Configure Azure Synapse Link for SQL Server 2022 with network security

This article is a guide for configuring Azure Synapse Link for SQL Server 2022 with network security. Before you begin this process, you should know how to create and start Azure Synapse Link for SQL Server 2022. For information, see Get started with Azure Synapse Link for SQL Server 2022.

Create a managed workspace virtual network without data exfiltration

In this section, you create an Azure Synapse workspace with a managed virtual network enabled. You'll enable managed virtual network, and then select No to allow outbound traffic from the workspace to any target. For an overview, see Azure Synapse Analytics managed virtual network.

Screenshot that shows how to create an Azure Synapse workspace that allows outbound traffic.

  1. Sign in to the Azure portal.

  2. Go to your Azure Synapse workspace, select Networking, and then select the Allow Azure Synapse Link for Azure SQL Database to bypass firewall rules checkbox.

    Screenshot that shows how to enable bypassing firewall rules.

  3. Open Synapse Studio, go to Manage, select Integration runtimes, and then select AutoResolvingIntegrationRuntime.

  4. In the pop-up window, select the Virtual network tab, and then enable Interactive authoring.

    Screenshot that shows how to enable interactive authoring.

  5. On the Integrate pane, create a link connection to replicate data from your SQL Server 2022 instance to the Azure Synapse SQL pool.

    Screenshot that shows how to create a link to an Azure Synapse SQL pool.

    Screenshot that shows how to create a link connection from an Azure SQL Server 2022 instance.

  6. Start your link connection.

    Screenshot of starting a link connection.

Create a managed workspace virtual network with data exfiltration

In this section, you create an Azure Synapse workspace with managed virtual network enabled. You'll enable managed virtual network and select Yes to limit outbound traffic from the managed workspace virtual network to targets through managed private endpoints. For an overview, see Azure Synapse Analytics managed virtual network.

Screenshot that shows how to create an Azure Synapse workspace that disallows outbound traffic.

  1. Sign in to the Azure portal.

  2. Go to your Azure Synapse workspace, select Networking, and then select the Allow Azure Synapse Link for Azure SQL Database to bypass firewall rules checkbox.

    Screenshot that shows how to enable bypassing firewall rules.

  3. Open Synapse Studio, go to Manage, select Integration runtimes, and then select AutoResolvingIntegrationRuntime.

  4. In the pop-up window, select the Virtual network tab, and then enable Interactive authoring.

    Screenshot that shows how to enable interactive authoring.

  5. Create a linked service that connects to your SQL Server 2022 instance.

    To learn how, see the "Create a linked service for your source SQL Server 2022 database" section of Get started with Azure Synapse Link for SQL Server 2022.

  6. Add a role assignment to ensure that you've granted your Azure Synapse workspace managed identity permissions to your Azure Data Lake Storage Gen2 storage account that's used as the landing zone.

    To learn how, see the "Create a linked service to connect to your landing zone on Azure Data Lake Storage Gen2" section of Get started with Azure Synapse Link for SQL Server 2022.

  7. Create a linked service that connects to your Azure Data Lake Storage Gen2 storage (landing zone) with managed private endpoint enabled.

    a. Create a managed private endpoint in the linked service for Azure Data Lake Storage Gen2 storage.

    Screenshot of a new Azure SQL Server 2022 database linked service private endpoint 1.

    b. Complete the managed private endpoint creation in the linked service for Azure Data Lake Storage Gen2 storage.

    Screenshot of a new Azure SQL Server 2022 database linked service private endpoint 2.

    c. Go to the Azure portal for your Azure Data Lake Storage Gen2 storage as a landing zone, and then approve the private endpoint connections.

    Screenshot of a new Azure SQL Server 2022 database linked service private endpoint 3.

    d. Complete the creation of the linked service for Azure Data Lake Storage Gen2 storage.

    Screenshot of new sql db linked service pe4.

  8. Now you can create a link connection from the Integrate pane to replicate data from your SQL Server 2022 instance to an Azure Synapse SQL pool.

    Screenshot that shows how to create a link.

    Screenshot that shows how to create a link from the SQL Server 2022 instance.

  9. Start your link connection.

    Screenshot that shows how to start the link connection.

Next steps

If you're using a database other than a SQL Server 2022 instance, see: