• +000 0000 000
  • [email protected]
    • Contact Us

    Monthly Archives: January 2021

    1. Home / 2021  / 
    2. January
    Jan 4, 2021
    Configuring endpoints on subnets – Implementing and Managing Virtual Networking

    Configuring endpoints on subnets

    Endpoints, also referred to as service endpoints, allow secure and direct connectivity to Azure services over the Azure backbone network. Endpoints allow you to secure the traffic between your VNets, including subnets, and critical Azure resources such as Key Vault and SQL databases. Service endpoints allow private IP addresses in a VNet to be routed over the Azure backbone without requiring a dedicated public IP address.

    Service endpoints are only supported on a limited number of Azure services.

    Here are some of the key benefits of using service endpoints:

    • Improved security for Azure service resources: Routing of traffic to Azure services to and from the VNet. Subnets are routed through the Azure network without the need to make use of dedicated public IP addresses.

    • Optimal routing for Azure service traffic from your VNet: Optimized routing and keeps traffic on the Azure backbone network, allowing you to still audit and monitor outbound internet-facing traffic.

    • Ease of configuration and management: Less work is required as there are no more public IP addresses required to manage via the firewall and also no Network Address Translation (NAT) or gateway devices to configure and manage.

    Let’s go ahead and configure a SQL service endpoint on a subnet via the Azure portal using the following steps:

    1. Navigate to the Azure portal by opening a web browser and entering the following URL: https://portal.azure.com.
    2. Browse to an RG that has a VNet and Azure SQL deployed. In our case, this will be AZ-104SQL. Select the VNet, which in our case will be VNet_Demo_SQL, and then select Subnets in the Settings blade. Next, choose a subnet:

    Figure 14.27 – Selecting a subnet to configure service endpoints

    1. Next, under SERVICE ENDPOINTS, click on the drop-down menu for Services, and select Microsoft.Sql. Next, click on Save:

    Figure 14.28 – Selecting the SQL service under SERVICE ENDPOINTS

    1. Next, navigate to the SQL server instance, and under Security, select Firewalls and virtual networks:

    Figure 14.29 – Selecting the SQL firewall and VNet option

    1. Select Add existing virtual network in the Virtual networks section:

    Figure 14.30 – Adding an existing VNet to the SQL instance

    Following are the settings to create the network rule:

    ‚ Name: SQLTrafficRule

    ‚ Subscription: Demo (choose your own subscription here)

    ‚ Virtual network: VNet_Demo_SQL

    ‚ Subnet name / Address prefix: SQL / 10.50.0.0/24

    Figure 14.31 – Configuring the traffic rule for the service endpoint

    In this section, we had a look at what service endpoints are and learned how to configure them for an SQL service with a specific subnet.

    We encourage you to read up on Azure service endpoints further by visiting the following link: https://docs.microsoft.com/en-us/azure/virtual-network/ virtual-network-service-endpoints-overview.

    More Details