I'm looking for a secure method for our developers to connect to Azure SQL databases without the hassle of managing IPs in the SQL firewall. From what I've researched, it seems that installing WireGuard on a B1S VM would be a cost-effective and relatively easy solution, especially since the Azure VPN Gateway no longer offers the Basic tier.
I've come across some resources that touch on different aspects, but I'm struggling to find a comprehensive guide that covers how to put this all together. As a developer primarily using the Azure portal, I just want to get this operational. If anyone has a good guide or a series of guides that cover the setup, it would be greatly appreciated!
1 Answer
That’s an interesting setup you're considering! Are you thinking of having the developers connect to the VM via a public IP, and then from there, they’d tunnel to the SQL DB, which would accept that public IP in its firewall?
Yes, that’s the idea! Before moving to Azure, we were running SQL on a colocation server and used PuTTY to connect to OpenVPN, which let us tunnel to SQL. I’d seen setups that involved Azure VPN Client leading to a P2S VPN gateway and then connecting to a private endpoint on the SQL server. There's a variation I found with a hub-and-spoke VNET that seemed to complicate things. With the Basic gateway option gone, WireGuard on a VM sounds like a better path.