Does DevOps support dacpac deployment to SQL Managed Instance that is sitting behind a vNet?

CarmeloLoPresti-2973 61 Reputation points
2022-10-03T21:06:54.03+00:00

We have a SQL Managed Instance that is configured behind a vNet.
We attempted to deploy dacpacs via DevOps, using Azure hosted agents. The deployment fails, which looks like is due to the MI having the public endpoint disabled. Even though public endpoint is disabled, we tried to add the DevOps service tag to our NSG, which should allow the traffic through, but it still fails.

When we enable the public endpoint (port 3342), the dacpac deployments work.

What is the ideal configuration to have private dacpac deployments so they're private and not using the public endpoint? Is hosting our own DevOps agent on the same vNet as the Managed Instance the only option?

Thanks.

Azure SQL Database
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,198 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Nandan Hegde 29,901 Reputation points MVP
    2022-10-04T03:38:53.01+00:00

    Hey,
    Based on my understanding you would have to set up your own agent within the Vnet of managed instance is the only option similar to below post :
    https://datasharkx.wordpress.com/2021/05/28/automated-deployment-of-sql-server-database-through-azure-devops/

    0 comments No comments

  2. CarmeloLoPresti-2973 61 Reputation points
    2022-10-04T17:41:47.227+00:00

    Thank you. What is the DevOps service tag for then? I would think it should allow traffic to the SQL MI even behind a vNet.


  3. ShaktiSingh-MSFT 13,911 Reputation points Microsoft Employee
    2022-10-10T08:41:13.133+00:00

    Hi @CarmeloLoPresti-2973 ,

    Thanks for your patience.

    Unless something changed, the Microsoft-hosted agent does not have VNet integration capabilities and for that reason they cannot connect to SQL MI via the private endpoint. Users can deploy their own agent (self-host) in an Azure VM and have that VM to MI communication happen via the VNet private endpoint. Azure Pipelines Agents - Azure Pipelines | Microsoft Learn

    Regarding Azure Devops, we have a dedicated support channel for DevOps issues. I would request you to post your query in this DevOps channel so that someone from the dedicated DevOps team can assist you on the Devops part of it.

    Thanks for your support and understanding.

    Hope this will help. Please let us know if any further queries.

    ------------------------------

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you.
      Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification
    0 comments No comments