您現在訪問的是微軟AZURE全球版技術文檔網站，若需要訪問由世紀互聯運營的MICROSOFT AZURE中國區技術文檔網站，請訪問 https://docs.azure.cn.

使用 Azure 門戶創建和管理 Azure Database for MySQL VNet 服務終結點和 VNet 規則Create and manage Azure Database for MySQL VNet service endpoints and VNet rules by using the Azure portal

3/18/2020

本文內容

虛擬網絡 (VNet) 服務終結點和規則將虛擬網絡的專用地址空間擴展到 Azure Database for MySQL 服務器。Virtual Network (VNet) services endpoints and rules extend the private address space of a Virtual Network to your Azure Database for MySQL server. 若要概覽 Azure Database for MySQL VNet 服務終結點(包括限制)，請參閱 Azure Database for MySQL 服務器 VNet 服務終結點。For an overview of Azure Database for MySQL VNet service endpoints, including limitations, see Azure Database for MySQL Server VNet service endpoints. 在 Azure Database for MySQL 的所有支持區域中，VNet 服務終結點均可用。VNet service endpoints are available in all supported regions for Azure Database for MySQL.

備注

只有常規用途和內存優化服務器才支持 VNet 服務終結點。Support for VNet service endpoints is only for General Purpose and Memory Optimized servers.

在 VNet 對等互連的情況下，如果流量通過具有服務終結點的公共 VNet 網關流動，并且應該流向對等機，請創建 ACL/VNet 規則，以便網關 VNet 中的 Azure 虛擬機能夠訪問 Azure Database for MySQL 服務器。In case of VNet peering, if traffic is flowing through a common VNet Gateway with service endpoints and is supposed to flow to the peer, please create an ACL/VNet rule to allow Azure Virtual Machines in the Gateway VNet to access the Azure Database for MySQL server.

在 Azure 門戶中創建 VNet 規則和啟用服務終結點Create a VNet rule and enable service endpoints in the Azure portal

在 MySQL 服務器頁面上的“設置”標題下，單擊“連接安全性” ，以打開 Azure Database for MySQL 的“連接安全性”窗格。On the MySQL server page, under the Settings heading, click Connection Security to open the Connection Security pane for Azure Database for MySQL.

確保將“允許訪問 Azure 服務”控件設置為“關閉”。Ensure that the Allow access to Azure services control is set to OFF .

重要

如果將此控件設置為“啟用”，則 Azure MySQL 數據庫服務器接受來自任何子網的通信。If you leave the control set to ON, your Azure MySQL Database server accepts communication from any subnet. 從安全角度來看，將此控件設置為“啟用”可能會導致過度訪問。Leaving the control set to ON might be excessive access from a security point of view. "Microsoft Azure 虛擬網絡服務終結點" 功能與 Azure Database for MySQL 的虛擬網絡規則功能一起，共同降低了安全面。The Microsoft Azure Virtual Network service endpoint feature, in coordination with the virtual network rule feature of Azure Database for MySQL, together can reduce your security surface area.

接下來，單擊“+ 添加現有虛擬網絡” 。Next, click on + Adding existing virtual network . 若無現有 VNet，可以單擊“+ 新建虛擬網絡” 來創建一個。If you do not have an existing VNet you can click + Create new virtual network to create one.

輸入 VNet 規則名稱，選擇訂閱、虛擬網絡和子網名稱，再單擊“啟用” 。Enter a VNet rule name, select the subscription, Virtual network and Subnet name and then click Enable . 這會使用 Microsoft.SQL 服務標記自動對子網啟用 VNet 服務終結點。This automatically enables VNet service endpoints on the subnet using the Microsoft.SQL service tag.

該帳戶必須擁有創建虛擬網絡和服務終結點所需的必要權限。The account must have the necessary permissions to create a virtual network and service endpoint.

對虛擬網絡擁有寫入訪問權限的用戶可在虛擬網絡上單獨配置服務終結點。Service endpoints can be configured on virtual networks independently, by a user with write access to the virtual network.

若要在 VNet 中保護 Azure 服務資源，用戶必須對所添加的子網擁有“Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/”權限。To secure Azure service resources to a VNet, the user must have permission to "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/" for the subnets being added. 此權限默認包含在內置的服務管理員角色中，可以通過創建自定義角色進行修改。This permission is included in the built-in service administrator roles, by default and can be modified by creating custom roles.

詳細了解內置角色以及將特定的權限分配到自定義角色。Learn more about built-in roles and assigning specific permissions to custom roles.

VNet 和 Azure 服務資源可以位于相同或不同的訂閱中。VNets and Azure service resources can be in the same or different subscriptions. 如果 VNet 和 Azure 服務資源位于不同的訂閱中，資源應在相同的 Active Directory (AD) 租戶下。If the VNet and Azure service resources are in different subscriptions, the resources should be under the same Active Directory (AD) tenant. 確保兩個訂閱都注冊了 Microsoft.Sql 資源提供程序。Ensure that both the subscriptions have the Microsoft.Sql resource provider registered. 有關詳細信息，請參閱資源管理器注冊

重要

強烈建議在配置服務終結點前，先閱讀本文介紹的服務終結點配置和注意事項。It is highly recommended to read this article about service endpoint configurations and considerations before configuring service endpoints. 虛擬網絡服務終結點： 虛擬網絡服務終結點是一個子網，其屬性值包括一個或多個正式的 Azure 服務類型名稱。Virtual Network service endpoint: A Virtual Network service endpoint is a subnet whose property values include one or more formal Azure service type names. VNet 服務終結點使用服務類型名稱 Microsoft.Sql，可引用名為“SQL 數據庫”的 Azure 服務。VNet services endpoints use the service type name Microsoft.Sql , which refers to the Azure service named SQL Database. 此服務標記也適用于 Azure SQL 數據庫、Azure Database for PostgreSQL 和 MySQL 服務。This service tag also applies to the Azure SQL Database, Azure Database for PostgreSQL and MySQL services. 請務必要注意，對 VNet 服務終結點應用 Microsoft.Sql 服務標記時，它會為所有 Azure 數據庫服務配置服務終結點流量，其中包括 Azure SQL 數據庫、Azure Database for PostgreSQL 和子網上的 Azure Database for MySQL 服務器。It is important to note when applying the Microsoft.Sql service tag to a VNet service endpoint it configures service endpoint traffic for all Azure Database services, including Azure SQL Database, Azure Database for PostgreSQL and Azure Database for MySQL servers on the subnet.

啟用后，單擊“確定” 即可看到 VNet 服務終結點與 VNet 規則一起啟用。Once enabled, click OK and you will see that VNet service endpoints are enabled along with a VNet rule.

后續步驟Next steps

總結

以上是生活随笔為你收集整理的azure mysql on vnet_管理 VNet 终结点 - Azure 门户 - Azure Database for MySQL | Microsoft Docs的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。