Edit

Create and manage Private Link for Azure Database for MySQL - Flexible Server using the portal

  • Article

APPLIES TO: Azure Database for MySQL - Flexible Server

This tutorial provides step-by-step instructions on configuring a connection to an Azure Database for MySQL flexible server instance through a private endpoint and establishing a connection from a VM located within a VNet.

If you don't have an Azure subscription, create a free account before you begin.

Sign in to Azure

Sign in to the Azure portal.

Create the virtual network

In this section, you create a Virtual Network and the subnet to host the VM used to access your Private Link resource.

  1. On the upper-left side of the screen, select Create a resource > Networking > Virtual network.

  2. In Create virtual network, then select this information:

    Setting Value
    Name Enter MyVirtualNetwork.
    Address space Enter 10.1.0.0/16.
    Subscription Select your subscription.
    Resource group Select Create new, enter myResourceGroup, then select OK.
    Location Select West Europe.
    Subnet - Name Enter mySubnet.
    Subnet - Address range Enter 10.1.0.0/24.

  3. Leave the rest as default and select Create.

Create a Virtual Machine

  1. On the upper-left side of the screen in the Azure portal, select Create a resource > Compute > Virtual Machine.

  2. In Create a virtual machine - Basics, then select this information:

    Setting Value
    PROJECT DETAILS
    Subscription Select your subscription.
    Resource group Select myResourceGroup. You created this in the previous section.
    INSTANCE DETAILS
    Virtual machine name Enter myVm.
    Region Select West Europe.
    Availability options Leave the default No infrastructure redundancy required.
    Image Select Windows Server 2019 Datacenter.
    Size Leave the default Standard DS1 v2.
    ADMINISTRATOR ACCOUNT
    Username Enter a username of your choosing.
    Password Enter a password of your choosing. The password must be at least 12 characters long and meet the defined complexity requirements.
    Confirm Password Reenter password.
    INBOUND PORT RULES
    Public inbound ports Leave the default None.
    SAVE MONEY
    Already have a Windows license? Leave the default No.

  3. Select Next: Disks.

  4. In Create a virtual machine - Disks, leave the defaults and select Next: Networking.

  5. In Create a virtual machine - Networking, select this information:

    Setting Value
    Virtual network Leave the default MyVirtualNetwork.
    Address space Leave the default 10.1.0.0/24.
    Subnet Leave the default mySubnet (10.1.0.0/24).
    Public IP Leave the default (new) myVm-ip.
    Public inbound ports Select Allow selected ports.
    Select inbound ports Select HTTP and RDP.

  6. Select Review + create. You're taken to the Review + create page, where Azure validates your configuration.

  7. When you see the Validation passed message, select Create.

Create an Azure Database for MySQL flexible server instance with a Private endpoint

  • Create an Azure Database for MySQL flexible server instance with Public access (allowed IP addresses) and Private endpoint as the connectivity method.

  • Select Add Private endpoint to create private endpoint:

    Setting Value
    Project details
    Subscription Select your subscription.
    Resource group Select myResourceGroup. You created this in the previous section.
    Instance Details
    Name Enter myPrivateEndpoint. If this name is taken, create a unique name.
    Location Select West Europe.
    Virtual network Select MyVirtualNetwork.
    Subnet Select mySubnet.
    PRIVATE DNS INTEGRATION
    Integrate with private DNS zone Select Yes.
    Private DNS Zone Select (New)privatelink.mysql.database.Azure.com

  • Select on OK to save the Private endpoint configuration.

  • After entering the remaining information in the other tabs, select on Review + create to deploy the Azure Database for MySQL flexible server instance.

Note

In some cases, the Azure Database for MySQL flexible server instance and the VNet-subnet are in different subscriptions. In these cases, you must ensure the following configurations:

  • Make sure that both subscriptions have the Microsoft.DBforMySQL/flexibleServer resource provider registered. For more information refer resource-manager-registration.

Manage private endpoints on Azure Database for MySQL flexible server via the Networking tab

  1. Navigate to your Azure Database for MySQL flexible server resource in the Azure portal.

  2. Go to the Networking section under Settings.

  3. In the Private endpoint section, you can manage your private endpoints (Add, Approve, Reject, or Delete).

    Screenshot of networking private link portal page.

Connect to a VM using Remote Desktop (RDP)

After you've created myVm, connect to it from the internet as follows:

  1. In the portal's search bar, enter myVm.

  2. Select the Connect button. After selecting the Connect button, Connect to virtual machine opens.

  3. Select Download RDP File. Azure creates a Remote Desktop Protocol (.rdp) file and downloads it to your computer.

  4. Open the downloaded.rdp file.

    1. If prompted, select Connect.

    2. Enter the username and password you specified when creating the VM.

    Note

    You may need to select More choices > Use a different account to specify the credentials you entered when you created the VM.

  5. Select OK.

  6. You may receive a certificate warning during the sign-in process. Select Yes or Continue if you receive a certificate warning.

  7. Once the VM desktop appears, minimize it to go back to your local desktop.

Access the Azure Database for MySQL flexible server instance privately from the VM

  1. In the Remote Desktop of myVM, open PowerShell.

  2. Enter nslookup myServer.privatelink.mysql.database.azure.com.

    You receive a message similar to this:

    Server: UnKnown
Address: 168.63.129.16
Non-authoritative answer:
Name: myServer.privatelink.mysql.database.azure.com
Address: 10.x.x.x

    Note

    Regardless of the firewall settings or public access being disabled, the ping and telnet tests will successfully verify network connectivity.

  3. Test the private link connection for the Azure Database for MySQL flexible server instance using any available client. The following example uses MySQL Workbench to do the operation.

  4. In New connection, then select this information:

    Setting Value
    Server type Select MySQL.
    Server name Select myServer.privatelink.mysql.database.Azure.com
    User name Enter username as username@servername, provided during the Azure Database for MySQL flexible server instance creation.
    Password Enter a password provided during the Azure Database for MySQL flexible server instance creation.
    SSL Select Required.

  5. Select Connect.

  6. Browse databases from the left menu.

  7. (Optionally) Create or query information from the Azure Database for MySQL flexible server instance.

  8. Close the remote desktop connection to myVm.

Clean up resources

When you're done using the private endpoint, Azure Database for MySQL flexible server instance, and the VM, delete the resource group and all of the resources it contains:

  1. Enter myResourceGroup in the Search box at the top of the portal and select myResourceGroup from the search results.

  2. Select Delete resource group.

  3. Enter myResourceGroup for TYPE THE RESOURCE GROUP NAME and select Delete.

In this section, you learn how to add a private endpoint to the Azure Database for MySQL flexible server instance that you have already created.

  1. In the Azure portal, select Create a resource > Networking > Private Link.

  2. In Private Link Center - Overview, select the option to Create private endpoint.

    Screenshot of private link center portal page.

  3. In Create a private endpoint - Basics, then select the Project details information:

    Setting Value
    Subscription Select your subscription.
    Resource group Select myResourceGroup. You created this in the previous section.
    Instance Details
    Name Enter myPrivateEndpoint. If this name is taken, create a unique name.
    Location Select West Europe.

  4. Select Next: Resource, then select this information:

    Setting Value
    Connection method Select connect to an Azure resource in my directory.
    Subscription Select your subscription.
    Resource type Select Microsoft.DBforMySQL/flexibleServers.
    Resource Select myServer
    Target subresource Select mysqlServer

  5. Select Next: Virtual Network, then select the Networking information:

    Setting Value
    Virtual network Select MyVirtualNetwork.
    Subnet Select mySubnet.

  6. Select Next: DNS, then select the PRIVATE DNS INTEGRATION information:

    Setting Value
    Integrate with private DNS zone Select Yes.
    Private DNS Zone Select (New)privatelink.mysql.database.Azure.com

Note

Use your service's predefined private DNS zone or provide your preferred DNS zone name. For details, refer to the [Azure services DNS zone configuration.

  1. Select Review + create. You're taken to the Review + create page, where Azure validates your configuration.

  2. When you see the Validation passed message, select Create.

Note

The FQDN in the customer's DNS setting does not resolve the private IP configured. You must set up a DNS zone for the configured FQDN as shown here.

Next steps