Be Careful When Starting Up Azure VMs Running SQL Server

So Microsoft has done something pretty dumb with the Azure VMs which are running Microsoft SQL Server. By default the front end firewall (the one that allows or blocks traffic from the public Internet to the VMs) allows traffic to the default SQL Server port 1433. At first this is fine, until you change the firewall port on the Windows firewall to allow the other VMs to connect to SQL. Now you’ve got a problem as the public firewall is open, and your Windows firewall is open, so anyone who attempts to connect to the SQL port 1433 from the outside will have direct access to the SQL Server instance.

So when creating VMs which will be running SQL Server that you are creating from the default SQL Server template you’ll need to go into the Azure portal and change the firewall endpoints. Do to this edit the properties of the VM, and edit the settings. Then edit the Endpoints.

If you see the “SQL Server” endpoint as shown below, and you’ve disabled the Windows Firewall on the VM from blocking TCP port 1433, then the entire public Internet has access to your SQL Server VM.

VM_Settings

To remove this mouse over the SQL Server endpoint and click the menu button shown below, then click “Delete” from the context menu that appears.

VM_Settings2

For each SQL Server VM that you’ve deployed using Microsoft’s SQL VM Template.

If you’ve setup SQL Server VMs in Azure within the last couple of months you’ll want to go and check the Azure Endpoints and make sure you don’t have a firewall hole that you weren’t expecting. I’ve spoken to Azure team at Microsoft about this and the default template is being fixed so that it isn’t setup this way any more, if it isn’t fixed already.

Denny

Contact the Author | Contact DCAC

Recommended reading from mrdenny for September 26, 2014

On a personal note, today is my 15th wedding anniversary to Kris.  Thank you to my Kris who’s put up with me for all these years.

This week I’ve found some great things for you to read. These are a few of my favorites that I’ve found this week.

This weeks SQL Server person to follow on Twitter is: SueBrownawell also known as Sue Brownawell

Hopefully you find these articles as useful as I did.

Don’t forget to follow me on Twitter where my username is @mrdenny.

Denny

Contact the Author | Contact DCAC

All Your Hardware Should Be Of The Same Class

I’m seeing a really disturbing trend in enterprise hardware purchases these days. Companies will spend hundreds of thousands of dollars on their Compute environment (the servers) but they cheap out on the storage. In the last two weeks I’ve talked to people from two different companies who have top of the line Cisco UCS servers, but for their storage they have low to mid end storage systems.

This just doesn’t make sense to me. If you know that your workload is going to be high enough to justify the cost of the Cisco UCS platform why cheap out on the storage which is really the key to making things run faster? If I know that I need to run 200 VMs in my farm, including a bunch of SQL Server instances, why are you going to buy storage that can handle 14k IOPs max (at RAID0) then after RAID something like 8k IOPs? That just doesn’t make a lot of sense at all to me.

If you are going to spend this kind of cash, spend a little more and do it all right. Everything will work much better in the long run this way.

Denny

Contact the Author | Contact DCAC

Recommended reading from mrdenny for August 08, 2014

This week I’ve found some great things for you to read. These are a few of my favorites that I’ve found this week.

This weeks SQL Server person to follow on Twitter is: amy_lewisAZ also known as amy_lewisAZ

Hopefully you find these articles as useful as I did.

Don’t forget to follow me on Twitter where my username is @mrdenny.

Denny

Contact the Author | Contact DCAC
1 2 3 4

Video

Globally Recognized Expertise

As Microsoft MVP’s and Partners as well as VMware experts, we are summoned by companies all over the world to fine-tune and problem-solve the most difficult architecture, infrastructure and network challenges.

And sometimes we’re asked to share what we did, at events like Microsoft’s PASS Summit 2015.

Awards & Certifications

Microsoft Partner   Denny Cherry & Associates Consulting LLC BBB Business Review    Microsoft MVP    Microsoft Certified Master VMWare vExpert
INC 5000 Award for 2020    American Business Awards People's Choice    American Business Awards Gold Award    American Business Awards Silver Award    FT Americas’ Fastest Growing Companies 2020   
Best Full-Service Cloud Technology Consulting Company       Insights Sccess Award    Technology Headlines Award    Golden Bridge Gold Award    CIO Review Top 20 Azure Solutions Providers