您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

教程:使用 Azure 专用终结点连接到 Azure SQL 服务器 - Azure 门户Tutorial: Connect to an Azure SQL server using an Azure Private Endpoint - Azure portal

Azure 专用终结点是 Azure 中专用链接的构建基块。Azure Private endpoint is the fundamental building block for Private Link in Azure. 它使 Azure 资源(例如虚拟机 (VM))能够以私密方式来与专用链接资源通信。It enables Azure resources, like virtual machines (VMs), to communicate with Private Link resources privately.

在本教程中,你将了解如何执行以下操作:In this tutorial, you learn how to:

  • 创建虚拟网络和 Bastion 主机。Create a virtual network and bastion host.
  • 创建虚拟机。Create a virtual machine.
  • 创建 Azure SQL 服务器和专用终结点。Create a Azure SQL server and private endpoint.
  • 测试到 SQL 服务器专用终结点的连接。Test connectivity to the SQL server private endpoint.

必备条件Prerequisites

登录 AzureSign in to Azure

通过 https://portal.azure.com 登录到 Azure 门户。Sign in to the Azure portal at https://portal.azure.com.

创建虚拟网络和堡垒主机Create a virtual network and bastion host

在本部分中,你将创建虚拟网络、子网和堡垒主机。In this section, you'll create a virtual network, subnet, and bastion host.

堡垒主机将用于安全地连接到虚拟机,以测试专用终结点。The bastion host will be used to connect securely to the virtual machine for testing the private endpoint.

  1. 在屏幕的左上方选择“创建资源”>“网络”>“虚拟网络”,或者在搜索框中搜索“虚拟网络”。 On the upper-left side of the screen, select Create a resource > Networking > Virtual network or search for Virtual network in the search box.

  2. 在“创建虚拟网络” 的“基本信息”选项卡中输入或选择以下信息 :In Create virtual network, enter or select this information in the Basics tab:

    设置Setting Value
    项目详细信息Project Details
    订阅Subscription 选择 Azure 订阅Select your Azure subscription
    资源组Resource Group 选择“CreateSQLEndpointTutorial-rg”Select CreateSQLEndpointTutorial-rg
    实例详细信息Instance details
    名称Name 输入“myVNet”Enter myVNet
    区域Region 选择“美国东部”Select East US
  3. 选择“IP 地址”选项卡 ,或选择页面底部的“下一步: IP 地址”按钮。Select the IP Addresses tab or select the Next: IP Addresses button at the bottom of the page.

  4. 在“IP 地址” 选项卡上,输入以下信息:In the IP Addresses tab, enter this information:

    设置Setting Value
    IPv4 地址空间IPv4 address space 输入“10.1.0.0/16”Enter 10.1.0.0/16
  5. 在“子网名称”下,选择词语“默认”。Under Subnet name, select the word default.

  6. 在“编辑子网”中输入以下信息: In Edit subnet, enter this information:

    设置Setting Value
    子网名称Subnet name 输入 mySubnetEnter mySubnet
    子网地址范围Subnet address range 输入“10.1.0.0/24”Enter 10.1.0.0/24
  7. 选择“保存” 。Select Save.

  8. 选择“安全”选项卡。Select the Security tab.

  9. 在“BastionHost”下,选择“启用” 。Under BastionHost, select Enable. 输入此信息:Enter this information:

    设置Setting Value
    Bastion 名称Bastion name 输入“myBastionHost”Enter myBastionHost
    AzureBastionSubnet 地址空间AzureBastionSubnet address space 输入“10.1.1.0/24”Enter 10.1.1.0/24
    公共 IP 地址Public IP Address 选择“新建”。Select Create new.
    对于“名称”,请输入“myBastionIP” 。For Name, enter myBastionIP.
    选择“确定”。Select OK.
  10. 选择“查看 + 创建”选项卡,或选择“查看 + 创建”按钮。Select the Review + create tab or select the Review + create button.

  11. 选择“创建”。Select Create.

创建虚拟机Create a virtual machine

在本部分中,你将创建将用来测试专用终结点的虚拟机。In this section, you'll create a virtual machine that will be used to test the private endpoint.

  1. 在门户的左上方,选择“创建资源” > “计算” > “虚拟机”,或者在搜索框中搜索“虚拟机”。 On the upper-left side of the portal, select Create a resource > Compute > Virtual machine or search for Virtual machine in the search box.

  2. 在“创建虚拟机”中,在“基本信息”选项卡中键入或选择值:In Create a virtual machine, type or select the values in the Basics tab:

    设置Setting Value
    项目详细信息Project Details
    订阅Subscription 选择 Azure 订阅Select your Azure subscription
    资源组Resource Group 选择“CreateSQLEndpointTutorial”Select CreateSQLEndpointTutorial
    实例详细信息Instance details
    虚拟机名称Virtual machine name 输入“myVM”Enter myVM
    区域Region 选择“美国东部”Select East US
    可用性选项Availability Options 选择“无需基础结构冗余”Select No infrastructure redundancy required
    映像Image 选择“Windows Server 2019 Datacenter - Gen1”Select Windows Server 2019 Datacenter - Gen1
    Azure Spot 实例Azure Spot instance 请选择“否”Select No
    大小Size 选择 VM 大小或采用默认设置Choose VM size or take default setting
    管理员帐户Administrator account
    用户名Username 输入用户名Enter a username
    密码Password 输入密码Enter a password
    确认密码Confirm password 重新输入密码Reenter password
  3. 选择“网络”选项卡,或选择“下一步: 磁盘”,然后选择“下一步: 网络”。Select the Networking tab, or select Next: Disks, then Next: Networking.

  4. 在“网络”选项卡中,选择或输入:In the Networking tab, select or enter:

    设置Setting Value
    网络接口Network interface
    虚拟网络Virtual network myVNetmyVNet
    子网Subnet mySubnetmySubnet
    公共 IPPublic IP 选择“无”。Select None.
    NIC 网络安全组NIC network security group 基本Basic
    公共入站端口Public inbound ports 选择“无”。Select None.
  5. 选择“查看 + 创建”。Select Review + create.

  6. 检查设置,然后选择“创建”。Review the settings, and then select Create.

创建 Azure SQL 服务器和专用终结点Create an Azure SQL server and private endpoint

本部分将在 Azure 中创建一个 SQL 服务器。In this section, you'll create a SQL server in Azure.

  1. 在 Azure 门户屏幕的左上方,选择“创建资源” > “数据库” > “SQL 数据库”。 On the upper-left side of the screen in the Azure portal, select Create a resource > Databases > SQL database.

  2. 在“创建 SQL 数据库”的“基本信息”选项卡中,输入或选择以下信息: In the Basics tab of Create SQL database, enter, or select this information:

    设置Setting Value
    项目详细信息Project details
    订阅Subscription 选择订阅。Select your subscription.
    资源组Resource group 选择“CreateSQLEndpointTutorial”。Select CreateSQLEndpointTutorial. 我们在上一部分创建了此资源组。You created this resource group in the previous section.
    数据库详细信息Database details
    数据库名称Database name 输入 mysqldatabase。Enter mysqldatabase. 如果此名称已被使用,请创建唯一的名称。If this name is taken, create a unique name.
    服务器Server 选择“新建”。Select Create new.
  3. 在“新建服务器”中,输入或选择以下信息:In New server, enter or select this information:

    设置Setting Value
    服务器名称Server name 输入 mysqlserverEnter mysqlserver. 如果此名称已被使用,请创建唯一的名称。If this name is taken, create a unique name.
    服务器管理员登录名Server admin login 输入所选的管理员名称。Enter an administrator name of your choosing.
    密码Password 输入所选密码。Enter a password of your choosing. 密码长度必须至少为 8 个字符,且符合定义的要求。The password must be at least 8 characters long and meet the defined requirements.
    位置Location 选择“美国东部”Select East US
  4. 选择“确定” 。Select OK.

  5. 选择“网络”选项卡,或选择“下一步: 网络”按钮。Select the Networking tab or select the Next: Networking button.

  6. 在“网络”选项卡中,输入或选择以下信息:In the Networking tab, enter or select this information:

    设置Setting Value
    网络连接Network connectivity
    连接方法Connectivity method 选择“专用终结点”。Select Private endpoint.
  7. 在“专用终结点”中选择“+ 添加专用终结点” 。Select + Add private endpoint in Private endpoints.

  8. 在“创建专用终结点”中,输入或选择以下信息:In Create private endpoint, enter or select this information:

    设置Setting Value
    订阅Subscription 选择订阅。Select your subscription.
    资源组Resource group 选择“CreateSQLEndpointTutorial”。Select CreateSQLEndpointTutorial.
    位置Location 选择“美国东部”。Select East US.
    名称Name 输入 myPrivateSQLendpoint。Enter myPrivateSQLendpoint.
    目标子资源Target sub-resource 选择“SQLServer”。Select SQLServer.
    网络Networking
    虚拟网络Virtual network 选择“myVNet”。Select myVNet.
    子网Subnet 选择“mySubnet”。Select mySubnet.
    专用 DNS 集成Private DNS integration
    与专用 DNS 区域集成Integrate with private DNS zone 保留默认值“是”。Leave the default Yes.
    专用 DNS 区域Private DNS Zone 保留默认值“(新建) privatelink.database.windows.net”。Leave the default (New) privatelink.database.windows.net.
  9. 选择“确定” 。Select OK.

  10. 选择“查看 + 创建”。Select Review + create.

  11. 选择“创建”。Select Create.

测试到专用终结点的连接Test connectivity to private endpoint

本部分将使用在上一步骤中创建的虚拟机通过专用终结点连接到 SQL 服务器。In this section, you'll use the virtual machine you created in the previous step to connect to the SQL server across the private endpoint.

  1. 在左侧导航窗格中选择“资源组”。Select Resource groups in the left-hand navigation pane.

  2. 选择“CreateSQLEndpointTutorial”。Select CreateSQLEndpointTutorial.

  3. 选择“myVM”。Select myVM.

  4. myVM 的“概述”页上,选择“连接”,然后选择“堡垒”。On the overview page for myVM, select Connect then Bastion.

  5. 选择蓝色的“使用堡垒”按钮。Select the blue Use Bastion button.

  6. 输入在创建虚拟机期间输入的用户名和密码。Enter the username and password that you entered during the virtual machine creation.

  7. 连接后,在服务器上打开 Windows PowerShell。Open Windows PowerShell on the server after you connect.

  8. 输入 nslookup <sqlserver-name>.database.windows.netEnter nslookup <sqlserver-name>.database.windows.net. 将 <sqlserver-name> 替换为在上一步骤中创建的 SQL 服务器的名称。Replace <sqlserver-name> with the name of the SQL server you created in the previous steps. 你将收到类似于以下所示内容的消息:You'll receive a message similar to what is displayed below:

    Server:  UnKnown
    Address:  168.63.129.16
    
    Non-authoritative answer:
    Name:    mysqlserver8675.privatelink.database.windows.net
    Address:  10.1.0.5
    Aliases:  mysqlserver8675.database.windows.net
    

    将为 SQL 服务器名称返回专用 IP 地址 10.1.0.5。A private IP address of 10.1.0.5 is returned for the SQL server name. 此地址位于你之前创建的虚拟网络的子网中。This address is in the subnet of the virtual network you created previously.

  9. 在 myVM 上安装 SQL Server Management StudioInstall SQL Server Management Studio on myVM.

  10. 打开 SQL Server Management Studio 。Open SQL Server Management Studio.

  11. 在“连接服务器”中,输入或选择以下信息:In Connect to server, enter or select this information:

    设置Setting Value
    服务器类型Server type 选择“数据库引擎”。Select Database Engine.
    服务器名称Server name 输入 <sqlserver-name>.database.windows.netEnter <sqlserver-name>.database.windows.net
    身份验证Authentication 选择“SQL Server 身份验证”。Select SQL Server Authentication.
    用户名User name 输入在服务器创建过程中所输入的用户名Enter the username you entered during server creation
    PasswordPassword 输入在服务器创建过程中所输入的密码Enter the password you entered during server creation
    记住密码Remember password 请选择“是”。Select Yes.
  12. 选择“连接” 。Select Connect.

  13. 浏览左侧菜单中的数据库。Browse databases from left menu.

  14. (可选)创建或查询 mydatabase 中的信息。(Optionally) Create or query information from mysqldatabase.

  15. 关闭与 myVM 的远程桌面连接。Close the remote desktop connection to myVM.

清理资源Clean up resources

用完专用终结点、SQL 服务器和 VM 之后,请删除资源组及其包含的所有资源:When you're done using the private endpoint, SQL server, and the VM, delete the resource group and all of the resources it contains:

  1. 在门户顶部的“搜索”框中输入 CreateSQLEndpointTutorial,然后从搜索结果中选择“CreateSQLEndpointTutorial” 。Enter CreateSQLEndpointTutorial in the Search box at the top of the portal and select CreateSQLEndpointTutorial from the search results.
  2. 选择“删除资源组”。Select Delete resource group.
  3. 在“键入资源组名称”中输入 CreateSQLEndpointTutorial,然后选择“删除” 。Enter CreateSQLEndpointTutorial for TYPE THE RESOURCE GROUP NAME and select Delete.

后续步骤Next steps

在本教程中,你已创建:In this tutorial, you created a:

  • 虚拟网络和堡垒主机。Virtual network and bastion host.
  • 虚拟机。Virtual machine.
  • 具有专用终结点的 Azure SQL 服务器。Azure SQL server with private endpoint.

你使用虚拟机通过专用终结点安全测试了到 SQL 服务器的连接。You used the virtual machine to test connectivity securely to the SQL server across the private endpoint.

对于下一步,你可能还会对“与 Azure SQL 数据库建立专用连接的 Web 应用”体系结构场景感兴趣,该场景将虚拟网络以外的 Web 应用程序连接到数据库的专用终结点。As a next step, you may also be interested in the Web app with private connectivity to Azure SQL database architecture scenario, which connects a web application outside of the virtual network to the private endpoint of a database.