Prerequisites
All droplets must be within an Azure Resource Group, configured with a valid name and location.
Service Endpoints can only be configured between resources in the same region.
Example Topology
This tutorial takes you through creating a primary Azure SQL Server securely connected to an Azure Subnet via a Service Endpoint in Region A.
Additional tutorials expand on this topology by introducing geo-replication.
The purpose of this tutorial is to demonstrate configuring Service Endpoints for Azure SQL. Please reach out if you would like further information.
Configure a Virtual Network Service Endpoint
First, we will configure a Virtual Network Service Endpoint to connect Azure SQL to our Subnet in Region A.
Drag an Azure Resource Group onto your blueprint
On the Properties Panel set the Name and Location for Resource Group A
Drag & drop an Azure Virtual Network into Resource Group A
Set the Name for your Virtual Network and check the Address Space is as required
Drag & drop an Azure Subnet into your Virtual Network (this will automatically add an NSG)
Set the Name for your NSG
Set the Name for your Subnet and check the Address Prefix is as required
Select 'Service Endpoints' on the properties of the Subnet
Click 'Add new Service Endpoint'
Set the Service Endpoint type to "Microsoft.Sql"
Click 'Add New Location' and enter the region name of Resource Group A, i.e. UK South would be uksouth. The following PowerShell command will list available Regions:
Get-AzLocation | select DisplayName, Location | Format-Table
Drag & drop an Azure Virtual Machine into the Subnet
Set the Name for the Virtual Machine
Under 'Storage Profile' set the OS Disk Name for the Virtual Machine
Under 'Network Interfaces' set the Network Interface Card Name for the Virtual Machine
Under 'OS Profile' set the Computer Name, Admin Username and Password secret parameter for the Virtual Machine
Configure Azure SQL to use the Virtual Network Service Endpoint
Next, we will connect our Azure SQL instance in Region A to our Subnet in region A via the Service Endpoint we just configured.
Note: Service Endpoints can only be created for resources in the same region.
Drag & drop an Azure SQL instance into Resource Group A
Set the name of the Azure SQL Server (N.B. this can only be lowercase, numbers, and hyphens)
Set the Administrator Login Name
Set the Secret Parameter for the Administrator Login Password
Select 'Databases' and create a new database by clicking Add new Database
Set the name for the database, e.g. primarydb (N.B. this can only be lowercase, numbers, and hyphens)
Set the 'Edition' property to Basic (the 'Edition' property is the main influence on the cost of deploying Azure SQL Server. Unless you have any specific requirements we recommend using the Basic edition)
Select 'Virtual Network Rules' and click 'Add new Virtual Network Rule'
Set the name for the Virtual Network Rule
Select the Subnet in the 'Virtual Network Subnet ID' dropdown
That's it, your Azure SQL instance in Region A is now configured to connect to your Subnet in Region A via a Service Endpoint. Traffic will traverse securely over the Service Endpoint using the Microsoft Azure backbone network.