Allow ElasticPool SQL Database to join P2S Virtual Network (VPN) - Round 2
This is round 2 of the idea posted here:
which was closed since SQL databases now have "virtual network" endpoints. However, these endpoints still do not work with P2S VPN connections using Azure VPN Gateway, so I don't know why this idea was closed as completed.
This means that we either need to create our own workarounds, such as SSH tunnels via VMs inside Azure, or we need to keep using the IP whitelisting method (the latter of which defeats the whole purpose of using a VNET-based access control). In addition, security auditors don't look kindly on databases with public IPs accessible via the Internet - IP whitelists are notoriously hard to maintain.
Mr Jeah commented
Seems like the classic M$ upsell... Pay for security, must buy a higher tier product, in the case of PaaS SQL, Managed Instance... Sigh.
Jerry Hoffmeister commented
Wow - still no movement on this or even a comment from Microsoft. I'm sad. We're redoing our infrastructure and would like to use a VPN to connect to both our VMs and our Azure SQL db but alas, looks like I still need to use IP based access controls for physical access :(
Danny D commented
This defeat the whole point of a Virtual Network if we can't control who has access to the resources since the database is exposed to the internet.
Microsoft, could you please wake up and start using your own products, you would find that so many things doesn't make sense.
Please add that feature.
I agree, I also do not understand why MS closed the idea, since it was not solved in any way
Absolutely agree. Microsoft needs to hurry up and get this sorted ASAP.
It's 2018 and can't believe using VPN and Azure SQL Databases together is still not really there in terms of security and connectivity.