Export (0) Print
Expand All

Connectivity Considerations for SQL Server in Azure Virtual Machines

Updated: February 28, 2014

This topic provides recommendations and guidelines when connecting to SQL Server in Azure Virtual Machines.

In this topic:

Connection path and steps

Once you create a SQL Server virtual machine in Azure, perform the following tasks to be able to connect to it from other virtual machines in Azure or from your on-premises computers or from the Internet:

  1. Open TCP ports in the Windows firewall for the default instance of the Database Engine.

  2. Configure SQL Server to listen on the TCP protocol.

  3. You can join your SQL Server virtual machine in Azure to your domain environment running on-premises or in Azure via Azure Virtual Network. Without domain environment, SQL Server Database Engine cannot use Windows Authentication. To connect to the Database Engine from another computer, configure SQL Server for mixed mode authentication. Mixed mode authentication allows both SQL Server Authentication and Windows Authentication.

  4. Create at least one SQL Server authentication login.

  5. Determine the Domain Name System (DNS) name of the virtual machine. You need the DNS name of the virtual machine when you want to access SQL Server instance in Azure from your on-premises application.

  6. If you want to connect to your SQL Server database engine from the Internet, create a virtual machine endpoint for incoming TCP communication. This Azure configuration step, directs incoming TCP port traffic to a TCP port that is accessible to the virtual machine. For information, see How to Set up Communication with a Virtual Network.

The connection path is summarized by the following diagram:

Access SQL Server in Windows Azure Virtual Machine

The default instance of the SQL Server Database Engine listens on TCP port 1433. On the other hand, the named instances of the Database Engine can select an available port when the SQL Server service is started. When you are connecting to a named instance of Database Engine in Azure environment, we recommend that you configure a static port for SQL Server Database Engine. For more information, see Configure a Server to Listen on a Specific TCP Port.

Connectivity scenarios

When accessing an instance of SQL Server database in an Azure Virtual Machine, you might follow different connectivity scenarios based on your needs. The following table demonstrates how to update the Data Source keyword in the connection string for different connectivity scenarios:

 

Connectivity Scenario Azure Data source in the connection string

Within the same Azure datacenter

Virtual machines in the same Cloud Service under the same Azure account

Virtual machine host name

Note: The host name resolves to the private IP address implicitly. Azure has full control on the IP addresses and they can change.

Virtual machines in different Cloud Services under different Azure accounts

Virtual Machine DNS name and Endpoint Public Port, such as testsqlvm.cloudapp.net,57500

Virtual machines connected via Virtual Network under the same Azure account

Persistent Virtual Machine IP Address, such as tcp:10.4.2.4

Virtual machines in different Cloud Services under the same Azure account

In this scenario, you can follow one of the two options to connect to SQL Server virtual machines in Azure:

  1. You can create all virtual machines in the same private virtual network and use the persistent virtual machine IP address to connect to.

  2. You can use Virtual Machine DNS name and Endpoint Public Port.

Important: We recommend that you implement the first option as the connection process would not need to go through the public Internet. Therefore, it would provide a better network performance.

Hybrid deployment via Virtual Network

Persistent virtual machine IP address, such as tcp:10.4.2.4

Between different Azure datacenters

Virtual Machines or Cloud Services are in different datacenters

Virtual Machine DNS name and Endpoint Public Port, such as testsqlvm.cloudapp.net, 57500

On-premises to Azure datacenter

With Virtual Network

Persistent virtual machine IP address, such as tcp:10.4.2.4

Without Virtual Network

Virtual Machine DNS name and Endpoint Public Port, such as testsqlvm.cloudapp.net, 57500

Using Azure Virtual Network, your virtual machines running in Azure can be joined to your corporate domains running on-premises. After the virtual machine in Azure is joined to your corporate domain, you may want to access it by using the local administrator account or your on-premises domain account. You can either specify one of them as a user name during provisioning or add them to the standard users of the virtual machine in Azure after provisioning is done. Then, whenever you want to connect to your VM within virtual network by using the local administrator account, use the name of the virtual machine before the account name, such as my-iaas-vm\my-localadmin-account. If you want to connect to it by using a domain account, use the domain account directly. Similarly, if you want to connect to the instance of SQL Server running on a virtual machine in Azure with your on-premises domain account, create a login for it in the database instance of SQL Server. By default, this login only has the permissions granted to the public role. If you want to grant additional server-level permissions, see GRANT (Transact-SQL).

When using SQL Server in Azure VM, make sure to implement both Azure and on-premises SQL Server security best practices. We recommend that you use Azure Virtual Network to connect to your SQL Server VM from Internet as this will ensure that your SQL Server is not on public network. Keep in mind that any unsecure connection on public network might pose a security risk. Therefore, you must secure connections when accessing SQL Server on Azure Virtual Machines. For more information, see Security Considerations for SQL Server in Azure Virtual Machines.

Connectivity tutorials

The following tutorials will help you learn how to connect to SQL Server in Azure Virtual Machines from the same or different cloud services as well as within an Azure Virtual Network.

 

Topic Description

Tutorial: Configure and connect multiple SQL Server virtual machines in the same cloud service in Azure

Demonstrates how to connect to SQL Server in the same cloud service within the Azure Virtual Machine environment.

Tutorial: Configure and connect to a SQL Server virtual machine in a different cloud service in Azure

Demonstrates how to connect to SQL Server in a different cloud service within the Azure Virtual Machine environment.

Tutorial: Connect ASP.NET application to SQL Server in Azure via Virtual Network

Demonstrates how to connect an ASP.NET application to a SQL Server in Azure Virtual machine vian Azure Virtual Network.

See Also

Community Additions

ADD
Show:
© 2014 Microsoft