Through the rapidly growing adoption of open source databases, customers need to access the data and services privately and securely from their networks grow exponentially. We have been incrementally adding support for network isolation through Firewall rules followed by VNet Service endpoints. Today we are excited to announce the public preview of Azure Private Link support for the Azure database for MySQL.
Azure Private Link is a secure and scalable way for Azure customers to consume Azure database for MySQL service privately from their Azure Virtual Network (VNet). The technology is based on a provider and consumer model where the provider and the consumer are both hosted in Azure. A connection is established using a consent-based call flow and once established, all data that flows between the service provider and service consumer is isolated from the internet and stays on the Microsoft network. There is no need for gateways, network address translation (NAT) devices, or public IP addresses to communicate with the service.
Azure Private Link essentially brings Azure services inside the customer’s private VNet. The MySQL resources can be accessed using the private IP address just like any other resource in the VNet. This significantly simplifies the network configuration by keeping access rules private.
Azure private link – connecting Azure Database for MySQL privately from your network
Benefits of using private link for Azure Database for MySQL
How to setup private link for Azure Database for MySQL
We will learn how to setup a private link for your Azure Database for MySQL and use a Azure VM to access it securely using the private link. We can use Portal or CLI to setup the private link. Here I have shown setting up private link using Azure portal.
Step 1:
Setting |
Value |
Project details |
|
Subscriptions |
Select your subscription |
Resource group |
Select myResourceGroup. |
|
|
INSTANCE DETAILS |
|
Name |
Enter myPrivateEndpoint. If this name is taken, create a unique name |
Region |
Select RegionName |
Step 2: In Create a private endpoint (Preview) - Basics, enter or select this information:
Step 3: Select Next: Resource. In Create a private endpoint - Resource, enter or select this information:
Settings |
Value |
Connection method |
Select connect to an Azure resource in my directory |
Subscription |
Select your subscription |
Resource type |
Select Microsoft.DBforMySQL/servers |
Resource |
Select <myServername> |
Target sub-resource |
Select mysqlServer |
Step 4: In Create a private endpoint (Preview) - Configuration, enter or select this information
NETWORKING |
|
Virtual Network |
Select MyVirtualNetwork |
Subnet |
Select mySubnet |
|
|
PRIVATE DNS INTEGRATION |
|
Integrate with private DNS Zone |
Select Yes |
Private DNS Zone |
Select (new) privatelink.database.azure.com |
Step 5: Select Review + create. You're taken to the Review + create page where Azure validates your configuration. The private link overview shows the mapped MySQL resource.
verify that the private link points to the MySQL resource and the necessary resolution is happening.
..\azureadmin> nslookup demomysqlserver.mysql.database.azure.com
Server: UnKnown
Address: 168.63.129.16
Non-authoritative answer:
Name: demomysqlserver.mysql.database.azure.com
Address: 10.1.3.5
Azure Database for MySQL private link
Now, in order to connect to the MySQL resource, you can directly use the IP available (10.1.3.5) and provide the required credentials for the database server. In the example below I am using MySQL Workbench to connect to the database server.
You can also pass the server name in the host name field above demomysqlserverprivate.mysql.privatelink.database.azure.com
Learn More
You can find more details on the private link for Azure Database for MySQL here. You can give the Azure Private Link integration a try today. If you have questions, please reach out to the AskAzureDBforMySQL@service.microsoft.com alias.
Blog : Setting Private link for on-prem resource connectivity.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.