Hi ,
Thanks for reaching out to Microsoft Q&A.
You can connect Azure Managed Grafana to a private Azure SQL VM without needing to expose either resource to the public network by setting up both on a private network and using private IPs Here’s how you can achieve that:
- Ensure both Azure Managed Grafana and Azure SQL VM are deployed in the same virtual network (VNet) or connected via VNet peering.
- Set up private endpoints for both services. Azure Managed Grafana should have a private endpoint within the same VNet where the Azure SQL VM resides or a peered VNet.
- Configure appropriate NSG rules to allow traffic between the Azure Managed Grafana private endpoint and the Azure SQL VM private IP. Ensure there are no rules blocking internal traffic within the VNet or between peered VNets.
- Ensure private DNS resolution is properly configured. This might require linking a Private DNS Zone to the VNet that resolves the private IP address of the Azure SQL VM. If necessary, configure the DNS settings in Azure Managed Grafana to resolve the SQL VM’s private IP address.
- Update the firewall rules of your SQL VM to allow traffic from the private IP of the Azure Managed Grafana or the virtual network range.
- Ensure the authentication method (ex: Managed Identity, SQL auth) is supported for connections over private endpoints.
By following these steps, you can maintain both resources on private networks without needing to expose them to the public internet while still allowing Azure Managed Grafana to access and display data from your SQL VM.
Please 'Upvote'(Thumbs-up) and 'Accept' as an answer if the reply was helpful. This will benefit other community members who face the same issue.