Author : MD TAREQ HASSAN | Updated : 2021/08/31
Prerequisites
- VPN or ExpressRoute connection between Azure VNet and on-premise network
- SQL Server Management Studio (SSMS) installed in a PC (mentioned that the PC belongs to on-premise network and that network is connected to Azure VNet)
Check that Azure SQL Managed Instance is reachable from the PC (in which SSMS is installed)
- Go to Managed Instance > Overview > copy host DNS label
- Open CMD > ping host DNS lavel
- If Managed Instance is reachable, then reply will come back from private IP
If Managed Instance is not reachable
- Check VPN or ExpressRoute connection
- Add rule to Managed Instance NSG to allow connection from SSMS running in on-premise PC
Adding NSG Rule to Allow Connection from On-premise
- Go to Azure portal > Target Resource Group > Managed Instance NSG > Inbound security rules > Add
- NSG Rule Parameters:
- Source: IP Addresses
- Source IP Addresses / CIDR ranges: Private IP of the PC/VM in which SSMS is running or CIDR of on-premise network where that PC belongs
- Source port ranges: single port (i.e. 1433) or “” (“” -> means Any)
- Destination: IP Addresses
- Destination IP addresses / CIDR ranges: Subnet CIDR where Managed Instance is deployed (example: 10.10.1.0/24)
- Service: MS SQL
- Action: Allow
- Priority: n (n -> weighted number, rules will be processed from low to high)
Use SSMS to Connect to Managed Instance
- Server Type: database engine
- Server Name: host DNS label of Managed Instance (get host DNS label from overview page of Managed Instance resource in Azure portal)
- Authentication: SQL Server Authentication
- Use login id and password