Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@adstuart
adstuart authored Jul 8, 2020
1 parent 5ef7c83 commit 7af1769
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,10 @@ Using the FQDN obtained in the previous step, confirm that your Azure Management

![image](images/2.PNG)

### :point_right: Hint, watch out!

**Make sure that "Allow Azure services and resources to access this server" is set at its default setting of No**. Otherwise your SQL server will accept (at a network level, they will of course need a suitable username and password) connections from all subscriptions inside of Auzre. See here for more details https://docs.microsoft.com/en-us/azure/azure-sql/database/firewall-configure#connections-from-inside-azure

## :checkered_flag: Results

- You have deployed a basic Azure SQL Server, modified the default firewall settings, and connected to it from your Azure client/mgmt VM. You have confirmed that you are accessing it via the "Internet" (This traffic does not leave the Microsoft backbone, but it does use Public IP addresses). The traffic is sourced from the dynamic NAT address of your client/mgmt VM and is destined to a public IP address sitting in front of the Azure SQL Service.
Expand Down Expand Up @@ -183,7 +187,7 @@ Now verify that you are still able to connect to your SQL server via SSMS.

### Goal

In order to access your SQL Server via its "Private interface" we need to setup a new Private Endpoint and map this to your specific server. This will allow us to access the SQL server from your client/mgmt VM, whilst retaining the use of setting "deny public access".
In order to access your SQL Server via its "Private interface" we need to setup a new Private Endpoint and map this to your specific server. This will allow us to access the SQL server from your client/mgmt VM, without using the Public interface via IP or Virtual Network Firewall Rules.

## Task 1 : Setup Private Endpoint

Expand Down Expand Up @@ -234,6 +238,11 @@ https://docs.microsoft.com/en-us/azure/azure-sql/database/connectivity-settings#
## :checkered_flag: Results

- You have blocked all public access.
- Please note, you are only able to toggle this setting on after configuring at least one "Private Endpoint Connection" on your SQL Server PaaS resource.

The following diagram from the documentation provides further explanation on this subject:

![image](images/flow.PNG)

# Challenge 5 : Work with a custom DNS server inside of Azure

Expand Down

0 comments on commit 7af1769

Please sign in to comment.