You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: SQL Operations and Support/Chapter 8 SQL Server on Azure VM/SSOA-Deploy-Azure-SQL-VM-From-Portal.ipynb
+134-8
Original file line number
Diff line number
Diff line change
@@ -156,19 +156,145 @@
156
156
"\n",
157
157
"On the SQL Server settings tab, configure specific settings and optimizations for SQL Server. You can configure the following settings for SQL Server:\n",
"Under SQL connectivity, specify the type of access you want to the SQL Server instance on this VM. For the purposes this demo, select Public (internet) to allow connections to SQL Server from machines or services on the internet. With this option selected, Azure automatically configures the firewall and the network security group to allow traffic on the port selected. To connect to SQL Server via the internet, you also must enable SQL Server Authentication, which is described in the next section.\n",
162
+
"\n",
163
+
"If you would prefer to not enable connections to the Database Engine via the internet, choose one of the following options:\n",
164
+
"\n",
165
+
"- Local (inside VM only) to allow connections to SQL Server only from within the VM.\n",
166
+
"- Private (within Virtual Network) to allow connections to SQL Server from machines or services in the same virtual network.\n",
167
+
"\n",
168
+
"In general, improve security by choosing the most restrictive connectivity that your scenario allows. But all the options are securable through network security group (NSG) rules and SQL/Windows Authentication. You can edit the NSG after the VM is created\n",
"If you require SQL Server Authentication, select Enable under SQL Authentication on the SQL Server settings tab. If you enable SQL Server Authentication, specify a Login name and Password. This login name is configured as a SQL Server Authentication login and a member of the sysadmin fixed server role. For more information about Authentication Modes, see Choose an Authentication Mode. [Choose an Authentication Mode - SQL Server | Microsoft Docs](https://docs.microsoft.com/en-us/sql/relational-databases/security/choose-an-authentication-mode?view=sql-server-ver15)\n",
173
+
"\n",
174
+
"If you prefer not to enable SQL Server Authentication, you can use the local Administrator account on the VM to connect to the SQL Server instance.\n",
"To store security secrets in Azure for encryption, select SQL Server settings, and scroll down to Azure key vault integration. Select Enable and fill in the requested information.\n",
179
+
"\n",
180
+
"Learn more about AKV here: [Integrate Key Vault with SQL Server on Windows VMs in Azure (Resource Manager) - SQL Server on Azure VMs | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/azure-key-vault-integration-configure?view=azuresql)\n",
"- On the SQL Server settings tab, under Storage configuration, select Change configuration to open the Configure storage page and specify storage requirements. You can choose to leave the values at default, or you can manually change the storage topology to suit your IOPS needs\n",
185
+
"- Under Data storage, choose the location for your data drive, the disk type, and the number of disks. You can also select the checkbox to store your system databases on your data drive instead of the local C:\\\\ drive.\n",
186
+
"- Under Log storage, you can choose to use the same drive as the data drive for your transaction log files, or you can choose to use a separate drive from the drop-down. You can also choose the name of the drive, the disk type, and the number of disks.\n",
187
+
"- Configure your tempdb database settings under Tempdb storage, such as the location of the database files, as well as the number of files, initial size, and autogrowth size in MB. Currently, the max number of tempdb files. Currently, during deployment, the max number of tempdb files is 8, but more files can be added after the SQL Server VM is deployed.\n",
"Select Change SQL instance settings to modify SQL Server configuration options, such as the server collation, max degree of parallelism (MAXDOP), SQL Server min and max memory limits, and whether you want to optimize for ad-hoc workloads.\n",
192
+
"\n",
193
+
"### <span style=\"color:#cc5500;\">SQL Server Licence</span>\n",
194
+
"\n",
195
+
"If you're a Software Assurance customer, you can use the Azure Hybrid Benefit to bring your own SQL Server license and save on resources. Select Yes to enable the Azure Hybrid Benefit, and then confirm that you have Software Assurance by selecting the checkbox.\n",
196
+
"\n",
197
+
"If you chose a free license image, such as the developer edition, the SQL Server license option is grayed out\n",
"Automated patching is enabled by default. Automated patching allows Azure to automatically apply SQL Server and operating system security updates. Specify a day of the week, time, and duration for a maintenance window. Azure performs patching in this maintenance window. The maintenance window schedule uses the VM locale. If you do not want Azure to automatically patch SQL Server and the operating system, select Disable. Learn more here: [Automated Patching for SQL Server VMs (Resource Manager) - SQL Server on Azure VMs | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/automated-patching?view=azuresql)\n",
"Enable automatic database backups for all databases under Automated backup. Automated backup is disabled by default.\n",
206
+
"\n",
207
+
"When you enable SQL automated backup, you can configure the following settings:\n",
208
+
"\n",
209
+
"- Retention period for backups (up to 90 days)\n",
210
+
"- Storage account, and storage container, to use for backups\n",
211
+
"- Encryption option and password for backups\n",
212
+
"- Backup system databases\n",
213
+
"- Configure backup schedule\n",
214
+
"\n",
215
+
"To encrypt the backup, select Enable. Then specify the Password. Azure creates a certificate to encrypt the backups and uses the specified password to protect that certificate.\n",
216
+
"\n",
217
+
"Choose Select Storage Container to specify the container where you want to store your backups.\n",
218
+
"\n",
219
+
"By default the schedule is set automatically, but you can create your own schedule by selecting Manual, which allows you to configure the backup frequency, backup time window, and the log backup frequency in minutes. Learn more here: [Automated Backup for SQL Server 2014 Azure virtual machines - SQL Server on Azure VMs | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/automated-backup-sql-2014?view=azuresql)\n",
"You have the option to enable Machine Learning Services. This option lets you use machine learning with Python and R in SQL Server 2017. Select Enable on the SQL Server Settings window. Learn more here: [SQL machine learning documentation - Tutorials and install guides | Microsoft Docs](https://docs.microsoft.com/en-us/sql/machine-learning/?view=sql-server-ver15)\n",
224
+
"\n",
225
+
"## <span style=\"color:#cc5500;\">Review and Create</span>\n",
226
+
"\n",
227
+
"\n",
228
+
"\n",
229
+
"After doing a review of your settings, select Create\n",
230
+
"\n",
231
+
"Depending on the choices you made, has an impact on the amount of time it takes for your SQL Server on Azure VM to finish deployment. In my case, with the options I chose, took about xx minutes."
"## <span style=\"color:#cc5500;\">Test Connectivity to your SQL Server on Azure VM using RDP</span>\n",
248
+
"\n",
249
+
"Open the VM with Remote Desktop\n",
250
+
"\n",
251
+
"Use the following steps to connect to the SQL Server virtual machine with Remote Desktop Protocol (RDP):\n",
252
+
"\n",
253
+
"1. After the Azure virtual machine is created and running, click the Virtual Machines icon in the Azure portal to view your VMs.\n",
254
+
"2. Click the ellipsis, ..., for your new VM.\n",
255
+
"3. Click Connect.\n",
256
+
"4. Open the RDP file that your browser downloads for the VM.\n",
257
+
"5. The Remote Desktop Connection notifies you that the publisher of this remote connection cannot be identified. Click Connect to continue.\n",
258
+
"6. In the Windows Security dialog, click Use a different account. You might have to click More choices to see this. Specify the user name and password that you configured when you created the VM. You must add a backslash before the user name.\n",
259
+
"7. Click OK to connect.\n",
260
+
"\n",
261
+
"After you connect to the SQL Server virtual machine, you can launch SQL Server Management Studio and connect with Windows Authentication using your local administrator credentials. If you enabled SQL Server Authentication, you can also connect with SQL Authentication using the SQL login and password you configured during provisioning.\n",
262
+
"\n",
263
+
"Access to the machine enables you to directly change machine and SQL Server settings based on your requirements. For example, you could configure the firewall settings or change SQL Server configuration settings.\n",
264
+
"\n",
265
+
"## <span style=\"color:#cc5500;\">Test Connectivity to your SQL Server on Azure VM using a Remote Connection</span>\n",
266
+
"\n",
267
+
"In this walkthrough, you most likely selected Public access, (as I did) for the virtual machine and SQL Server Authentication. These settings automatically configured the virtual machine to allow SQL Server connections from any client over the internet (assuming they have the correct SQL login). If you did not select Public during provisioning, then you can change your SQL connectivity settings through the portal after provisioning. For more information: [Connect to a SQL Server virtual machine (Resource Manager) - SQL Server on Azure VMs | Microsoft Docs](https://docs.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/ways-to-connect-to-sql?view=azuresql#change)\n",
268
+
"\n",
269
+
"Configure a DNS Label for the public IP address of your Azure VM (Optional)\n",
270
+
"\n",
271
+
"To connect to the SQL Server Database Engine from the Internet, consider creating a DNS Label for your public IP address. You can connect by IP address, but the DNS Label creates an A Record that is easier to identify and abstracts the underlying public IP address. Note: DNS Labels are not required if you plan to only connect to the SQL Server instance within the same Virtual Network or only locally.\n",
272
+
"\n",
273
+
"To create a DNS Label:\n",
274
+
"\n",
275
+
"1. Select Virtual machines in the portal Select your SQL Server VM to bring up its properties.\n",
276
+
"2. In the virtual machine overview, select your Public IP address.\n",
277
+
"3. In the properties for your Public IP address, expand Configuration.\n",
278
+
"4. Enter a DNS Label name. This name is an A Record that can be used to connect to your SQL Server VM by name instead of by IP Address directly.\n",
"1. On a computer connected to the internet, open SQL Server Management Studio (SSMS). If you do not have SQL Server Management Studio, you can download it here [Download SQL Server Management Studio (SSMS) - SQL Server Management Studio (SSMS) | Microsoft Docs](https://docs.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms?view=sql-server-ver15)\n",
286
+
"2. In the Connect to Server or Connect to Database Engine dialog box, edit the Server name value. Enter the IP address or full DNS name of the virtual machine (determined in the previous task). You can also add a comma and provide SQL Server's TCP port. For example in my case it is: prodsqlsrv1.usgovvirginia.cloudapp.usgovcloudapi.net,1433. If you didn't create a DNS lable in the previous step, they you would use the IP Address instead of the DNS Label.\n",
287
+
"3. In the Authentication box, select SQL Server Authentication.\n",
288
+
"4. In the Login box, type the name of a valid SQL login.\n",
289
+
"5. In the Password box, type the password of the login.\n",
0 commit comments