How can we improve Azure SQL Database?

Allow ElasticPool SQL Database to join P2S Virtual Network (VPN) - Round 2

This is round 2 of the idea posted here:

https://feedback.azure.com/forums/217321-sql-database/suggestions/5537689-allow-sql-database-to-join-virtual-network-vpn?tracking_code=704e9fed32d702f27033e3c1be63d789

which was closed since SQL databases now have "virtual network" endpoints. However, these endpoints still do not work with P2S VPN connections using Azure VPN Gateway, so I don't know why this idea was closed as completed.

This means that we either need to create our own workarounds, such as SSH tunnels via VMs inside Azure, or we need to keep using the IP whitelisting method (the latter of which defeats the whole purpose of using a VNET-based access control). In addition, security auditors don't look kindly on databases with public IPs accessible via the Internet - IP whitelists are notoriously hard to maintain.

97 votes
Vote
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
You have left! (?) (thinking…)
Raman Gupta shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

5 comments

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • Jerry Hoffmeister commented  ·   ·  Flag as inappropriate

    Wow - still no movement on this or even a comment from Microsoft. I'm sad. We're redoing our infrastructure and would like to use a VPN to connect to both our VMs and our Azure SQL db but alas, looks like I still need to use IP based access controls for physical access :(

  • Danny D commented  ·   ·  Flag as inappropriate

    This defeat the whole point of a Virtual Network if we can't control who has access to the resources since the database is exposed to the internet.

    Microsoft, could you please wake up and start using your own products, you would find that so many things doesn't make sense.

  • Reinout commented  ·   ·  Flag as inappropriate

    I agree, I also do not understand why MS closed the idea, since it was not solved in any way

  • Steeko commented  ·   ·  Flag as inappropriate

    Absolutely agree. Microsoft needs to hurry up and get this sorted ASAP.

    It's 2018 and can't believe using VPN and Azure SQL Databases together is still not really there in terms of security and connectivity.

Feedback and Knowledge Base