Connecting Azure VM to MySQL Flexible Server: A Step-by-Step Guide

  • By Jeff Githae Apr 11, 2025
Microsoft
Connecting Azure VM to MySQL Flexible Server

As businesses migrate to the cloud, connecting your Azure Virtual Machine to a MySQL Flexible Server is a common requirement. This comprehensive guide will walk you through establishing this connection using the Azure Portal, ensuring your applications can securely communicate with your database.

Prerequisites

Before we begin, make sure you have:

  • An active Azure subscription
  • An Azure Virtual Machine already deployed
  • A MySQL Flexible Server instance already created
Step 1: Configure Network Security in MySQL Flexible Server
  1. Log in to the Azure Portal
  2. Navigate to your MySQL Flexible Server instance
  3. In the left sidebar, select "Networking" under Settings
  4. Under "Firewall rules," you have two options:
    • Allow public access (from selected networks)
    • Allow access from private networks
For Public Access Configuration:
  1. Select "Allow public access from selected networks"
  2. Click "Add current client IP address" or manually add your VM's public IP address
  3. Give the rule a name (e.g., "MyVMAccess")
  4. Click "Save" to apply the changes
For Private Access Configuration (Recommended for Production):
  1. Select "Allow access from private networks"
  2. Under "Private access," click "Configure connection"
  3. Choose the Virtual Network where your VM is located
  4. Select the appropriate subnet
  5. Click "Enable" to create the private endpoint connection
  6. Click "Save" to apply the changes
Step 2: Configure VM Network Security Group (NSG)
  1. Navigate to your Virtual Machine in the Azure Portal
  2. Under "Settings," select "Networking"
  3. Click on the Network Security Group linked to your VM
  4. Select "Inbound security rules"
  5. Click "+ Add" to create a new rule
  6. Configure the rule:
    • Source: Service Tag
    • Source service tag: SQL
    • Source port ranges: *
    • Destination: Any
    • Destination port ranges: 3306 (MySQL default port)
    • Protocol: TCP
    • Action: Allow
    • Priority: Choose a priority number (lower numbers have higher priority)
    • Name: MySQLAccess
  7. Click "Add" to create the rule
Step 3: Install MySQL Client on Your VM
  1. Connect to your VM using SSH (for Linux) or Remote Desktop (for Windows)
  2. Install the MySQL client:

For Ubuntu/Debian:

 

sudo apt update sudo apt install mysql-client

For Red Hat/CentOS:

 

sudo yum install mysql

For Windows: Download and install MySQL Workbench or another MySQL client of your choice.

Step 4: Test the Connection
  1. While connected to your VM, test the connection using the MySQL client:

 

mysql -h [your-mysql-server-name].mysql.database.azure.com -u [username] -p

Replace [your-mysql-server-name] with your actual MySQL server name and [username] with your MySQL username (usually in the format username@servername).

  1. When prompted, enter your MySQL server password
  2. If successful, you'll see the MySQL command prompt:

 

mysql>

Step 5: Configure Your Application to Connect

Update your application's database connection string to point to your MySQL Flexible Server using:

 

Server=[your-mysql-server-name].mysql.database.azure.com;Port=3306;Database=[your-database];User Id=[username];Password=[password];SSL Mode=Required;

Troubleshooting Common Issues
Connection Timeouts

If you're experiencing connection timeouts:

  • Verify the firewall rules are correctly configured
  • Check if the Network Security Group allows traffic on port 3306
  • Ensure your MySQL server is running
Authentication Failures

If you're seeing authentication errors:

  • Double-check your username format (should include the server name: username@servername)
  • Verify your password is correct
  • Ensure the user has appropriate permissions in MySQL
SSL/TLS Issues

By default, Azure MySQL Flexible Server requires SSL connections:

  • Make sure your connection string includes SSL Mode=Required
  • If using command-line tools, you may need to add the --ssl-mode=REQUIRED parameter
Best Practices for Production Environments
  1. Use Private Endpoints: For production workloads, always use private endpoints instead of public access for improved security.
  2. Implement Least Privilege: Create specific database users with only the permissions they need.
  3. Enable Advanced Threat Protection: Consider enabling Azure's advanced threat protection for MySQL.
  4. Regular Backups: Although Azure provides automated backups, consider implementing your own backup strategy for critical data.
  5. Monitoring: Set up alerts for unusual database activity or connection attempts.
Conclusion

Connecting your Azure VM to MySQL Flexible Server provides a secure and scalable database solution for your applications. By following the steps outlined in this guide, you should now have a functioning connection between your Virtual Machine and your MySQL database.

Remember that security is paramount when dealing with database connections. Always follow best practices by using private endpoints where possible and restricting access through proper firewall rules and authentication mechanisms.

Share this Post!

Share icon