of Production. Backup storage redundancy Backup storage redundancy Select Locally redundant backup storage. -
Select Next: Networking.
-
In the Networking tab of Create SQL Database, enter or select the following information:
Setting Value Network connectivity Connectivity method Select Private endpoint. Private endpoints Select +Add private endpoint. Create private endpoint Subscription Select your subscription. Resource group Select test-rg. Location Select East US 2. Name Enter private-endpoint-sql. Target subresource Select SqlServer. Networking Virtual network Select vnet-1. Subnet Select subnet-1. Private DNS integration Integrate with private DNS zone Select Yes. Private DNS zone Leave the default of privatelink.database.windows.net. -
Select OK.
-
Select Review + create.
-
Select Create.
Important
When adding a Private endpoint connection, public routing to your Azure SQL server is not blocked by default. The setting "Deny public network access" under the "Firewall and virtual networks" blade is left unchecked by default. To disable public network access ensure this is checked.
For this scenario, assume you would like to disable all public access to your Azure SQL server, and only allow connections from your virtual network.
-
In the search box at the top of the portal, enter SQL server. Select SQL servers in the search results.
-
Select sql-server-1.
-
in Security, select Networking tab, then select Disable for Public network access.
-
Select Save.
In this section, you use the virtual machine you created in the previous steps to connect to the SQL server across the private endpoint.
-
In the search box at the top of the portal, enter Virtual machine. Select Virtual machines in the search results.
-
Select vm-1.
-
In Operations select Bastion.
-
Enter the username and password for the virtual machine.
-
Select Connect.
-
To verify name resolution of the private endpoint, enter the following command in the terminal window:
nslookup server-name.database.windows.net
You receive a message similar to the following example. The IP address returned is the private IP address of the private endpoint.
Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: sql-server-8675.database.windows.netcanonical name = sql-server-8675.privatelink.database.windows.net. Name:sql-server-8675.privatelink.database.windows.net Address: 10.1.0.4 -
Install the SQL server command line tools from Install the SQL Server command-line tools sqlcmd and bcp on Linux. Proceed with the next steps after the installation is complete.
-
Use the following commands to connect to the SQL server you created in the previous steps.
-
Replace <server-admin> with the admin username you entered during the SQL server creation.
-
Replace <admin-password> with the admin password you entered during SQL server creation.
-
Replace sql-server-1 with the name of your SQL server.
sqlcmd -S server-name.database.windows.net -U '<server-admin>' -P '<admin-password>'
-
-
A SQL command prompt is displayed on successful sign in. Enter exit to exit the sqlcmd tool.
[!INCLUDE portal-clean-up.md]
In this tutorial, you learned how to create:
-
Virtual network and bastion host.
-
Virtual machine.
-
Azure SQL server with private endpoint.
You used the virtual machine to test connectivity privately and securely to the SQL server across the private endpoint.
As a next step, you may also be interested in the Web app with private connectivity to Azure SQL Database architecture scenario, which connects a web application outside of the virtual network to the private endpoint of a database.
[!div class="nextstepaction"] Web app with private connectivity to Azure SQL Database