Azure 专用端点到 azure sql 数据库

Question

As a POC I'm trying to connect my VM machine with Azure SQL Database using private endpoint. I've tried the tutorial found here: https://docs.microsoft.com/en-us/azure/private-link/create-private-endpoint-portal however I'm stuck at new private endpoint step.

Please look at the following screen:

the "Resource type" dropdown those not show any items

If I change the "Connection method" to "Connect to an Azure resource by resource ID or alias' and put the resource id of my sql server: /subscriptions/1efd84d6-173f-42cc-80db-7b2c17eb0edd/resourceGroups/eu_poland_general/providers/Microsoft.Sql/servers/plink-sql-server , I'm getting The resource type 'Microsoft.Sql/servers' is not a supported resource type. error:

---

I was able to overcome this issue with different approach. These are steps I've made

1. I created the VNET for my VM and private endpoint with default subnet
2. I've disabled the disable network policies for private endpoints by AZURE CLI from this question Private endpoint in Azure
3. I've created virtual machine inside this vnet with rdp connection set up
4. I've created Azure SQL server
5. I've created Azure SQL database under the Azure SQL Server that I've just created
   • During the creation of this database I've added a private endpoint in networking section.

At this point I've tried to connect to this database from VM I've created using the private address that was created by step 5.

I could not connect to database using private address (10.0.2.5), however I was able to connect to the sql server using the public address plink-sql-server.database.windows.net

I've also try to call nslookup on the server to see if the result are similar to the tutorial that I've mentioned at the beginning of this post however my answers are slightly different:

Anybody knows what is going on?

Answer 1

Following that document , I can create a private endpoint for the Azure SQL server.

Please note that

Private endpoint(s) are not permitted in conjunction with service endpoints in the same subnet!

If you have subnet enabled service endpoints , you can remove it or create another subnet for your VM.

For a test, I create all resources VM, SQL Server, etc are in the same region as the below steps:

1. Create a VM in the subnet mysubnet without any service endpoints enabled.
2. Create a SQL database server via select Create a resource > Databases > SQL database, then In Server, select Create new.
3. Create a private endpoint for the SQL server resource. In Private Link Center - Overview, on the option to Build a private connection to a service.
4. RDP to that VM and access the SQL database server privately from the VM.

Answer 2

For the first issue, the manual case uses the resource types from the dropdown to validate that the ID you gave in the manual scenario is one of those types. Since your resource type dropdown was empty, it probably wasn't going to like any ids you put in the manual case.

For the second issue, make sure the vnet the private endpoint is associated to is linked to a private DNS zone named privatelink.database.windows.net with an A record named plink-sql-server that points to the private ip. Also make sure you are trying to access the endpoint from the VM that is attached to the network interface created with the private endpoint.