Events
Sep 15, 6 AM - Sep 17, 3 PM
The best SQL community-led learning event. Sept 2025. Save €200 with code FABLEARN.
Get registeredThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
Azure Database for MariaDB is on the retirement path. We strongly recommend that you migrate to Azure Database for MySQL. For more information about migrating to Azure Database for MySQL, see What's happening to Azure Database for MariaDB?.
A Private Endpoint is the fundamental building block for private link in Azure. It enables Azure resources, like Virtual Machines (VMs), to communicate privately with private link resources. In this article, you will learn how to use the Azure portal to create a VM in an Azure Virtual Network and an Azure Database for MariaDB server with an Azure private endpoint.
If you don't have an Azure subscription, create a free account before you begin.
Note
The private link feature is only available for Azure Database for MariaDB servers in the General Purpose or Memory Optimized pricing tiers. Ensure the database server is in one of these pricing tiers.
Sign in to the Azure portal.
In this section, you will create virtual network and the subnet to host the VM that is used to access your Private Link resource (a MariaDB server in Azure).
In this section, you will create a Virtual Network and the subnet to host the VM that is used to access your Private Link resource.
On the upper-left side of the screen, select Create a resource > Networking > Virtual network.
In Create virtual network, enter or select this information:
Setting | Value |
---|---|
Name | Enter MyVirtualNetwork. |
Address space | Enter 10.1.0.0/16. |
Subscription | Select your subscription. |
Resource group | Select Create new, enter myResourceGroup, then select OK. |
Location | Select West Europe. |
Subnet - Name | Enter mySubnet. |
Subnet - Address range | Enter 10.1.0.0/24. |
Leave the rest as default and select Create.
On the upper-left side of the screen in the Azure portal, select Create a resource > Compute > Virtual Machine.
In Create a virtual machine - Basics, enter or select this information:
Setting | Value |
---|---|
PROJECT DETAILS | |
Subscription | Select your subscription. |
Resource group | Select myResourceGroup. You created this in the previous section. |
INSTANCE DETAILS | |
Virtual machine name | Enter myVm. |
Region | Select West Europe. |
Availability options | Leave the default No infrastructure redundancy required. |
Image | Select Windows Server 2019 Datacenter. |
Size | Leave the default Standard DS1 v2. |
ADMINISTRATOR ACCOUNT | |
Username | Enter a username of your choosing. |
Password | Enter a password of your choosing. The password must be at least 12 characters long and meet the defined complexity requirements. |
Confirm Password | Reenter password. |
INBOUND PORT RULES | |
Public inbound ports | Leave the default None. |
SAVE MONEY | |
Already have a Windows license? | Leave the default No. |
Select Next: Disks.
In Create a virtual machine - Disks, leave the defaults and select Next: Networking.
In Create a virtual machine - Networking, select this information:
Setting | Value |
---|---|
Virtual network | Leave the default MyVirtualNetwork. |
Address space | Leave the default 10.1.0.0/24. |
Subnet | Leave the default mySubnet (10.1.0.0/24). |
Public IP | Leave the default (new) myVm-ip. |
Public inbound ports | Select Allow selected ports. |
Select inbound ports | Select HTTP and RDP. |
Select Review + create. You're taken to the Review + create page where Azure validates your configuration.
When you see the Validation passed message, select Create.
In this section, you will create an Azure Database for MariaDB server in Azure.
On the upper-left side of the screen in the Azure portal, select Create a resource > Databases > Azure Database for MariaDB.
In Azure Database for MariaDB provide these information:
Setting | Value |
---|---|
Project details | |
Subscription | Select your subscription. |
Resource group | Select myResourceGroup. You created this in the previous section. |
Server details | |
Server name | Enter myserver. If this name is taken, create a unique name. |
Admin username | Enter an administrator name of your choosing. |
Password | Enter a password of your choosing. The password must be at least 8 characters long and meet the defined requirements. |
Location | Select an Azure region where you want to want your MariaDB Server to reside. |
Version | Select the database version of the MariaDB server that is required. |
Compute + Storage | Select the pricing tier that is needed for the server based on the workload. |
Select OK.
Select Review + create. You're taken to the Review + create page where Azure validates your configuration.
When you see the Validation passed message, select Create.
When you see the Validation passed message, select Create.
Note
In some cases the Azure Database for MariaDB and the VNet-subnet are in different subscriptions. In these cases you must ensure the following configurations:
In this section, you will create a private endpoint to the MariaDB server to it.
On the upper-left side of the screen in the Azure portal, select Create a resource > Networking > Private Link.
In Private Link Center - Overview, on the option to Build a private connection to a service, select Start.
In Create a private endpoint - Basics, enter or select this information:
Setting | Value |
---|---|
Project details | |
Subscription | Select your subscription. |
Resource group | Select myResourceGroup. You created this in the previous section. |
Instance Details | |
Name | Enter myPrivateEndpoint. If this name is taken, create a unique name. |
Region | Select West Europe. |
Select Next: Resource.
In Create a private endpoint - Resource, enter or select this information:
Setting | Value |
---|---|
Connection method | Select connect to an Azure resource in my directory. |
Subscription | Select your subscription. |
Resource type | Select Microsoft.DBforMariaDB/servers. |
Resource | Select myServer |
Target sub-resource | Select mariadbServer |
Select Next: Configuration.
Note
To enable virtual network service endpoints, you need a subscription with Network contributor role If your virtual network and Azure database for MariaDB account are in different subscriptions, make sure that the subscription that has virtual network also has Microsoft.DBforMariaDB resource provider registered. To register a resource provider, see Azure resource providers and types article.
In Create a private endpoint - Configuration, enter or select this information:
Setting | Value |
---|---|
NETWORKING | |
Virtual network | Select MyVirtualNetwork. |
Subnet | Select mySubnet. |
PRIVATE DNS INTEGRATION | |
Integrate with private DNS zone | Select Yes. |
Private DNS Zone | Select (New)privatelink.mariadb.database.azure.com |
Note
Use the predefined private DNS zone for your service or provide your preferred DNS zone name. Refer to the Azure services DNS zone configuration for details.
Select Review + create. You're taken to the Review + create page where Azure validates your configuration.
When you see the Validation passed message, select Create.
Note
The FQDN in the customer DNS setting does not resolve to the private IP configured. You will have to setup a DNS zone for the configured FQDN as shown here.
After you've created myVm, connect to it from the internet as follows:
In the portal's search bar, enter myVm.
Select the Connect button. After selecting the Connect button, Connect to virtual machine opens.
Select Download RDP File. Azure creates a Remote Desktop Protocol (.rdp) file and downloads it to your computer.
Open the downloaded.rdp file.
If prompted, select Connect.
Enter the username and password you specified when creating the VM.
Note
You may need to select More choices > Use a different account, to specify the credentials you entered when you created the VM.
Select OK.
You may receive a certificate warning during the sign-in process. If you receive a certificate warning, select Yes or Continue.
Once the VM desktop appears, minimize it to go back to your local desktop.
In the Remote Desktop of myVM, open PowerShell.
Enter nslookup mydemomserver.privatelink.mariadb.database.azure.com
.
You'll receive a message similar to this:
Server: UnKnown
Address: 168.63.129.16
Non-authoritative answer:
Name: mydemoMariaDBserver.privatelink.mariadb.database.azure.com
Address: 10.1.3.4
Test the private link connection for the MariaDB server using any available client. In the example below I have used MySQL Workbench to do the operation.
In New connection, enter or select this information:
Setting | Value |
---|---|
Server type | Select MariaDB. |
Server name | Select mydemoserver.privatelink.mariadb.database.azure.com |
User name | Enter username as username@servername which is provided during the MariaDB server creation. |
Password | Enter a password provided during the MariaDB server creation. |
SSL | Select Required. |
Select Test Connection or OK.
(Optionally) Browse databases from left menu and Create or query information from the MariaDB database
Close the remote desktop connection to myVm.
When you're done using the private endpoint, MariaDB server, and the VM, delete the resource group and all of the resources it contains:
In this how-to, you created a VM on a virtual network, an Azure Database for MariaDB, and a private endpoint for private access. You connected to one VM from the internet and securely communicated to the MariaDB server using Private Link. To learn more about private endpoints, see What is Azure private endpoint.
Events
Sep 15, 6 AM - Sep 17, 3 PM
The best SQL community-led learning event. Sept 2025. Save €200 with code FABLEARN.
Get registeredAsk Learn is an AI assistant that can answer questions, clarify concepts, and define terms using trusted Microsoft documentation.
Please sign in to use Ask Learn.
Sign in