Azure SQL - Service Endpoints

Connect your Azure SQL to your Subnet with Service Enpoints

Nick Smith avatar
Written by Nick Smith
Updated over a week ago

Prerequisites

All droplets must be within an Azure Resource Group, configured with a valid name and location.

Service Endpoints can only be configured between resources in the same region.

Example Topology

This tutorial takes you through creating a primary Azure SQL Server securely connected to an Azure Subnet via a Service Endpoint in Region A.

Additional tutorials expand on this topology by introducing geo-replication.

The purpose of this tutorial is to demonstrate configuring Service Endpoints for Azure SQL. Please reach out if you would like further information.

Configure a Virtual Network Service Endpoint

First, we will configure a Virtual Network Service Endpoint to connect Azure SQL to our Subnet in Region A.

  1. Drag an Azure Resource Group onto your blueprint

  2. On the Properties Panel set the Name and Location for Resource Group A

  3. Drag & drop an Azure Virtual Network into Resource Group A

  4. Set the Name for your Virtual Network and check the Address Space is as required

  5. Drag & drop an Azure Subnet into your Virtual Network (this will automatically add an NSG)

  6. Set the Name for your NSG

  7. Set the Name for your Subnet and check the Address Prefix is as required

  8. Select 'Service Endpoints' on the properties of the Subnet

  9. Click 'Add new Service Endpoint'

  10. Set the Service Endpoint type to "Microsoft.Sql"

  11. Click 'Add New Location' and enter the region name of Resource Group A, i.e. UK South would be uksouth. The following PowerShell command will list available Regions: Get-AzLocation | select DisplayName, Location | Format-Table

  12. Drag & drop an Azure Virtual Machine into the Subnet

  13. Set the Name for the Virtual Machine

  14. Under 'Storage Profile' set the OS Disk Name for the Virtual Machine

  15. Under 'Network Interfaces' set the Network Interface Card Name for the Virtual Machine

  16. Under 'OS Profile' set the Computer Name, Admin Username and Password secret parameter for the Virtual Machine

Configure Azure SQL to use the Virtual Network Service Endpoint

Next, we will connect our Azure SQL instance in Region A to our Subnet in region A via the Service Endpoint we just configured.

Note: Service Endpoints can only be created for resources in the same region.

  1. Drag & drop an Azure SQL instance into Resource Group A

  2. Set the name of the Azure SQL Server (N.B. this can only be lowercase, numbers, and hyphens)

  3. Set the Administrator Login Name

  4. Set the Secret Parameter for the Administrator Login Password

  5. Select 'Databases' and create a new database by clicking Add new Database

  6. Set the name for the database, e.g. primarydb (N.B. this can only be lowercase, numbers, and hyphens)

  7. Set the 'Edition' property to Basic (the 'Edition' property is the main influence on the cost of deploying Azure SQL Server. Unless you have any specific requirements we recommend using the Basic edition)

  8. Select 'Virtual Network Rules' and click 'Add new Virtual Network Rule'

  9. Set the name for the Virtual Network Rule

  10. Select the Subnet in the 'Virtual Network Subnet ID' dropdown

That's it, your Azure SQL instance in Region A is now configured to connect to your Subnet in Region A via a Service Endpoint. Traffic will traverse securely over the Service Endpoint using the Microsoft Azure backbone network.

Did this answer your question?