Azure Managed Grafana doesn't currently support connections to private networks ?

Ashish Dadhich 56 Reputation points
2024-04-08T13:53:14.3066667+00:00

Going through https://video2.skills-academy.com/en-us/azure/managed-grafana/troubleshoot-managed-grafana#solution-review-network-settings-and-ip-address , mentioned "Azure Managed Grafana doesn't currently support connections to private networks"

It's a blocker for us as we are trying to connect to data source "Azure Database for PostgreSQL flexible server" that is configured with Vnet Integration (https://video2.skills-academy.com/en-us/azure/postgresql/flexible-server/concepts-networking-private-link)

Is there any way to fix this? or feature request to support that.

Azure Managed Grafana
Azure Managed Grafana
An Azure service used to deploy Grafana dashboards for analytics and monitoring solutions.
88 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sander van de Velde | MVP 30,711 Reputation points MVP
    2024-04-08T14:50:26.4766667+00:00

    Hello @Ashish Dadhich,

    welcome to this moderated Azure community forum.

    Please double check the documentation.

    you'll learn how to disable public access to your Azure Managed Grafana workspace and set up private endpoints. Setting up private endpoints in Azure Managed Grafana increases security by limiting incoming traffic only to specific network.

    Notice this is a feature of the Azure Managed Grafana instance in the Standard tier.

    So it seems to be possible to work with VNET integration.

    Please check that documentation and follow the steps.

    If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. All community members with similar issues will benefit by doing so. Your contribution is highly appreciated.

  2. Monalla-MSFT 12,761 Reputation points
    2024-04-09T15:44:05.29+00:00

    @Ashish Dadhich - Thanks for reaching out to us.

    On top of what Sander has suggested, I would like to add few points to provide more context from our engineering team.

    Our Product team has just added functionality to connect privately using Managed Private Endpoints on AMG (https://video2.skills-academy.com/en-us/azure/managed-grafana/how-to-connect-to-data-source-privately) to PostgreSQL, it’s being rolled out right now and should be available in a week on the portal. That said, this option with only for Postgres setup that has private endpoint enabled. But if the Postgres setup has VNet injection enabled, then the AMG MPE will not work.

    If this option doesn't work for you, then unfortunately the only workaround right now is to use Deterministic IPs on your AMG instance (https://video2.skills-academy.com/en-us/azure/managed-grafana/how-to-deterministic-ip) and allow these IPs to communicate from outsite your VNET on your NSG/firewall rules on the Postgres setup.  The true Vnet Injection support for AMG is a long way out on our roadmap.

    Hope this helps. and please feel free to reach out if you have any further questions.

    Please don't forget to "Accept as Answer" and click "Yes" if the above response if helpful, so it can be beneficial to the community.