How to connect to a on premise SQL Server from Azure Managed Grafana
I have a new Azure Managed Grafana instance, and I'd like to connect to a on-premise SQL Server.
We have all of the VPN/Virtual networks setup, and from a vnet connected VM, I'm able to query data.
I have a Private Endpoint (not managed) setup, and it's landing in the correct vnet.
When I attempt to setup the MSSQL data source in Grafana by DNS name (prd-sql01.company.net), I get an immediate failure: lookup prd-sql01.company.net on 127.0.0.11:53: no such host
What's necessary to get an Azure Managed Grafana instance connected to a SQL Instance on a private network?
Azure Managed Grafana
-
Pavan Minukuri • 1,030 Reputation points • Microsoft Vendor
2025-01-11T02:32:02.32+00:00 Hi Sean Lively
Welcome to Microsoft Q&A, Thanks for asking question here!
Please follow with below steps:
1.Both Azure Managed Grafana, and your SQL Server should be in the same virtual network (VNet) or connected through VNet peering. This is important for private connectivity.
2.Create a private endpoint for your SQL Server within the VNet. This allows Grafana to access SQL Server privately, without using the public internet.
3.Since you're using a private endpoint, set up DNS resolution. You may need to link a Private DNS Zone to your VNet, so that the DNS name of your SQL Server (e.g., prd-sql01.company.net) resolves to its private IP
4,Ensure Grafana can resolve the SQL Server’s private IP by checking the DNS settings in Azure Managed Grafana.
5.Ensure the Network Security Group (NSG) rules allow traffic between the Grafana private endpoint and the SQL Server’s private IP. There should be no rules blocking traffic within the VNet or between peered VNets.
6.Update your SQL Server firewall to allow traffic from the private IP of Azure Managed Grafana or from the entire VNet.
7.Make sure you are using a supported authentication method, like SQL authentication or Managed Identity, for connections over private endpoints.
8.After setting everything up, test the connection from Grafana to your SQL Server again. If there are still issues, double-check all settings and make sure there are no typos in DNS names or IP addresses.Please let us know if you required anything!
-
Sean Lively • 0 Reputation points
2025-01-13T16:11:24.07+00:00 @Pavan Minukuri 4: Ensure Grafana can resolve the SQL Server's private IP- Where exactly is the DNS Settings, and how can I test DNS resolution?
-
Pavan Minukuri • 1,030 Reputation points • Microsoft Vendor
2025-01-14T07:00:34.3433333+00:00 Hi Sean Lively
Thanks for replying back!
DNS Settings Configuration:
1.Azure Managed Grafana and Azure SQL Server are in the same virtual network (VNet) or connected via VNet peering for internal communication.
2.Set up private endpoints for both services, with Grafana having a private endpoint in the same VNet as Azure SQL Server or in a peered VNet.
3.Configure Network Security Group (NSG) rules to allow traffic between the Grafana private endpoint and the SQL Server's private IP, ensuring no rules block internal traffic.
4.Link a Private DNS Zone to your VNet to resolve the SQL Server's private IP address, creating and linking the DNS zone correctly.
5.Update the SQL Server VM firewall rules to allow traffic from Grafana's private IP or the virtual network range.
Testing DNS Resolution:
To test if your DNS settings are correctly resolving the SQL Server's private IP, you can use several methods:1.Using **
nslookup
**Command:Open your command prompt. run the below command
nslookup <SQL_Server_Hostname>
Replace <SQL_Server_Hostname> with your SQL Server's actual hostname to get the resolved IP address if DNS is working correctly.
2.Using **ping
**Command:
You can also useping
to check if the hostname resolves.ping <SQL_Server_Hostname>
This command will show you if there’s a response from the server, indicating successful resolution
3.try flushing your DNS cache
Windows
ipconfig /flushdns
Linux
sudo systemd-resolve --flush-caches
After flushing, retry the
nslookup
orping
commandsPlease let us know if you required anything!
-
Benz, Dennis • 0 Reputation points
2025-01-14T13:49:39.17+00:00 I encountered the same issue. It seems that using a custom hostname like "prd-sql01.company.net" in the Azure Managed Grafana version is not supported. This limitation likely arises because the Microsoft-managed worker, where the Grafana instance runs, cannot resolve custom DNS entries such as a private DNS Zone in Azure. As a result, using an IP address appears to be the only viable option.
Azure Managed Grafana might not be the best option for a hybrid scenario. You could try using the IP address of the SQL Database as an alternative, but keep in mind the importance of the database's SSL/TLS settings. Grafana can only establish a connection if the SSL/TLS configuration aligns with the requirements of your SQL database. -
Sean Lively • 0 Reputation points
2025-01-14T16:57:33.9833333+00:00 @Pavan Minukuri I currently have App Services on Azure successfully connecting to on premise SQL Servers, so the VNet/VPN/DNS infrastructure is setup correctly, and the custom DNS servers are set correctly on the vnet the Grafana's private endpoint is connected to.
How can I test the DNS resolution inside of Grafana?
Can you also comment on Dennis's experience?
-
Pavan Minukuri • 1,030 Reputation points • Microsoft Vendor
2025-01-14T17:56:22.6666667+00:00 Thanks for replying backSean Lively
1.How can I test the DNS resolution inside of Grafana?
Grafana doesn't resolve DNS names directly, but you can use dashboards with ping and response tests to check DNS resolution issues by measuring response times.
For a direct approach without external tools like Telegraf, use a custom script or plugin to execute DNS queries.
1.create a custom data source plugin for Grafana to connect with your DNS server and retrieve the information.
2.Check the Grafana plugin repository for plugins that support network monitoring or DNS queries.
3.If you know JavaScript, you can write a simple function in Node.js to resolve domain names.const dns = require('dns'); dns.resolve4('dns.google.com', (err, addresses) => { if (err) throw err; console.log(`Addresses: ${JSON.stringify(addresses)}`); });
2.Can you also comment on Dennis's experience?
The challenges with Azure Managed Grafana and custom hostnames, like "prd-sql01.company.net," are due to the service's limitation in resolving private DNS entries.
1.Azure Managed Grafana doesn't support custom domain names, so users must use the default Azure-generated URLs, and custom domains often lead to connection failures due to DNS resolution issues.
2.Azure Managed Grafana is designed for public network access and doesn’t support direct connections to private IPs or networks without additional setup, like a Virtual Network (VNet) or VPN.
3.Due to DNS resolution limitations, using the IP address of your SQL database is a recommended workaround, but make sure SSL/TLS settings are properly configured for a secure connection.
4.Using the SQL Database's IP address is a viable alternative, but ensure the SSL/TLS configuration is compatible with Grafana's requirements.
5.In a hybrid environment, you may need to set up a Private Endpoint for Azure Managed Grafana within your VNet to ensure secure access to Azure resources while following network security protocols.
6.Microsoft announcements on updates to Azure Managed Grafana, particularly regarding custom domains and private network connections, as these features may change based on user feedback.
Reference link: https://learn.microsoft.com/en-us/azure/managed-grafana/troubleshoot-managed-grafana
https://stackoverflow.com/questions/76005443/azure-managed-grafana-with-custom-url
Please let us know if you required anything
-
Benz, Dennis • 0 Reputation points
2025-01-15T13:13:06.3966667+00:00 I attempted to connect to the On-Premises SQL Server using its private IP address (Managed Grafana with Private Endpoint, VNet Peering, VPN Gateway, etc.), but the connection still fails. I believe the issue lies in the fact that the On-Premises SQL Server forces SSL/TLS encryption, and since this is an Azure Managed Grafana instance, it’s not possible to load a certificate file path due to the limitations of the managed environment.
Disabling the SSL/TLS encryption enforcement on the On-Premises SQL Server is not an option. Additionally, using a certificate with a private IP address as the common name (CN) is generally not feasible. It seems I may need to explore an alternative solution for this scenario.
@Pavan Minukuri what do think about that?
-
Sean Lively • 0 Reputation points
2025-01-15T17:37:17.01+00:00 @Pavan Minukuri So Azure Managed Grafana does not use the DNS settings on the Private Endpoint's VNet, and there's no way to set custom DNS Servers?
-
Pavan Minukuri • 1,030 Reputation points • Microsoft Vendor
2025-01-15T19:46:45.4266667+00:00 Sean Lively
Azure Managed Grafana does not support custom DNS servers for private endpoints and uses Azure's default DNS resolution instead.
can integrate a private endpoint for Azure Managed Grafana with a private DNS zone, but it won't allow custom DNS server configurations and will still use Azure's DNS service for name resolution.
Azure Managed Grafana does not support custom domain names, and users have reported 404 errors when setting up CNAME records due to misconfigurations or unsupported features.
Ensure the private DNS zone is correctly linked to the VNet and necessary records are created, but DNS changes must be made within Azure's provided services.
Azure Managed Grafana allows for private access through private endpoints and private DNS zones, it does not permit the configuration of custom DNS servers or direct support for custom domain names. -
Sean Lively • 0 Reputation points
2025-01-15T20:15:17.4066667+00:00 @Pavan Minukuri Is there an open request somewhere for Azure Managed Grafana to use custom DNS servers like App Services does?
Is there also an open request to attach Grafana directly to a VNet?
Sign in to comment