使用门户创建和管理用于 Azure Database for MySQL 的专用链接Create and manage Private Link for Azure Database for MySQL using Portal

专用终结点是 Azure 中专用链接的构建基块。A Private Endpoint is the fundamental building block for private link in Azure. 它使 Azure 资源(例如虚拟机 (VM))能够以私密方式来与专用链接资源通信。It enables Azure resources, like Virtual Machines (VMs), to communicate privately with private link resources. 本文介绍如何使用 Azure 门户在 Azure 虚拟网络和带有 Azure 专用终结点的 Azure Database for MySQL 服务器中创建 VM。In this article, you will learn how to use the Azure portal to create a VM in an Azure Virtual Network and an Azure Database for MySQL server with an Azure private endpoint.

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a trial account before you begin.

备注

专用链接功能仅适用于“常规用途”或“内存优化”定价层中的 Azure Database for MySQL 服务器。The private link feature is only available for Azure Database for MySQL servers in the General Purpose or Memory Optimized pricing tiers. 请确保数据库服务器位于其中一个定价层中。Ensure the database server is in one of these pricing tiers.

登录 AzureSign in to Azure

登录 Azure 门户Sign in to the Azure portal.

创建 Azure VMCreate an Azure VM

在本部分,你将创建虚拟网络和子网来托管用于访问专用链接资源(Azure 中的 MySQL 服务器)的 VM。In this section, you will create virtual network and the subnet to host the VM that is used to access your Private Link resource (a MySQL server in Azure).

创建虚拟网络Create the virtual network

在本部分,你将创建虚拟网络和子网来托管用于访问专用链接资源的 VM。In this section, you will create a Virtual Network and the subnet to host the VM that is used to access your Private Link resource.

  1. 在屏幕的左上方,选择“创建资源” > “网络” > “虚拟网络” 。On the upper-left side of the screen, select Create a resource > Networking > Virtual network.

  2. 在“创建虚拟网络”中,输入或选择以下信息:In Create virtual network, enter or select this information:

    设置Setting Value
    名称Name 输入 MyVirtualNetworkEnter MyVirtualNetwork.
    地址空间Address space 输入 10.1.0.0/16。Enter 10.1.0.0/16.
    订阅Subscription 选择订阅。Select your subscription.
    资源组Resource group 选择“新建”,输入 myResourceGroup,然后选择“确定”。Select Create new, enter myResourceGroup, then select OK.
    位置Location 选择“中国东部 2”。Select China East 2.
    子网 - 名称Subnet - Name 输入 mySubnetEnter mySubnet.
    子网 - 地址范围Subnet - Address range 输入 10.1.0.0/24。Enter 10.1.0.0/24.
  3. 将其余的设置保留默认值,然后选择“创建”。Leave the rest as default and select Create.

创建虚拟机Create Virtual Machine

  1. 在 Azure 门户屏幕的左上方,选择“创建资源” > “计算” > “虚拟机”。 On the upper-left side of the screen in the Azure portal, select Create a resource > Compute > Virtual Machine.

  2. 在“创建虚拟机 - 基本信息”中,输入或选择以下信息:In Create a virtual machine - Basics, enter or select this information:

    设置Setting Value
    项目详细信息PROJECT DETAILS
    订阅Subscription 选择订阅。Select your subscription.
    资源组Resource group 选择“myResourceGroup”。Select myResourceGroup. 已在上一部分创建此内容。You created this in the previous section.
    实例详细信息INSTANCE DETAILS
    虚拟机名称Virtual machine name 输入 myVmEnter myVm.
    区域Region 选择“中国东部 2”。Select China East 2.
    可用性选项Availability options 保留默认值“不需要基础结构冗余”。Leave the default No infrastructure redundancy required.
    映像Image 选择“Windows Server 2019 Datacenter”。Select Windows Server 2019 Datacenter.
    大小Size 保留默认值“标准 DS1 v2”。Leave the default Standard DS1 v2.
    管理员帐户ADMINISTRATOR ACCOUNT
    用户名Username 输入所选用户名。Enter a username of your choosing.
    密码Password 输入所选密码。Enter a password of your choosing. 密码必须至少 12 个字符长,且符合定义的复杂性要求The password must be at least 12 characters long and meet the defined complexity requirements.
    确认密码Confirm Password 重新输入密码。Reenter password.
    入站端口规则INBOUND PORT RULES
    公共入站端口Public inbound ports 保留默认值“无”。Leave the default None.
    节省资金SAVE MONEY
    已有 Windows 许可证?Already have a Windows license? 保留默认值“否”。Leave the default No.
  3. 在完成时选择“下一步:磁盘”Select Next: Disks.

  4. 在“创建虚拟机 - 磁盘”中保留默认值,然后选择“下一步: 网络”In Create a virtual machine - Disks, leave the defaults and select Next: Networking.

  5. 在“创建虚拟机 - 基本信息”中,选择以下信息:In Create a virtual machine - Networking, select this information:

    设置Setting Value
    虚拟网络Virtual network 保留默认值“MyVirtualNetwork”。Leave the default MyVirtualNetwork.
    地址空间Address space 保留默认值“10.1.0.0/24”。Leave the default 10.1.0.0/24.
    子网Subnet 保留默认值“mySubnet (10.1.0.0/24)”。Leave the default mySubnet (10.1.0.0/24).
    公共 IPPublic IP 保留默认值“(new) myVm-ip”。Leave the default (new) myVm-ip.
    公共入站端口Public inbound ports 选择“允许所选端口” 。Select Allow selected ports.
    选择入站端口Select inbound ports 选择“HTTP”和“RDP”。 Select HTTP and RDP.
  6. 选择“查看 + 创建”。Select Review + create. 随后你会转到“查看 + 创建”页,Azure 将在此页面验证配置。You're taken to the Review + create page where Azure validates your configuration.

  7. 看到“验证通过”消息时,选择“创建” 。When you see the Validation passed message, select Create.

创建 Azure Database for MySQLCreate an Azure Database for MySQL

在本部分,你将在 Azure 中创建一个 Azure Database for MySQL 服务器。In this section, you will create an Azure Database for MySQL server in Azure.

  1. 在 Azure 门户中的屏幕的左上方,选择“创建资源” > “数据库” > “Azure Database for MySQL” 。On the upper-left side of the screen in the Azure portal, select Create a resource > Databases > Azure Database for MySQL.

  2. 在“Azure Database for MySQL”中,提供以下信息:In Azure Database for MySQL provide these information:

    设置Setting Value
    项目详细信息Project details
    订阅Subscription 选择订阅。Select your subscription.
    资源组Resource group 选择“myResourceGroup”。Select myResourceGroup. 已在上一部分创建此内容。You created this in the previous section.
    服务器详细信息Server details
    服务器名称Server name 输入“myServer”。Enter myServer. 如果此名称已被使用,请创建唯一的名称。If this name is taken, create a unique name.
    管理员用户名Admin username 输入所选的管理员名称。Enter an administrator name of your choosing.
    密码Password 输入所选密码。Enter a password of your choosing. 密码长度必须至少为 8 个字符,且符合定义的要求。The password must be at least 8 characters long and meet the defined requirements.
    位置Location 选择要让 MySQL 服务器驻留在其中的 Azure 区域。Select an Azure region where you want to want your MySQL Server to reside.
    版本Version 选择所需的 MySQL 服务器的数据库版本。Select the database version of the MySQL server that is required.
    计算 + 存储Compute + Storage 根据工作负载选择服务器所需的定价层。Select the pricing tier that is needed for the server based on the workload.
  3. 选择“确定” 。Select OK.

  4. 选择“查看 + 创建”。Select Review + create. 随后你会转到“查看 + 创建”页,Azure 将在此页面验证配置。You're taken to the Review + create page where Azure validates your configuration.

  5. 当看到 验证通过的 消息时,选择“创建”。When you see the Validation passed message, select Create.

  6. 看到“验证通过”消息时选择“创建”。When you see the Validation passed message, select Create.

备注

在某些情况下,Azure Database for MySQL 和 VNet 子网位于不同的订阅中。In some cases the Azure Database for MySQL and the VNet-subnet are in different subscriptions. 在这些情况下,必须确保以下配置:In these cases you must ensure the following configurations:

  • 确保两个订阅都注册了 Microsoft.DBforMySQL 资源提供程序。Make sure that both the subscription has the Microsoft.DBforMySQL resource provider registered. 有关详细信息,请参阅资源管理器注册For more information refer resource-manager-registration

创建专用终结点Create a private endpoint

在本部分,你将创建一个 MySQL 服务器并在其中添加专用终结点。In this section, you will create a MySQL server and add a private endpoint to it.

  1. 在 Azure 门户中的屏幕的左上方,选择“创建资源” > “网络” > “专用链接” 。On the upper-left side of the screen in the Azure portal, select Create a resource > Networking > Private Link.

  2. 在“专用链接中心 - 概述”中的“与服务建立专用连接”选项的旁边,选择“启动”。 In Private Link Center - Overview, on the option to Build a private connection to a service, select Start.

    专用链接概述

  3. 在“创建专用终结点 - 基本信息”中,输入或选择以下信息:In Create a private endpoint - Basics, enter or select this information:

    设置Setting Value
    项目详细信息Project details
    订阅Subscription 选择订阅。Select your subscription.
    资源组Resource group 选择“myResourceGroup”。Select myResourceGroup. 已在上一部分创建此内容。You created this in the previous section.
    实例详细信息Instance Details
    名称Name 输入“myPrivateEndpoint”。Enter myPrivateEndpoint. 如果此名称已被使用,请创建唯一的名称。If this name is taken, create a unique name.
    区域Region 选择“中国东部 2”。Select China East 2.
  4. 在完成时选择“下一步:资源”。Select Next: Resource.

  5. 在“创建专用终结点 - 资源”中,输入或选择以下信息:In Create a private endpoint - Resource, enter or select this information:

    设置Setting Value
    连接方法Connection method 选择“连接到我的目录中的 Azure 资源”。Select connect to an Azure resource in my directory.
    订阅Subscription 选择订阅。Select your subscription.
    资源类型Resource type 选择“Microsoft.DBforMySQL/servers”。Select Microsoft.DBforMySQL/servers.
    资源Resource 选择“myServer”Select myServer
    目标子资源Target sub-resource 选择“mysqlServer”Select mysqlServer
  6. 在完成时选择“下一步:配置”。Select Next: Configuration.

  7. 在“创建专用终结点 - 配置”中,输入或选择以下信息:In Create a private endpoint - Configuration, enter or select this information:

    设置Setting Value
    网络NETWORKING
    虚拟网络Virtual network 选择“MyVirtualNetwork”。Select MyVirtualNetwork.
    子网Subnet 选择“mySubnet”。Select mySubnet.
    专用 DNS 集成PRIVATE DNS INTEGRATION
    与专用 DNS 区域集成Integrate with private DNS zone 请选择“是”。Select Yes.
    专用 DNS 区域Private DNS Zone 选择“(New)privatelink.mysql.database.chinacloudapi.cn”Select (New)privatelink.mysql.database.chinacloudapi.cn

    备注

    为服务使用预定义的专用 DNS 区域,或提供首选的 DNS 区域名称。Use the predefined private DNS zone for your service or provide your preferred DNS zone name.

  8. 选择“查看 + 创建” 。Select Review + create. 随后你会转到“查看 + 创建”页,Azure 将在此页面验证配置。You're taken to the Review + create page where Azure validates your configuration.

  9. 看到“验证通过”消息时,选择“创建” 。When you see the Validation passed message, select Create.

    创建的专用链接

    备注

    客户 DNS 设置中的 FQDN 未解析为已配置的专用 IP。The FQDN in the customer DNS setting does not resolve to the private IP configured. 你必须为已配置的 FQDN 设置一个 DNS 区域,如此处所示。You will have to setup a DNS zone for the configured FQDN as shown here.

使用远程桌面 (RDP) 连接到 VMConnect to a VM using Remote Desktop (RDP)

创建 myVm 后,按如下所述从 Internet 连接到该 VM:After you've created myVm, connect to it from the internet as follows:

  1. 在门户的搜索栏中,输入 myVmIn the portal's search bar, enter myVm.

  2. 选择“连接”按钮。Select the Connect button. 选择“连接”按钮后,“连接到虚拟机”随即打开 。After selecting the Connect button, Connect to virtual machine opens.

  3. 选择“下载 RDP 文件”。Select Download RDP File. Azure 会创建远程桌面协议 ( .rdp) 文件,并将其下载到计算机。Azure creates a Remote Desktop Protocol (.rdp) file and downloads it to your computer.

  4. 打开 downloaded.rdp 文件。Open the downloaded.rdp file.

    1. 出现提示时,选择“连接”。If prompted, select Connect.

    2. 输入在创建 VM 时指定的用户名和密码。Enter the username and password you specified when creating the VM.

      备注

      可能需要选择“更多选择” > “使用其他帐户”,以指定在创建 VM 时输入的凭据 。You may need to select More choices > Use a different account, to specify the credentials you entered when you created the VM.

  5. 选择“确定” 。Select OK.

  6. 你可能会在登录过程中收到证书警告。You may receive a certificate warning during the sign-in process. 如果收到证书警告,请选择“确定”或“继续” 。If you receive a certificate warning, select Yes or Continue.

  7. VM 桌面出现后,将其最小化以返回到本地桌面。Once the VM desktop appears, minimize it to go back to your local desktop.

以私密方式从 VM 访问 MySQL 服务器Access the MySQL server privately from the VM

  1. myVM 的远程桌面中,打开 PowerShell。In the Remote Desktop of myVM, open PowerShell.

  2. 输入  nslookup myServer.privatelink.mysql.database.chinacloudapi.cnEnter nslookup myServer.privatelink.mysql.database.chinacloudapi.cn.

    将收到类似于下面的消息:You'll receive a message similar to this:

    Server:  UnKnown
    Address:  168.63.129.16
    Non-authoritative answer:
    Name:    myServer.privatelink.mysql.database.chinacloudapi.cn
    Address:  10.1.3.4
    

    备注

    如果在 Azure Database for MySQL 单一服务器的防火墙设置中禁用了公共访问。If public access is disabled in the firewall settings in Azure Database for MySQL - Single Server. 无论防火墙设置如何,这些 ping 和 telnet 测试都将成功。These ping and telnet tests will succeed regardless of the firewall settings. 这些测试将确保网络连接。Those tests will ensure the network connectivity.

  3. 使用任何可用的客户端测试 MySQL 服务器的专用链接连接。Test the private link connection for the MySQL server using any available client. 在下面的示例中,我使用了 MySQL Workbench 来执行该操作。In the example below I have used MySQL Workbench to do the operation.

  4. 在“新建连接”中,输入或选择以下信息:In New connection, enter or select this information:

    设置Setting Value
    服务器类型Server type 选择“MySQL”。Select MySQL.
    服务器名称Server name 选择“myServer.privatelink.mysql.database.chinacloudapi.cn”Select myServer.privatelink.mysql.database.chinacloudapi.cn
    用户名User name 以 username@servername 形式输入用户名(在创建 MySQL 服务器期间提供)。Enter username as username@servername which is provided during the MySQL server creation.
    密码Password 输入创建 MySQL 服务器期间提供的密码。Enter a password provided during the MySQL server creation.
    SSLSSL 选择“必需”。Select Required.
  5. 选择“连接”。Select Connect.

  6. 浏览左侧菜单中的数据库。Browse databases from left menu.

  7. (可选)创建或查询 MySQL 服务器中的信息。(Optionally) Create or query information from the MySQL server.

  8. 关闭与 myVm 的远程桌面连接。Close the remote desktop connection to myVm.

清理资源Clean up resources

用完专用终结点、MySQL 服务器和 VM 之后,请删除资源组及其包含的所有资源:When you're done using the private endpoint, MySQL server, and the VM, delete the resource group and all of the resources it contains:

  1. 在门户顶部的“搜索”框中输入“myResourceGroup”,并从搜索结果中选择“myResourceGroup”。Enter myResourceGroup in the Search box at the top of the portal and select myResourceGroup from the search results.
  2. 选择“删除资源组”。Select Delete resource group.
  3. 对于“键入资源组名称”,请输入“myResourceGroup”,然后选择“删除” 。Enter myResourceGroup for TYPE THE RESOURCE GROUP NAME and select Delete.