Share via

create a jump server in one subscription and it allows access to SQL servers with in another subscription

nadha 20 Reputation points
2023-10-11T09:00:58.0633333+00:00

We have hub and spoke network topology connecting our azure subscription

Currently we have Need to create a jump server in one subscription and it allows access to SQL servers in another subscription is this possible design

or create jump server in HUB subscription and access to SQL servers in another subscription

Can you suggest which is the recommended design

Azure VMware Solution
Azure VMware Solution
An Azure service that runs native VMware workloads on Azure.
391 questions
Windows for business | Windows Server | User experience | Other
SQL Server | Other
Accepted answer
  1. vipullag-MSFT 26,487 Reputation points Moderator
    2023-10-12T06:00:43.08+00:00

    Hello nadha

    Welcome to Microsoft Q&A Platform, thanks for posting your query here.

    Yes, it is possible to create a jump server in one subscription and allow access to SQL servers in another subscription in a hub and spoke network topology.

    One option is to create the jump server in the hub subscription and configure it to allow access to the SQL servers in the spoke subscription. This can be done by configuring the appropriate network security group (NSG) rules and firewall rules to allow traffic between the jump server and the SQL servers.

    Another option is to create the jump server in the spoke subscription where the SQL servers are located. This can be done by configuring the appropriate NSG rules and firewall rules to allow traffic between the jump server and the SQL servers, as well as between the spoke subscription and the hub subscription.

    Both options are valid and can work depending on your specific requirements and security needs. However, the recommended design would depend on your specific use case and security requirements.

    If you have strict security requirements and want to minimize the attack surface, it may be better to create the jump server in the spoke subscription where the SQL servers are located. This would limit the exposure of the SQL servers to the hub subscription and reduce the risk of unauthorized access.

    On the other hand, if you have a large number of SQL servers in different spoke subscriptions and want to centralize management and monitoring, it may be better to create the jump server in the hub subscription and configure it to allow access to the SQL servers in the spoke subscriptions. This would allow you to manage and monitor all the SQL servers from a central location and simplify administration.

    Hope that helps.

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.