IT-NYC
asked on
Protect port 1733 on Azure
Hello,
Can someone recommend a good way to protect port 1733 for Azure's SQL VMs?
I am looking here.
http://azure.microsoft.com/blog/2014/03/28/network-isolation-options-for-machines-in-windows-azure-virtual-networks/, with the Option 1: Subnets within a Single Virtual Network
It says that:
Currently, Windows Azure provides routing across subnets within a single virtual network, but does not provide any type of network ACL capability with respect to internal DIP addresses. So in order to restrict access to machines within a single virtual network, those machines must leverage Windows Firewall with Advanced Security, as depicted simply in the diagram below."
http://blogs.msdn.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-01-13-25/6574.ashwin-VN.png
Is that the case today?
If it is relevant to you, how have you addressed this?
Thanks!
Can someone recommend a good way to protect port 1733 for Azure's SQL VMs?
I am looking here.
http://azure.microsoft.com/blog/2014/03/28/network-isolation-options-for-machines-in-windows-azure-virtual-networks/, with the Option 1: Subnets within a Single Virtual Network
It says that:
Currently, Windows Azure provides routing across subnets within a single virtual network, but does not provide any type of network ACL capability with respect to internal DIP addresses. So in order to restrict access to machines within a single virtual network, those machines must leverage Windows Firewall with Advanced Security, as depicted simply in the diagram below."
http://blogs.msdn.com/cfs-filesystemfile.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-01-13-25/6574.ashwin-VN.png
Is that the case today?
If it is relevant to you, how have you addressed this?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, btan!
ASKER
Thanks for your post. Appreciate the details.
Yes, in my situation, it will be a SQL database running on a Azure Windows server.
So, the below should be my plan (after -------)? The only part that's confusing is what you refer as caveat:
"To enable communication with the database, firewall rules must be defined in Windows Azure SQL Database allowing the public IP address of the VM in Windows Azure to communicate with the data source."
How do you read this?
--------------------------
- Configure the Azure SQL Database firewall to create a server-level firewall setting that enables connection attempts from your computer or Azure to Azure SQL Database server
- Control access to certain databases in your Azure SQL Database server, create database-level firewall rules for the respective databases
- Block inbound connections on TCP port 1433 if inbound communications are not needed by any other applications on that computer, ensure that your firewall continues to block inbound connections on TCP port 1433.
- Only outbound connections on TCP port 1433 are needed for applications to communicate with Microsoft Azure SQL Database.
Thanks in advance!