Quickstart: Create a Private Endpoint using Azure portal

A Private Endpoint is the fundamental building block for private link in Azure. It enables Azure resources, like Virtual Machines (VMs), to communicate privately with private link resources. In this Quickstart, you will learn how to create a VM on an Azure Virtual Network, a logical SQL server with an Azure private endpoint using the Azure portal. Then, you can securely access SQL Database from the VM.

If you don't have an Azure subscription, create a free account before you begin.

Sign in to Azure

Sign in to the Azure portal at https://portal.azure.com.

Create a VM

In this section, you will create virtual network and the subnet to host the VM that is used to access your Private Link resource (a SQL server in Azure in this example).

Virtual network and parameters

In this section, you will create a Virtual Network and the subnet to host the VM that is used to access your Private Link resource.

In this section you'll need to replace the following parameters in the steps with the information below:

Parameter Value
<resource-group-name> myResourceGroup
<virtual-network-name> myVirtualNetwork
<region-name> West Central US
<IPv4-address-space> 10.1.0.0/16
<subnet-name> mySubnet
<subnet-address-range> 10.1.0.0/24

Create the virtual network

In this section, you'll create a virtual network and subnet.

  1. On the upper-left side of the screen, select Create a resource > Networking > Virtual network or search for Virtual network in the search box.

  2. In Create virtual network, enter or select this information in the Basics tab:

    Setting Value
    Project Details
    Subscription Select your Azure subscription
    Resource Group Select Create new, enter <resource-group-name>, then select OK, or select an existing <resource-group-name> based on parameters.
    Instance details
    Name Enter <virtual-network-name>
    Region Select <region-name>
  3. Select the IP Addresses tab or select the Next: IP Addresses button at the bottom of the page.

  4. In the IP Addresses tab, enter this information:

    Setting Value
    IPv4 address space Enter <IPv4-address-space>
  5. Under Subnet name, select the word default.

  6. In Edit subnet, enter this information:

    Setting Value
    Subnet name Enter <subnet-name>
    Subnet address range Enter <subnet-address-range>
  7. Select Save.

  8. Select the Review + create tab or select the Review + create button.

  9. Select Create.

Create Virtual Machine

  1. On the upper-left side of the screen in the Azure portal, select Create a resource > Compute > Virtual Machine.

  2. In Create a virtual machine - Basics, enter or select this information:

    Setting Value
    PROJECT DETAILS
    Subscription Select your subscription.
    Resource group Select myResourceGroup. You created this in the previous section.
    INSTANCE DETAILS
    Virtual machine name Enter myVm.
    Region Select WestCentralUS.
    Availability options Leave the default No infrastructure redundancy required.
    Image Select Windows Server 2019 Datacenter.
    Size Leave the default Standard DS1 v2.
    ADMINISTRATOR ACCOUNT
    Username Enter a username of your choosing.
    Password Enter a password of your choosing. The password must be at least 12 characters long and meet the defined complexity requirements.
    Confirm Password Reenter password.
    INBOUND PORT RULES
    Public inbound ports Leave the default None.
    SAVE MONEY
    Already have a Windows license? Leave the default No.
  3. Select Next: Disks.

  4. In Create a virtual machine - Disks, leave the defaults and select Next: Networking.

  5. In Create a virtual machine - Networking, select this information:

    Setting Value
    Virtual network Leave the default MyVirtualNetwork.
    Address space Leave the default 10.1.0.0/24.
    Subnet Leave the default mySubnet (10.1.0.0/24).
    Public IP Leave the default (new) myVm-ip.
    Public inbound ports Select Allow selected ports.
    Select inbound ports Select HTTP and RDP.
  6. Select Review + create. You're taken to the Review + create page where Azure validates your configuration.

  7. When you see the Validation passed message, select Create.

Create a logical SQL server

In this section, you will create a logical SQL server in Azure.

  1. On the upper-left side of the screen in the Azure portal, select Create a resource > Databases > SQL database.

  2. In Create SQL database - Basics, enter or select this information:

    Setting Value
    Database details
    Subscription Select your subscription.
    Resource group Select myResourceGroup. You created this in the previous section.
    INSTANCE DETAILS
    Database name Enter mydatabase. If this name is taken, create a unique name.
  3. In Server, select Create new.

  4. In New server, enter or select this information:

    Setting Value
    Server name Enter myserver. If this name is taken, create a unique name.
    Server admin login Enter an administrator name of your choosing.
    Password Enter a password of your choosing. The password must be at least 8 characters long and meet the defined requirements.
    Location Select an Azure region where you want to want your SQL Server to reside.
  5. Select OK.

  6. Select Review + create. You're taken to the Review + create page where Azure validates your configuration.

  7. When you see the Validation passed message, select Create.

  8. When you see the Validation passed message, select Create.

Create a private endpoint

In this section, you will create a SQL server and add a private endpoint to it.

  1. On the upper-left side of the screen in the Azure portal, select Create a resource > Networking > Private Link Center (Preview).

  2. In Private Link Center - Overview, on the option to Build a private connection to a service, select Start.

  3. In Create a private endpoint (Preview) - Basics, enter or select this information:

    Setting Value
    Project details
    Subscription Select your subscription.
    Resource group Select myResourceGroup. You created this in the previous section.
    INSTANCE DETAILS
    Name Enter myPrivateEndpoint. If this name is taken, create a unique name.
    Region Select WestCentralUS.
  4. Select Next: Resource.

  5. In Create a private endpoint - Resource, enter or select this information:

    Setting Value
    Connection method Select connect to an Azure resource in my directory.
    Subscription Select your subscription.
    Resource type Select Microsoft.Sql/servers.
    Resource Select myServer
    Target sub-resource Select sqlServer
  6. Select Next: Configuration.

  7. In Create a private endpoint (Preview) - Configuration, enter or select this information:

    Setting Value
    NETWORKING
    Virtual network Select MyVirtualNetwork.
    Subnet Select mySubnet.
    PRIVATE DNS INTEGRATION
    Integrate with private DNS zone Select Yes.
    Private DNS Zone Select (New)privatelink.database.windows.net
  8. Select Review + create. You're taken to the Review + create page where Azure validates your configuration.

  9. When you see the Validation passed message, select Create.

Connect to a VM using Remote Desktop (RDP)

After you've created myVm, connect to it from the internet as follows:

  1. In the portal's search bar, enter myVm.

  2. Select the Connect button. After selecting the Connect button, Connect to virtual machine opens.

  3. Select Download RDP File. Azure creates a Remote Desktop Protocol (.rdp) file and downloads it to your computer.

  4. Open the downloaded.rdp file.

    1. If prompted, select Connect.

    2. Enter the username and password you specified when creating the VM.

      Note

      You may need to select More choices > Use a different account, to specify the credentials you entered when you created the VM.

  5. Select OK.

  6. You may receive a certificate warning during the sign-in process. If you receive a certificate warning, select Yes or Continue.

  7. Once the VM desktop appears, minimize it to go back to your local desktop.

Access SQL Database privately from the VM

  1. In the Remote Desktop of myVM, open PowerShell.

  2. Enter nslookup myserver.database.windows.net.

    You'll receive a message similar to this:

    Server:  UnKnown
    Address:  168.63.129.16
    Non-authoritative answer:
    Name:    myserver.privatelink.database.windows.net
    Address:  10.0.0.5
    Aliases:   myserver.database.windows.net
    
  3. Install SQL Server Management Studio.

  4. In Connect to server, enter or select this information:

    Setting Value
    Server type Select Database Engine.
    Server name Select myserver.database.windows.net
    User name Enter username as username@servername which is provided during the SQL server creation.
    Password Enter a password provided during the SQL server creation.
    Remember password Select Yes.
  5. Select Connect.

  6. Browse databases from left menu.

  7. (Optionally) Create or query information from mydatabase.

  8. Close the remote desktop connection to myVm.

Clean up resources

When you're done using the private endpoint, SQL server, and the VM, delete the resource group and all of the resources it contains:

  1. Enter myResourceGroup in the Search box at the top of the portal and select myResourceGroup from the search results.
  2. Select Delete resource group.
  3. Enter myResourceGroup for TYPE THE RESOURCE GROUP NAME and select Delete.

Next steps

In this quickstart, you created a VM on a virtual network, a logical SQL server, and a private endpoint for private access. You connected to one VM from the internet and securely communicated to SQL Database using Private Link. To learn more about private endpoints, see What is Azure private endpoint?.