From c45cdaa506af2093ae06e462e0ed3e234ca7fd1e Mon Sep 17 00:00:00 2001 From: Hiroshi Yoshioka <40815708+hyoshioka0128@users.noreply.github.com> Date: Wed, 18 Sep 2024 00:07:11 +0900 Subject: [PATCH 1/2] =?UTF-8?q?Update=20concepts-networking-private-link.m?= =?UTF-8?q?d=20Typo=20("flexible=20server"=E2=86=92"Flexible=20Server")?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://github.com/MicrosoftDocs/azure-databases-docs/blob/main/articles/mysql/flexible-server/concepts-networking-private-link.md #PingMSFTDocs --- .../concepts-networking-private-link.md | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/articles/mysql/flexible-server/concepts-networking-private-link.md b/articles/mysql/flexible-server/concepts-networking-private-link.md index 4ce33622d6..ee3786e70b 100644 --- a/articles/mysql/flexible-server/concepts-networking-private-link.md +++ b/articles/mysql/flexible-server/concepts-networking-private-link.md @@ -14,18 +14,18 @@ ms.topic: conceptual [!INCLUDE[applies-to-mysql-flexible-server](../includes/applies-to-mysql-flexible-server.md)] -Private Link allows you to connect to various PaaS services, such as Azure Database for MySQL flexible server, in Azure via a private endpoint. Azure Private Link essentially brings Azure services inside your private Virtual Network (VNet). Using the private IP address, the MySQL flexible server is accessible just like any other resource within the VNet. +Private Link allows you to connect to various PaaS services, such as Azure Database for MySQL Flexible Server, in Azure via a private endpoint. Azure Private Link essentially brings Azure services inside your private Virtual Network (VNet). Using the private IP address, the MySQL Flexible Server is accessible just like any other resource within the VNet. A private endpoint is a private IP address within a specific [VNet](/azure/virtual-network/virtual-networks-overview) and Subnet. > [!NOTE] -> - Enabling Private Link is exclusively possible for Azure Database for MySQL flexible server instances that are created with public access. Learn how to enable private endpoint using the [Azure portal](how-to-networking-private-link-portal.md) or [Azure CLI](how-to-networking-private-link-azure-cli.md). -## Benefits of Private Link for MySQL flexible server -> Here are some benefits for using the networking private link feature with Azure Database for MySQL flexible server. +> - Enabling Private Link is exclusively possible for Azure Database for MySQL Flexible Server instances that are created with public access. Learn how to enable private endpoint using the [Azure portal](how-to-networking-private-link-portal.md) or [Azure CLI](how-to-networking-private-link-azure-cli.md). +## Benefits of Private Link for MySQL Flexible Server +> Here are some benefits for using the networking private link feature with Azure Database for MySQL Flexible Server. ### Data exfiltration prevention -Data exfiltration in Azure Database for MySQL flexible server is when an authorized user, such as a database admin, can extract data from one system and move it to another location or system outside the organization. For example, the user moves the data to a storage account owned by a third party. +Data exfiltration in Azure Database for MySQL Flexible Server is when an authorized user, such as a database admin, can extract data from one system and move it to another location or system outside the organization. For example, the user moves the data to a storage account owned by a third party. With Private Link, you can now set up network access controls like NSGs to restrict access to the private endpoint. By mapping individual Azure PaaS resources to specific private endpoints, access is limited solely to the designated PaaS resource. This effectively restricts a malicious user from accessing any other resource beyond their authorized scope. @@ -36,10 +36,10 @@ When you connect to the public endpoint from on-premises machines, your IP addre With Private Link, you can enable cross-premises access to the private endpoint using [Express Route](https://azure.microsoft.com/services/expressroute/) (ER), private peering, or [VPN tunnel](/azure/vpn-gateway/). They can then disable all access via public endpoint and not use the IP-based firewall. > [!NOTE] -> In some cases, the Azure Database for MySQL flexible server instance and the VNet-subnet are in different subscriptions. In these cases, you must ensure the following configurations: +> In some cases, the Azure Database for MySQL Flexible Server instance and the VNet-subnet are in different subscriptions. In these cases, you must ensure the following configurations: > - Make sure that both subscriptions have the **Microsoft.DBforMySQL/flexibleServers** resource provider registered. For more information refer [resource-manager-registration](/azure/azure-resource-manager/management/resource-providers-and-types). -## Use cases of Private Link for Azure Database for MySQL flexible server +## Use cases of Private Link for Azure Database for MySQL Flexible Server Clients can connect to the private endpoint from the same VNet, peered VNet in the same region or across regions, or via VNet-to-VNet connection across regions. Additionally, clients can connect from on-premises using ExpressRoute, private peering, or VPN tunneling. Below is a simplified diagram showing the common use cases. @@ -51,11 +51,11 @@ Configure [VNet peering](/azure/virtual-network/tutorial-connect-virtual-network ### Connect from an Azure VM in a VNet-to-VNet environment -Configure [VNet-to-VNet VPN gateway connection](/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal) to establish connectivity to an Azure Database for MySQL flexible server instance from an Azure VM in a different region or subscription. +Configure [VNet-to-VNet VPN gateway connection](/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal) to establish connectivity to an Azure Database for MySQL Flexible Server instance from an Azure VM in a different region or subscription. ### Connect from an on-premises environment over VPN -To establish connectivity from an on-premises environment to the Azure Database for MySQL flexible server instance, choose and implement one of the options: +To establish connectivity from an on-premises environment to the Azure Database for MySQL Flexible Server instance, choose and implement one of the options: - [Point-to-Site connection](/azure/vpn-gateway/vpn-gateway-howto-point-to-site-rm-ps) - [Site-to-Site VPN connection](/azure/vpn-gateway/vpn-gateway-create-site-to-site-rm-powershell) @@ -65,35 +65,35 @@ To establish connectivity from an on-premises environment to the Azure Database Combining Private Link with firewall rules can result in several scenarios and outcomes: -- The Azure Database for MySQL flexible server instance is inaccessible without firewall rules or a private endpoint. The server becomes inaccessible if all approved private endpoints are deleted or rejected and no public access is configured. +- The Azure Database for MySQL Flexible Server instance is inaccessible without firewall rules or a private endpoint. The server becomes inaccessible if all approved private endpoints are deleted or rejected and no public access is configured. -- Private endpoints are the only means of accessing the Azure Database for MySQL flexible server instance when public traffic is disallowed. +- Private endpoints are the only means of accessing the Azure Database for MySQL Flexible Server instance when public traffic is disallowed. - Different forms of incoming traffic are authorized based on appropriate firewall rules when public access is enabled with private endpoints. ## Deny public access -You can disable public access on your Azure Database for MySQL flexible server instance if you prefer to rely solely on private endpoints for access. +You can disable public access on your Azure Database for MySQL Flexible Server instance if you prefer to rely solely on private endpoints for access. :::image type="content" source="media/concepts-networking-private-link/screenshot-of-public-access-checkbox-mysql.png" alt-text="Screenshot of public access checkbox."::: Clients can connect to the server based on the firewall configuration when this setting is enabled. If this setting is disabled, only connections through private endpoints are allowed, and users can't modify the firewall rules. > [!NOTE] -> This setting does not impact the SSL and TLS configurations for your Azure Database for MySQL flexible server instance. +> This setting does not impact the SSL and TLS configurations for your Azure Database for MySQL Flexible Server instance. -To learn how to set the **Deny Public Network Access** for your Azure Database for MySQL flexible server instance from the Azure portal, refer to [Deny Public Network Access using the Azure portal](how-to-networking-private-link-deny-public-access.md). +To learn how to set the **Deny Public Network Access** for your Azure Database for MySQL Flexible Server instance from the Azure portal, refer to [Deny Public Network Access using the Azure portal](how-to-networking-private-link-deny-public-access.md). ## Limitation -When a user tries to delete both the Azure Database for MySQL flexible server instance and Private Endpoint simultaneously, they may encounter an Internal Server error. To avoid this issue, we recommend deleting the Private Endpoint(s) first and then proceeding to delete the Azure Database for MySQL flexible server instance after a short pause. +When a user tries to delete both the Azure Database for MySQL Flexible Server instance and Private Endpoint simultaneously, they may encounter an Internal Server error. To avoid this issue, we recommend deleting the Private Endpoint(s) first and then proceeding to delete the Azure Database for MySQL Flexible Server instance after a short pause. ## Next steps -To learn more about Azure Database for MySQL flexible server security features, see the following articles: +To learn more about Azure Database for MySQL Flexible Server security features, see the following articles: -- To configure a firewall for Azure Database for MySQL flexible server, see [firewall support](concepts-networking-public.md) +- To configure a firewall for Azure Database for MySQL Flexible Server, see [firewall support](concepts-networking-public.md) -- For an overview of Azure Database for MySQL flexible server connectivity, see [Azure Database for MySQL Connectivity Architecture](concepts-networking.md) +- For an overview of Azure Database for MySQL Flexible Server connectivity, see [Azure Database for MySQL Connectivity Architecture](concepts-networking.md) From ed5400a24692fa346509bec254b798539ce5d48a Mon Sep 17 00:00:00 2001 From: Diana Richards <103777760+v-dirichards@users.noreply.github.com> Date: Wed, 29 Jan 2025 16:35:54 -0600 Subject: [PATCH 2/2] capitalizing Flexible Server --- .../mysql/flexible-server/concepts-networking-private-link.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/articles/mysql/flexible-server/concepts-networking-private-link.md b/articles/mysql/flexible-server/concepts-networking-private-link.md index 97572c5e3b..b15218eefa 100644 --- a/articles/mysql/flexible-server/concepts-networking-private-link.md +++ b/articles/mysql/flexible-server/concepts-networking-private-link.md @@ -13,7 +13,7 @@ ms.topic: conceptual # Private Link for Azure Database for MySQL - Flexible Server -Private Link allows you to connect to various PaaS services, such as Azure Database for MySQL Flexible Server, in Azure via a private endpoint. Azure Private Link essentially brings Azure services inside your private Virtual Network (VNet). Using the private IP address, the MySQL flexible server is accessible just like any other resource within the VNet. +Private Link allows you to connect to various PaaS services, such as Azure Database for MySQL Flexible Server, in Azure via a private endpoint. Azure Private Link essentially brings Azure services inside your private Virtual Network (VNet). Using the private IP address, the MySQL Flexible Server is accessible just like any other resource within the VNet. A private endpoint is a private IP address within a specific [VNet](/azure/virtual-network/virtual-networks-overview) and Subnet.