A couple of months ago Microsoft announced a new Hybrid Cloud feature called Azure Arc enabled SQL Server. Azure Arc enabled SQL Server allows you to manage your global inventory of SQL servers, protect SQL Server instances with Azure Security Center or periodically assess and tune the health of your SQL Server configurations. In this blog post, we will cover how you can add SQL Server to Azure Management using Azure Arc.
Prerequisites
Before you add an Azure Arc enabled SQL Server, you need to prepare the following prerequisites:
- A virtual or physical machine running SQL Server. The machine hosting SQL Server must be connected to the internet directly or via a proxy server. Running one of the following operating systems:
- Windows Server 2012 R2 and higher
- Ubuntu 16.04 and 18.04 (x64)
- CentOS Linux 7 (x64)
- SUSE Linux Enterprise Server (SLES) 15 (x64)
- The Connected Machine agent communicates outbound securely to Azure Arc over TCP port 443. If the machine connects through a firewall or a HTTP proxy server to communicate over the Internet, review the network configuration requirements for the Connected Machine agent.
- A user account with permissions (An user account with local admin rights.
- Azure PowerShell installed on the computer executing the onboarding script.
- You need to have the “Microsoft.AzureData” provider namespace registered. You can run the following Azure PowerShell command to do that: “Register-AzResourceProvider -ProviderNamespace Microsoft.AzureData”. You can run that command in Azure Cloud Shell.
To learn more about the prerequisites, check out the following Microsoft Docs page.
Connect an Azure Arc enabled SQL Server
To add and connect an Azure Arc enabled SQL Server, you can simply open Azure Arc in the Azure Portal. On the new Azure Arc overview page, you can find all the different Azure Arc services you can connect and manage.
Browse to SQL Servers and click on “Add“.
The wizard will help you to generate a script, which you can run to connect your SQL Server to Azure using Azure Arc. You need to select the spesific subscription, resource group, regsion and operating system.
The wizard will generate a script for the spesific OS, which you can download and run to connect and register your Azure Arc enabled SQL Server.
After you have run the script on your SQL Server, your SQL Server will show up in the Azure portal. The script can be run interactively. However, it is recommended to use service principals if you are running registrations of machines at-scale. After you have registered your SQL Server, the server will show up in the Azure portal.
Now you can already take advantage of Azure Security Center recommendations.
And have a closer look at the spesific recommendations to secure your MS SQL Server.
Configure on-demand SQL assessment
The SQL Server assessment allows you to diagnose potential issues with your SQL Server environment running on-premises, on Microsoft Azure Virtual Machines (VMs), or on Amazon Web Services (AWS) VMs. To configure the on-demand SQL assessment for Azure Arc enabled SQL Server instances, you have a couple of prerequisites that you can find here. After you have deployed the additional Log Analytics extensions to your Arc enabled Server, you simply need to download and run the script from the portal.
After the awhile the assessment results become available, and you can view them in the portal.
Conclusion
I hope this blog post provides you with a short overview of how you can connect your on-premises or multi-cloud SQL Servers, to Microsoft Azure using Azure Arc. Azure Arc enabled SQL Server provides you with Azure Security Center to produce a comprehensive report of vulnerabilities in SQL Servers and get advanced, real-time security alerts for threats to SQL Servers and the OS, and investigate threats in SQL Servers using Azure Sentinel.
If you have any questions feel free to leave a comment below.
Tags: Arc, Azure, Azure Arc, Azure Arc Enabled SQL Server, connect, Data, Hybrid, Hybrid Cloud, Manage, Management, Microsoft, Register, Server, SQL. SQL Server Last modified: October 6, 2020
Hi,
Great explanation.
I do wonder does the data inside the database never leaves the on-premise environment ?
In the microsoft documentation there is some explanation regarding the data collection but this is listed under the Azure Arc data services (MI and Postgres).
Ofcourse some data will be send to Azure to fuel the metrics, defender, but my question is more about the data inside the database than the environmental metrics.