Blog Post

SQL Server Blog
5 MIN READ

Manage, secure, and govern your SQL Server estate from Azure

Venkata Raj Pochiraju's avatar
Nov 16, 2022

Overview

Our learnings from talking to several enterprise customers is that businesses are leveraging hybrid and multi-cloud approaches to achieve digital transformation and stay competitive.  While we expect this pattern to continue to rise, it also offers a unique set of challenges, especially with its strategic asset “Data” management. Let’s look at some of those challenges and learn how Microsoft's “Hybrid and multi-cloud data solutions” help to maximize the cost-effectiveness, security, performance, and reliability of the data with less.

 

How to optimize costs and get predictable billing for all the data services running across on-premises, and cloud?

How to manage all the digital assets across on-premises and multi-cloud from a single place?​

How to improve the organization's security posture so that you get the best-in-class security protection?

How to ensure that business continuity and availability are not interrupted in the event of a disaster.

 

To address all the above, and more challenges, Microsoft offers Azure Arc-enabled SQL Server which lets you manage, secure, and govern your SQL Servers hosted on Windows and Linux physical servers and virtual machines hosted outside of Azure, on your corporate network, or another cloud provider. This management experience is designed to be consistent with how you manage native Azure virtual machines, using standard Azure constructs such as Azure Policy and applying tags.

When you connect SQL Server connected to Azure through Arc, it becomes a connected machine and is treated as a resource in Azure.

 

NEW: SQL Server pay-as-you-go licensing model

Today at PASS Summit we shared the latest announcements for SQL Server. This includes the availability of a new consumption model for SQL Server, made possible with Azure Arc. It is now available in a cloud-like billing model for all your SQL Servers deployed anywhere. Gain better cost efficiencies when paying only for what you use by activating pay-as-you-go (PAYG) licensing option. For some customers, PAYG may offer a cost-effective option in the scenarios below:

  • If you have a seasonal business with high demand for a fraction of the time each year.
  • If you self-install SQL Servers on any virtual machine like AVS, non-Azure clouds and need a consistent behavior between SQL Server deployed in Azure and outside of Azure.
  • If you need a flexible licensing option, choose between consumption-based licensing and a perpetual license.

You can select pay-as-you-go billing through Microsoft Azure to install a Standard or Enterprise edition without supplying a pre-purchased product key.

 

The billing granularity is one hour, and the charges are calculated based on the SQL Server edition and the maximum size of the hosting server at any time during that hour.  

 

Inventory and Asset management

By Arc enabling all your Servers and SQL Servers, you can get a single consistent view of all your SQL Servers and databases deployed on-premises, edge and multi-cloud.  Use “Azure Resource graph” service to query the inventory in various dimensions and increase the visibility of your entire data estate.

Receive “Extended security updates (ESU)” through Arc-enabled SQL Servers. For more on this feature visit: What are Extended Security Updates for SQL Server? 

 

Secure & Protect SQL Servers from Azure

Arc-enabled SQL Server offers centralized security, data governance for all your data assets across Data centers, multi-cloud environments, managed by Azure native services includes built-in integration with Azure Active Directory (AAD)*, Microsoft Defender, Sentinel and Purview.

Unified Azure Active Directory authentication

Customers with SQL Server 2022 can enable Azure Active Directory authentication, single sign-on, unify  SQL Server authentication and leverage multi-factor authentication. Learn more, Azure Active Directory authentication for SQL Server 

 

Secure with Microsoft Defender for SQL Server

Secure Arc-enabled SQL Server by enabling Microsoft Defender for SQL includes functionality for surfacing and mitigating potential database vulnerabilities and detecting anomalous activities that could indicate a threat to your database. It provides a single go-to location for enabling and managing these capabilities.

 

SQL Advanced Threat Protection detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit your database. It continuously monitors your database for suspicious activities, and it provides immediate security alerts on potential vulnerabilities, Azure SQL injection attacks, and anomalous database access patterns. Advanced Threat Protection alerts provide details of suspicious activities and recommend action on how to investigate and mitigate the threat.

 

SQL vulnerability assessment is an easy-to-configure service that can discover, track, and help you remediate potential database vulnerabilities.

Learn more, Protect Azure Arc-enabled SQL Server with Microsoft Defender for Cloud 

 

 

Purview Access Policies

With new Microsoft Purview access policies for SQL Server 2022 powered by Arc-Enabled SQL Servers, you can gain visibility into your data assets across on-premises data centers and multi-cloud.  You can secure access to your data and safeguard sensitive data across applications deployed in multi-clouds.

This feature provides the data administrators or owners the capability to author policies that govern the access to Active Directory users directly from Azure to all your SQL Server 2022 data sources at scale without writing T-SQL code and explicitly creating logins and database users. Learn more, Microsoft Purview access policies for SQL Server 2022 

SQL Server assessments

The SQL Server assessment allows you to diagnose potential issues with your SQL Server environment running on-premises and in multi-cloud environments.  The assessment covers areas such as security, performance, SQL Server and database configurations, and disaster recovery proactively detects the risks and provides detailed mitigation guidance.  This promotes managing and operating SQL Server healthily. Learn more, Configure SQL Assessment | Azure Arc-enabled SQL Server 

How to Arc enable SQL Server?

Now that we understand how Azure Arc-enabled SQL Server service brings the power of all innovation built-in Azure Services can be by extending Azure services to all the SQL Servers running outside of Azure and to manage, secure, protect and govern the entire SQL Server data estate at scale, let's examine the different ways to Arc-enable SQL Servers.

SQL Server 2022 setup

SQL Server 2022 install wizard (setup) simply the onboarding to Azure Arc, introduces the Azure SQL extension configuration that you can connect to Azure, and start managing, securing, protecting, and governing from Azure.  Learn more, Install SQL Server 2022 

 

 

When the host Server is already connected to Arc-Server is Arc enabled

If the host machine with SQL Server is already connected to Azure Arc enabled, you can also Arc-enable connect the SQL Server instances on that machine by installing the SQL Server Extension - Azure Arc. The SQL Server extension for Azure Arc Server can be found in the extension manager. Install Azure SQL extension. 

 

When the host server is NOT Arc-enabled

If the server that runs your SQL Server instance is not yet connected to Azure, you can initiate the connection from the target machine using the onboarding script. This script will connect the server to Azure and will install the Azure extension for SQL Server.  Generate an onboarding script for SQL Server 

 

Arc-enable SQL Servers at scale

There are a few ways that you can Arc-enable SQL Severs at scale, using Azure policy, using PowerShell script. More on that feature here, Connect SQL Server instances to Azure at scale 

Updated Nov 16, 2022
Version 2.0
No CommentsBe the first to comment