azure mysql on vnet_管理 VNet 终结点 - Azure 门户 - Azure Database for MySQL | Microsoft Docs
您現(xiàn)在訪問的是微軟AZURE全球版技術(shù)文檔網(wǎng)站,若需要訪問由世紀互聯(lián)運營的MICROSOFT AZURE中國區(qū)技術(shù)文檔網(wǎng)站,請訪問 https://docs.azure.cn.
使用 Azure 門戶創(chuàng)建和管理 Azure Database for MySQL VNet 服務(wù)終結(jié)點和 VNet 規(guī)則Create and manage Azure Database for MySQL VNet service endpoints and VNet rules by using the Azure portal
3/18/2020
本文內(nèi)容
虛擬網(wǎng)絡(luò) (VNet) 服務(wù)終結(jié)點和規(guī)則將虛擬網(wǎng)絡(luò)的專用地址空間擴展到 Azure Database for MySQL 服務(wù)器。Virtual Network (VNet) services endpoints and rules extend the private address space of a Virtual Network to your Azure Database for MySQL server. 若要概覽 Azure Database for MySQL VNet 服務(wù)終結(jié)點(包括限制),請參閱 Azure Database for MySQL 服務(wù)器 VNet 服務(wù)終結(jié)點。For an overview of Azure Database for MySQL VNet service endpoints, including limitations, see Azure Database for MySQL Server VNet service endpoints. 在 Azure Database for MySQL 的所有支持區(qū)域中,VNet 服務(wù)終結(jié)點均可用。VNet service endpoints are available in all supported regions for Azure Database for MySQL.
備注
只有常規(guī)用途和內(nèi)存優(yōu)化服務(wù)器才支持 VNet 服務(wù)終結(jié)點。Support for VNet service endpoints is only for General Purpose and Memory Optimized servers.
在 VNet 對等互連的情況下,如果流量通過具有服務(wù)終結(jié)點的公共 VNet 網(wǎng)關(guān)流動,并且應(yīng)該流向?qū)Φ葯C,請創(chuàng)建 ACL/VNet 規(guī)則,以便網(wǎng)關(guān) VNet 中的 Azure 虛擬機能夠訪問 Azure Database for MySQL 服務(wù)器。In case of VNet peering, if traffic is flowing through a common VNet Gateway with service endpoints and is supposed to flow to the peer, please create an ACL/VNet rule to allow Azure Virtual Machines in the Gateway VNet to access the Azure Database for MySQL server.
在 Azure 門戶中創(chuàng)建 VNet 規(guī)則和啟用服務(wù)終結(jié)點Create a VNet rule and enable service endpoints in the Azure portal
在 MySQL 服務(wù)器頁面上的“設(shè)置”標(biāo)題下,單擊“連接安全性” ,以打開 Azure Database for MySQL 的“連接安全性”窗格。On the MySQL server page, under the Settings heading, click Connection Security to open the Connection Security pane for Azure Database for MySQL.
確保將“允許訪問 Azure 服務(wù)”控件設(shè)置為“關(guān)閉”。Ensure that the Allow access to Azure services control is set to OFF .
重要
如果將此控件設(shè)置為“啟用”,則 Azure MySQL 數(shù)據(jù)庫服務(wù)器接受來自任何子網(wǎng)的通信。If you leave the control set to ON, your Azure MySQL Database server accepts communication from any subnet. 從安全角度來看,將此控件設(shè)置為“啟用”可能會導(dǎo)致過度訪問。Leaving the control set to ON might be excessive access from a security point of view. "Microsoft Azure 虛擬網(wǎng)絡(luò)服務(wù)終結(jié)點" 功能與 Azure Database for MySQL 的虛擬網(wǎng)絡(luò)規(guī)則功能一起,共同降低了安全面。The Microsoft Azure Virtual Network service endpoint feature, in coordination with the virtual network rule feature of Azure Database for MySQL, together can reduce your security surface area.
接下來,單擊“+ 添加現(xiàn)有虛擬網(wǎng)絡(luò)” 。Next, click on + Adding existing virtual network . 若無現(xiàn)有 VNet,可以單擊“+ 新建虛擬網(wǎng)絡(luò)” 來創(chuàng)建一個。If you do not have an existing VNet you can click + Create new virtual network to create one.
輸入 VNet 規(guī)則名稱,選擇訂閱、虛擬網(wǎng)絡(luò)和子網(wǎng)名稱,再單擊“啟用” 。Enter a VNet rule name, select the subscription, Virtual network and Subnet name and then click Enable . 這會使用 Microsoft.SQL 服務(wù)標(biāo)記自動對子網(wǎng)啟用 VNet 服務(wù)終結(jié)點。This automatically enables VNet service endpoints on the subnet using the Microsoft.SQL service tag.
該帳戶必須擁有創(chuàng)建虛擬網(wǎng)絡(luò)和服務(wù)終結(jié)點所需的必要權(quán)限。The account must have the necessary permissions to create a virtual network and service endpoint.
對虛擬網(wǎng)絡(luò)擁有寫入訪問權(quán)限的用戶可在虛擬網(wǎng)絡(luò)上單獨配置服務(wù)終結(jié)點。Service endpoints can be configured on virtual networks independently, by a user with write access to the virtual network.
若要在 VNet 中保護 Azure 服務(wù)資源,用戶必須對所添加的子網(wǎng)擁有“Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/”權(quán)限。To secure Azure service resources to a VNet, the user must have permission to "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/" for the subnets being added. 此權(quán)限默認包含在內(nèi)置的服務(wù)管理員角色中,可以通過創(chuàng)建自定義角色進行修改。This permission is included in the built-in service administrator roles, by default and can be modified by creating custom roles.
詳細了解內(nèi)置角色以及將特定的權(quán)限分配到自定義角色。Learn more about built-in roles and assigning specific permissions to custom roles.
VNet 和 Azure 服務(wù)資源可以位于相同或不同的訂閱中。VNets and Azure service resources can be in the same or different subscriptions. 如果 VNet 和 Azure 服務(wù)資源位于不同的訂閱中,資源應(yīng)在相同的 Active Directory (AD) 租戶下。If the VNet and Azure service resources are in different subscriptions, the resources should be under the same Active Directory (AD) tenant. 確保兩個訂閱都注冊了 Microsoft.Sql 資源提供程序。Ensure that both the subscriptions have the Microsoft.Sql resource provider registered. 有關(guān)詳細信息,請參閱資源管理器注冊
重要
強烈建議在配置服務(wù)終結(jié)點前,先閱讀本文介紹的服務(wù)終結(jié)點配置和注意事項。It is highly recommended to read this article about service endpoint configurations and considerations before configuring service endpoints. 虛擬網(wǎng)絡(luò)服務(wù)終結(jié)點: 虛擬網(wǎng)絡(luò)服務(wù)終結(jié)點是一個子網(wǎng),其屬性值包括一個或多個正式的 Azure 服務(wù)類型名稱。Virtual Network service endpoint: A Virtual Network service endpoint is a subnet whose property values include one or more formal Azure service type names. VNet 服務(wù)終結(jié)點使用服務(wù)類型名稱 Microsoft.Sql,可引用名為“SQL 數(shù)據(jù)庫”的 Azure 服務(wù)。VNet services endpoints use the service type name Microsoft.Sql , which refers to the Azure service named SQL Database. 此服務(wù)標(biāo)記也適用于 Azure SQL 數(shù)據(jù)庫、Azure Database for PostgreSQL 和 MySQL 服務(wù)。This service tag also applies to the Azure SQL Database, Azure Database for PostgreSQL and MySQL services. 請務(wù)必要注意,對 VNet 服務(wù)終結(jié)點應(yīng)用 Microsoft.Sql 服務(wù)標(biāo)記時,它會為所有 Azure 數(shù)據(jù)庫服務(wù)配置服務(wù)終結(jié)點流量,其中包括 Azure SQL 數(shù)據(jù)庫、Azure Database for PostgreSQL 和子網(wǎng)上的 Azure Database for MySQL 服務(wù)器。It is important to note when applying the Microsoft.Sql service tag to a VNet service endpoint it configures service endpoint traffic for all Azure Database services, including Azure SQL Database, Azure Database for PostgreSQL and Azure Database for MySQL servers on the subnet.
啟用后,單擊“確定” 即可看到 VNet 服務(wù)終結(jié)點與 VNet 規(guī)則一起啟用。Once enabled, click OK and you will see that VNet service endpoints are enabled along with a VNet rule.
后續(xù)步驟Next steps
總結(jié)
以上是生活随笔為你收集整理的azure mysql on vnet_管理 VNet 终结点 - Azure 门户 - Azure Database for MySQL | Microsoft Docs的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: AndroidJava try-catc
- 下一篇: python send 案例_pytho