Allow SQL Database to join Virtual Network (VPN)
I have Cloud Service with web/worker roles connected to SQL Database (web edition).
I also have Virtual Network with point-to-site client (P2S) connection, but I cannot connect to my SQL Database (web edition) via VPN (eg using SSDM). Instead I have to use internet connection.
IP address assigned by my ISP has short lifetime and is reset daily. This means that almost every time I want to perform Admin tasks, I have to log onto Windows Azure portal to change my IP address in the SQL database firewall (defining a range of addresses is not an option).
VPN would mean I just need to set firewall address list once, and I also like the additional layer of security offered by VPN. P2S requires certificate installed on each client computer, so if passwords / desktop apps did fall into wrong hands, no one would be able to use them to connect from another computer.
Luke Wyatt commented
It would be neat to add a term for firewall rules (specifically for DB provider) where the user can whitelist an IP for x days or weeks. After that period, the whitelisted IP gets removed automatically.
This would be particularly useful for traveling users who often forget to clean up when working.
It would be nice to get a status update on this even if it's along the lines of "We're not going to implement this because it would completely undermine our existing sql server licencing model".
Ivan Skvortsov commented
Hi, any updates?
Naoki Sato commented
Security & compliance requirements, I cannot select "opening SQL firewall to all of Azure".
If it is possible to open to same resource group, I can use Azure Automation to manage SQL database.
Hi HayCock sir ....
is it going to be reality ?
S. Brandt commented
It would be great if more than one firewall entry could be deleted in the sql server settings. I have to add one entry every day, b/c of dynamic IP adresse. To clean up, I need to delete one entry, save, delete one, save, which takes a lot of time.
Also, the "date-stamp" is incorrect, it contains Year-Minute-Day, not Year-month-Day ... which makes it difficult to find the right entries not to delete.
Hi any news on this ? I think it's even more important / critical now if we are using ARM based deployments AND we can't even reserve a Public IP address for our VMs which it looks like is still the case... far from ideal... thanks
Any news on this feature? You have made your cloud services "virtually" (no pun intended) unusable for environments that tightly control firewall rules. Can't buy your services if I cannot connect to them...HUGE ISSUE.
So, its been under review for a year and a half so I guess you have a plan or an update to share by now?
Organizations where IT-pros run the IT will never let cloud in as long as the DB are facing the Internet without possibility to protect behind VNet.
In the new portal, the interface allows me to delete multiple firewall rules for a SQL DB. However, when I click on Save, I get an error that I can only save one edit at a time. The only way to resolve the situation is to cancel all changes that were made by closing that blade, enter the blade again, and make changes one at a time.
This is obviously a terrible implementation. Either save the change instantly, allow multiple changes (best), or just don't allow multiple changes. Don't make us go through the motions only to have to redo everything again.
Dan Petitt commented
I would imagine it will come soon as we can add WebApps to a VN now; definately want this for out of office management work and added security
This is an important one for me also, and then being able to connect via express route also.
David Wilson commented
Having internet facing only access to the SQL Database service is a major concern for companies that don't want to have default routes to the internet to route 1433 traffic (and we don't have a SOCKS infrastructure to proxy the requests). Additionally, we want server to server connections to go via VPN so there is no listening port on the internet for the SQL Database (or at least the SQL firewall limits to an IP whitelist that matches the VPN allowed networks).
This is killing me too. I travel a lot so IPs change, but actually I'm better hosting traditional SQL myself and managing a VPN for security, never mind the IP changing inconvenience.
Ives Laaf commented
any news on this?
Jan Vilimek commented
It is really security problem. Consider that the name of the server leaked. Not very uncommon situation. Anyone could have create a VM in azure and brute force the access to the DB...
Kenny Young commented
Are there any updates on this?
This would make firewall setup so much easier.
Johan Bennink commented
Please add this asap. It would make integrating SQL Databases with on-premise much easier. An alternative for now would be to use a VM with SQL Server in a Virtual Network and close the outside ports on the VM. But SQL Databases skip the who VM part which is a benefit from a maintenance standpoint
Max Dionysius commented
On the old management portal it was possible to add / remove multiple IP Addresses on SQL Server Firewall. On the new Portal Preview you have after every IP removed or added to save i.e. when you often use "add current IP to firewall rules" and after some time you want to clear all those IPs, it's pretty annoying to press save after every deletion.
Ok, to be honest, I don't need this very often, but I think it would be nice feature ;-)