Allow SQL Database to join Virtual Network (VPN)
I have Cloud Service with web/worker roles connected to SQL Database (web edition).
I also have Virtual Network with point-to-site client (P2S) connection, but I cannot connect to my SQL Database (web edition) via VPN (eg using SSDM). Instead I have to use internet connection.
IP address assigned by my ISP has short lifetime and is reset daily. This means that almost every time I want to perform Admin tasks, I have to log onto Windows Azure portal to change my IP address in the SQL database firewall (defining a range of addresses is not an option).
VPN would mean I just need to set firewall address list once, and I also like the additional layer of security offered by VPN. P2S requires certificate installed on each client computer, so if passwords / desktop apps did fall into wrong hands, no one would be able to use them to connect from another computer.
Tim Cook
shared this idea
146 comments
-
KM
commented
+1
-
Karim Tawfik
commented
Has there been any progress regarding this issue? It's flagged as completed however from the comments and my own experiences it seems it isn't. Some documentation regarding the fix would be appriciated.
-
Dov Amir
commented
+1
-
Stephen Keogh
commented
Are we getting anywhere on fixing this. This to me is a basic requirement.
-
Anonymous
commented
Why is this marked as COMPLETED? It still needs to be fixed!!
-
Ken Smith
commented
This is bizarre - both that it's flagged as completed when it's not, and that MS still doesn't support it. This is Security 101. This isn't an advanced feature. This is basic, table stakes kind of stuff.
-
Jerry Hoffmeister
commented
Wow - still no movement on this or even a comment from Microsoft. I'm sad. We're redoing our infrastructure and would like to use a VPN to connect to both our VMs and our Azure SQL db but alas, looks like I still need to use IP based access controls for physical access :(
-
Steeko
commented
I believe Microsoft and others are deliberately restricting data out of the cloud as once it's in there, they don't want you to transport it elsewhere.
If this has not been corrected in 4 years then I don't think Microsoft will ever correct it.
Which is a shame as many businesses (like ours) are now looking to the cloud however I find big blanket statements from Microsoft like how Point to Site and Site to Site works so fantastic. However under the hood, something very basic like this does not work.
I am pretty dissapointed to be honest as I thought I had left Cloud computing long enough for it to mature but it would appear that it is still a way off. Maybe I will check again in another 2 years.
-
Raman Gupta
commented
Not sure why this was closed without actually being fixed. There doesn't appear to be any movement towards re-opening this either. Therefore, I have posted "round 2" of this idea here: https://feedback.azure.com/forums/217321-sql-database/suggestions/34658080-allow-elasticpool-sql-database-to-join-p2s-virtual.
-
Jerry Hoffmeister
commented
+1 for why has this been closed without actually being fixed?
-
Austin Rivet
commented
Why has this been marked as completed? The original request has not been satisfied... you still cannot connect to a SQL DB over P2S VPN.
Service Endpoints is a great feature, but again this does not resolve the issue that the Tim described in his initial request.
-
Davor Geci
commented
4 years and still in "Started" status.
-
Jerry Hoffmeister
commented
@Dhruv - Unless I'm missing something, the feature you announced on 10/17 does NOT solve the problem stated by the originator of this request. Could you speak to that please and provide a date when connections from P2S clients will be supported?
-
Jerry Hoffmeister
commented
Wow - I can't believe this doesn't work. I assumed it would and have had to do research to figure out that it doesn't. If I have a private IP on my client and don't want to allow the entire network behind my firewall access, how is one to access an Azure SQL database? What if I wanted secure access say from a coffee shop? When is this going to get fixed???
-
Don Petry
commented
We would like to see SQL DB support the "VNet Join" scenario where the service endpoint uses a private IP within the VNET/Subnet. This will facilitate access scenarios where non-Azure resources should access SQL DB using private networking.
-
Austin Rivet
commented
+1 for P2S VPN to Azure SQL.
-
Nic Passmore
commented
Service Endpoints are great, but please allow us to access Azure SQL instances over Site to Site VPN connections..
-
dmarlow
commented
Need support for allowing P2S VPN to connect to SQL Azure. Please add support.
-
Johan Bennink
commented
@Dhruv If I understand the text on your link it states it cannot be used to connect from on-premise machines through a site-tos-ite gateway to an azure sql database. It talks about connecting from Azure resources inside the vnet to the Azure sql database on it's external endpoint and then [ï'm paraphrasing in dummy speak] the network recognizes you are trying to connect to an azure resource and simple redirects to the internal machine.
But this does not expose an internal address to azure sql such as is the case with VM's so still does not allow you to have no external IP on the azure sql firewall setting and still allow access to the database from an on-premise machine using the site-to-site vpn.
For a feature that is being worked on or suggested since 2014 it's a bit silly to not actually solve the problem suggested. Or did I get it completely wrong here? -
Dhruv
commented
The feature is now in public preview in selected regions, thank you for all your enthusiasm and comments. More details can be found here:
https://azure.microsoft.com/en-us/blog/azure-sql-database-vnet-service-endpoints-now-in-public-preview/
Please send an email directly to: dmalik@microsoft.com or comment with any questions or feedback.