Connect Azure Cloud Service in Virtual Network to Azure SQL database

Question

I have an Azure Cloud Service (Worker Role) that needs to connect to my Azure SQL database and also connect to an external database.

In development the external database was on the public Internet and connectivity was not a problem.

However, the solution now needs to be deployed in a production environment and access to the external database is to be restricted by setting up a Virtual Network.

The Cloud Service, when deployed in the Virtual Network, gets an IP from the subnet, but seems to become inaccessible to the outside world, and is not connecting to the Azure SQL database (I also cannot RDP to it).

This seems to be beyond my level of understanding of networking, but I don't see why it should lose access to its neighbours in the Azure environment.

What am I missing? Do I need to get involved with Endpoints? Is the Virtual Network misconfigured?

Thanks in advance.

Answer 1

Your question is quite vague, in terms that it does describe the whole picture in the best possible way. Let me put my answer based on my understanding about your issue.

First of all - Azure virtual Network is Virtual Network. It is designed to enable secure cross-premisses connectivity with Windows Azure Data Center.

When you deploy a proper PaaS Cloud Service (Worker Role / Web Role) in a Virtual Network, the role instances get IP Addresses allocated from the defined DHCP pool (the VNet Definition).

When you deploy any service in an Azure Virtual Network you have to take care of Name Resolution! Meaning that, if you do not provide a proper DNS Server, your cloud instances will not be able to resolve any address. That includes Azure SQL Database servers. More on Name Resolution can be read here.

Next, but not less important - Azure SQL Database servers are not part of, and, as of March'2013, cannot be added to Azure Virtual Network!

The last statement means that in order for your Worker Role to access Azre SQL Database server, you need to provide a proper DNS server in your Azure Virtual Network.

And lastly, when you deploy a PaaS service into a Virtual Network, in order to access it via Remote Desktop need to: * Properly enable and configure RDP extension. it will anyway create Input Endpoint. But this is the only way to enable RDP on PaaS right now; * You could probably enable RDP via PowerShell startup script and access RDP via the VPN tunnel for the Virtual Network - say you configured a Site-to-Site or Point-to-site VPN for your Azure VNet.

Check the building cross-premises Virtual Network guide here.