SALES: 1-800-867-1380
1 out of 1 rated this helpful - Rate this topic

Security Considerations for SQL Server in Windows Azure Virtual Machines

This topic includes overall security guidelines that help establish secure access to SQL Server instances in a Windows Azure VM. However, in order to ensure better protection to your SQL Server database instances in Windows Azure, we recommend that you implement the traditional on-premises security practices in addition to the security best practices for Windows Azure.

For more information about the SQL Server security practices, see:

Windows Azure complies with several industry regulations and standards that can enable you to build a compliant solution with SQL Server running in a Virtual Machine. For information about regulatory compliance with Windows Azure, see Windows Azure Trust Center.

Following is a list of security recommendations that should be considered when configuring and connecting to the instance of SQL Server in a Windows Azure VM.

Considerations for managing accounts:

  • Create a unique local administrator account that is not named Administrator.

  • Use complex strong passwords for all your accounts. For more information about how to create a strong password, see Create Strong Passwords article in the Safety and Security Center.

  • By default, Windows Azure selects Windows Authentication during SQL Server Virtual Machine setup. Therefore, the SA login is disabled and a password is assigned by setup. We recommend that the SA login should be not be used or enabled. The following are alternative strategies if a SQL Login is desired:

    • Create a SQL account that has CONTROL SERVER permissions.

    • If you must use a SA login, enable the login and rename it and assign a new password.

    • Both the options that were mentioned earlier require a change the authentication mode to SQL Server and Windows Authentication Mode. For more information, see Change Server Authentication Mode.

Considerations for Securing Connections to Windows Azure Virtual Machine:

  • Consider using Windows Azure Virtual Network to administer the virtual machines instead of public RDP ports.

  • Remove any endpoints on the virtual machine if you do not use them.

  • Enable an encrypted connection option for an instance of the SQL Server Database Engine in Windows Azure Virtual Machines. Configure SQL server instance with a signed certificate. For more information, see Enable Encrypted Connections to the Database Engine and Connection String Syntax.

  • If your virtual machines should be accessed only from a specific network, use Windows Firewall to restrict access to certain IP addresses or network subnets.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2014 Microsoft. All rights reserved.