To enable public endpoint for data, please follow these steps:
1. Database administrator with appropriate permissions needs to execute the below provided Power Shell script. Please replace {subscription-id} with your subscription, replace {rg-name} with the resource group to which managed instance was deployed, and replace {mi-name} with the name of your managed instance.
Install-Module -Name Az
Import-Module Az.Accounts
Import-Module Az.Sql
Connect-AzAccount
Select-AzSubscription -SubscriptionId {subscription-id}
$mi = Get-AzSqlInstance -ResourceGroupName {rg-name} -Name {mi-name}
$mi = $mi | Set-AzSqlInstance -PublicDataEndpointEnabled $true -force
|
2. Network administrator with appropriate permissions needs to setup an NSG to open the port 3342 for the inbound traffic. You can follow this guide.
Please note the port 3342 is used for public endpoint TDS connections to managed instance. This port cannot be customized.
The above steps complete the process of enabling public endpoint for managed instance.
Use public endpoint from clients
To access managed instance from clients through the Internet, your application(s) need to use the hostname of the following format (the ".public" is added after the managed instance name, including the port):
<mi-name>.public.<dns-zone>.database.windows.net,3342
See the example of connecting with SSMS through the public endpoint to managed instance in the image below.
Disable public endpoint
In case you need to disable the public endpoint, database administrator needs to execute the following Power Shell command:
Set-AzSqlInstance -PublicDataEndpointEnabled $false -force
|
In addition, network administrator needs to remove the NSG rule for the inbound port 3342.
Within the next period as soon as all updates are rolled out, it will also be possible to enable/disable public endpoint from the Azure portal (within Managed Instance resource, Virtual network). In addition, the option to enable/disable public endpoint will also show at the time of creating a new Managed Instance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.