Quickstart: Configure a point-to-site connection to an Azure SQL Database Managed Instance from on-premises

This quickstart demonstrates how to connect to an Azure SQL Database Managed Instance using SQL Server Management Studio (SSMS) from an on-premises client computer over a point-to-site connection. For information about point-to-site connections, see About Point-to-Site VPN


This quickstart:

Attach a VPN gateway to your Managed Instance virtual network

  1. Open PowerShell on your on-premises client computer.

  2. Copy this PowerShell script. This script attaches a VPN Gateway to the Managed Instance virtual network that you created in the Create a Managed Instance quickstart. This script uses the Azure PowerShell Az Module and will do the following for either Windows or Linux based hosts:

    • Creates and install certificates on client machine

    • Calculates the future VPN Gateway subnet IP range

    • Creates the GatewaySubnet

    • Deploys the Azure Resource Manager template that attaches the VPN Gateway to VPN subnet

      $scriptUrlBase = 'https://raw.githubusercontent.com/Microsoft/sql-server-samples/master/samples/manage/azure-sql-db-managed-instance/attach-vpn-gateway'
      $parameters = @{
        subscriptionId = '<subscriptionId>'
        resourceGroupName = '<resourceGroupName>'
        virtualNetworkName = '<virtualNetworkName>'
        certificateNamePrefix  = '<certificateNamePrefix>'
      Invoke-Command -ScriptBlock ([Scriptblock]::Create((iwr ($scriptUrlBase+'/attachVPNGateway.ps1?t='+ [DateTime]::Now.Ticks)).Content)) -ArgumentList $parameters, $scriptUrlBase
  3. Paste the script in your PowerShell window and provide the required parameters. The values for <subscriptionId>, <resourceGroup>, and <virtualNetworkName> should match the ones that you used for the Create Managed Instance quickstart. The value for <certificateNamePrefix> can be a string of your choice.

  4. Execute the PowerShell script.


Do not continue until the PowerShell script completes.

Create a VPN connection to your Managed Instance

  1. Sign in to the Azure portal.

  2. Open the resource group in which you created the virtual network gateway, and then open the virtual network gateway resource.

  3. Select Point-to-site configuration and then select Download VPN client.

    Download VPN client

  4. On your on-premises client computer, extract the files from the zip file and then open the folder with the extracted files.

  5. Open the `WindowsAmd64 folder and open the VpnClientSetupAmd64.exe file.

  6. If you receive a Windows protected your PC message, click More info and then click Run anyway.

    Install VPN client\

  7. In the User Account Control dialog box, click Yes to continue.

  8. In the dialog box referencing your virtual network, select Yes to install the VPN Client for your virtual network.

Connect to the VPN connection

  1. Go to VPN in Network & Internet on your on-premises client computer and select your Managed Instance virtual network to establish a connection to this VNet. In the following image, the VNet is named MyNewVNet.

    VPN connection

  2. Select Connect.

  3. In the dialog box, select Connect.

    VPN connection

  4. When prompted that Connection Manager needs elevated privilege to update your route table, choose Continue.

  5. Select Yes in the User Account Control dialog box to continue.

    You've established a VPN connection to your Managed Instance VNet.

    VPN connection

Use SSMS to connect to the Managed Instance

  1. On the on-premises client computer, open SQL Server Management Studio (SSMS).

  2. In the Connect to Server dialog box, enter the fully qualified host name for your Managed Instance in the Server name box.

  3. Select SQL Server Authentication, provide your username and password, and then select Connect.

    ssms connect

After you connect, you can view your system and user databases in the Databases node. You can also view various objects in the Security, Server Objects, Replication, Management, SQL Server Agent, and XEvent Profiler nodes.

Next steps