Communication between Azure accounts and Druva services is secured with the Azure PrivateLink, ensuring network traffic stays securely within the Azure network and is never exposed to the public Internet. Azure PrivateLink connects to different services via private endpoints— IP addresses within a VNet and subnet.
This topic covers how to set up private endpoints for Azure SQL databases and Azure Managed Instances.
Set up Private endpoints for the Azure SQL databases
Prerequisites
On the Management Console, if you see an option to update the Tenant Registration, click and update your tenant permissions before proceeding.
Procedure
Log in to the Azure Console.
Search your Azure SQL server and create a Private Endpoint for that SQL server in the same region as your SQL resource. For more information on creating a Private Endpoint, see Quickstart: Create a private endpoint by using the Azure portal.
Note:
While creating a Private Endpoint,On the Virtual Network tab, make sure you attach a different VNet/subnet than the one attached to your SQL server.
On the DNS tab, make sure the DNS zone name is
privatelink.database.windows.netDNS zone. If not present, create a new DNS zone —privatelink.database.windows.net.
In the Private Endpoint created, go to the Network interface and copy the Private IPv4 address.
Link the virtual network by performing the following steps:
In the top search box, search for Private DNS zones and go to the
privatelink.database.windows.netDNS zone.
In the DNS Zone created above, from the left navigation pane, click DNS Management > Virtual Network Links and add a new Virtual Network Link. For detailed steps, see Link the virtual network.
Note: Make sure you select the same VNet that you used while creating the Private Endpoint.Add a recordset by clicking DNS Management > Recordsets. Enter the IP address of the Private Endpoint (copied in the Step. 3 above). For detailed steps, see Create another DNS record.
Next Steps
Run discovery and proceed with backups.
Set up Private endpoints for the Azure Managed Instances
Prerequisites
On the Management Console, if you see an option to update the Tenant Registration, click and update your tenant permissions before proceeding.
Procedure
Log in to the Azure Console.
Search your Azure Managed Instance and create a Private Endpoint for that managed instance in the same region as your SQL resource. For more information on creating a Private Endpoint, see Quickstart: Create a private endpoint by using the Azure portal.
Note:
While creating a Private Endpoint,
On the Virtual Network tab, make sure you attach a different VNet/subnet than the one attached to your managed instance.
On the DNS tab, Private DNS integration will be set to No, proceed anyway
3. In the Private Endpoint created, go to the Network interface and copy the Private IPv4 address.
4. Link the virtual network by performing the following steps:
In the top search box, search for Private DNS zones and check if the region-specific DNS zone is present. If not, create a new one.
Note:
While creating the DNS zone, in the instance name, make sure you use the region of the DNS zone of your managed instance. You can get the DNS zone in the
fullyQualifiedDomainNameproperty. The format for the same will beprivatelink.{dnszone}.database.windows.net.
In the DNS Zone created above, from the left navigation pane, click DNS Management > Virtual Network Links and add a new Virtual Network Link. For detailed steps, see Link the virtual network.
Note: Make sure you select the same VNet that you used while creating the Private Endpoint.Add a recordset by clicking DNS Management > Recordsets. Enter the IP address of the Private Endpoint (copied in the Step. 3 above). For detailed steps, see Create another DNS record.
Next Steps
Run discovery and proceed with backups.