Using Windows Azure, one of the most important aspect during SDLC is the secure connectivity to the cloud service provider. Two main aspects in relation to the connectivity are security and productivity and they should be addressed as early in the process of SDLC to avoid any impact on the expected deliverables.
In this blog we would be addressing the most basic connectivity type i.e. point to site setup and also to allow SQL Azure connectivity to the on-prem SQL Server Management Studio as this is very common issue while getting on with the Azure cloud development.
Azure has provided the following three types of connectivity options:
Virtual Network Point-to-site
A point-to-site VPN also allows you to create a secure connection from your Windows-based computer to your virtual network without having to deploy any special software.
Virtual Network Site-to-site
A site-to-site VPN allows you to create a secure connection between your on-premises site and your virtual network.
ExpressRoute lets you create private connections between Azure datacenters and infrastructure that’s on your premises or in a co-location environment. ExpressRoute connections do not go over the public Internet, and offer more reliability, faster speeds, lower latencies and higher security than typical connections over the Internet
Here is the table based on different uses cases which is very useful and let’s you determine which type of connectivity would be applicable for your environment.
|Virtual Network(Point-to-site)||Virtual Network (Site-to-site)||ExpressRoute – Exchange Provider||ExpressRoute – Network Service Provider|
|Azure services supported||Cloud Services, Virtual Machines||Cloud Services, Virtual Machines||Refer tovalidated list.||Refer tovalidated list.|
|Typical Bandwidths||Typically < 100 Mbps aggregate||Typically < 100 Mbps aggregate||200 Mbps, 500 Mbps, 1 Gbps and 10 Gbps||10 Mbps, 50 Mbps, 100 Mbps, 500 Mbps, 1 Gbps|
|Protocols Supported||Secure Sockets Tunneling Protocol (SSTP)||IPsec (Refer to VPN page for more details)||Direct connection over VLANs||NSP’s VPN technologies (MPLS, VPLS, …)|
|Routing||Static||Static – We support policy—based (static routing) and route-based (dynamic routing VPN)||BGP||BGP|
|Typical use cases||
|Technical Documentation||OverviewHow to guide||OverviewHow to guide||OverviewHow to guide||OverviewHow to guide|
Azure Connectivity type to get developers started
The most basic connectivity to kick start the cloud development process is the point-to-site as it’s satisfies the basic requirements in terms of security and productivity scenarios
For detailed steps to setup point-to-site VPN can be found here.
Connecting to SQL Azure from SQL Management Studio
This is the most important aspect from the development perspective as without this connectivity the development can’t proceed.
In order to connect to SQL Azure here are high level key steps or pre-requisites to be configured, for detailed instructions please visit this blog.
- Static IP Address for on-prem machine
- Logging on to Azure Management Portal and under database servers section adding the static IP Address of the on-prem machine to the firewall rules allowed
- In a corporate environment you would either need to raise a request with the infrastructure team or Network Administrator in a small to medium size organisation to allow the outbound traffic from the on-prem machine for port 1433 to the Azure datacentre in whichever region your cloud services are provisioned. As part of the request the destination IP’s needs to be provided for Azure Datacenter which can be downloaded from here: http://www.microsoft.com/en-us/download/details.aspx?id=41653
- From security standpoint any connectivity to SQL Azure happens over SSL enabled endpoint as Azure doesn’t allow un-encrypted traffic.
Note: once firewall rules are in place connect to SQL Azure from Management Studio and enable the Encrypt Connection option under “Connection Properties” tab for secure connection.
See the image below to setup the encryption option from SSMS:
This pretty much should get you started with the basic connectivity to sql azure without involving your network teams.
In order to explore or find out about other Azure connectivity types and the setup details please refer to the technical documentation section in the above comparison table.