Assistance Required for VPN Connection to On-Premise Database from Windows 365 Cloud PC

Copper Contributor

Hello Windows 365 Community,

I am seeking guidance on establishing a VPN connection from my Windows 365 Cloud PC to an on-premise SQL Server database. My setup involves a Cloud PC utilizing an orchestration tool called N8N to interact with the on-premise database and transfer the necessary data to another database hosted on Azure.

The primary challenge is that the Cloud PC must be connected to our local network to access the on-premise database. I am considering using a VPN to facilitate this connection. However, when attempting to ping external servers (e.g., Google) from the Cloud PC's command prompt, the requests are blocked, suggesting potential restrictions on network connectivity.

Our IT team indicated that a discussion with Microsoft is required to enable specific network "ports" to allow VPN access. My questions are as follows:

  1. Is there an established method or recommended practice within the Windows 365 service framework to connect Cloud PCs to a VPN for accessing on-premise databases?

  2. What steps should be taken to enable the necessary ports or network configurations on a Windows 365 Cloud PC to facilitate VPN connectivity?

I appreciate any insights or instructions on resolving this connectivity issue, as direct access to our on-premise database is crucial for our data management processes.

Thank you for your support.

3 Replies
This should be possible provided you are using Azure Network Connection so that your Cloud PCs are on a Azure Virtual Network Subnet that you manage. I.E. (The network Interfaces of your Cloud PCs are visible within your Azure subscription.
After that you just need to setup a virtual network network gateway that connects to your on premises network.
I have a similar setup in place to allow our cloud PCs to connect to our on premise domain controllers but there is no reason why this could not be a SQL server. Network latency would be my only concern accessing resources over a VPN
I also think the above solution could work as you said earlier that your org has no problem in deploying/using vpn to connect to on-premise database and by deploying cloud resources to a subnet will also solve issues regarding security and ports(nsg)!!
If it is not solved please let us know:-)
This is possible even if you host the CPCs 100% at Microsoft. We use an automatically deployed user-mode SSL VPN to connect back to on-prem environment. The Win365 network requirements doc clearly identifies all the Microsoft service URLs that must be open on the CPC (As most VPNs would implement some kind of local lan access firewall policy) and even provide a tool to validate backend connectivity: