We have a current ExpressRoute configured in Azure. We are routing 10.x.x.x/16 through the ER connection. I created a Azure SQL Managed Instance and want to keep public access completely disabled and unavailable.
The vNet for the SQL MI has a different network space and a single subnet that is delegated to ManagedInstance. I want to be able to connect from a jump box in the DMZ to the SQL managed instance using SSMS. I dont want to have to spin up a bastion and point-to-site isnt an option. They want a private endpoint (link) if possible.
Unfortunately I am not as strong in networking as I would like to be, but this is on my plate so I have to figure it out.
- Is there a way to configure the networking so that
- I can connect from the jump box VM to the private endpoint?
- I dont need to use point-to-site
- I dont need to use a bastion
Do I need to peer a vnet from the SQL managed instance to the ExpressRoute circuit? If so, how do I configure that particular vNet.?
The ExpressRoute has a gateway, do I need to add another gateway to the SQL vNet?
I am on VPN to the corporate network. I can connect to Azure either on or off VPN, but I would prefer I be able to log into VPN (Checkpoint client) and then be able to access the 10.x.x.x private link using SSMS.
From what I understand I will need to be able to access from SSMS for the next several months even longer.
I played around with the private endpoint and read the documentation, but I just dont get it.
Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 84%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
