In Chapter 1, Cloud Computing and Microsoft Azure Services Platform, the procedure to access the Windows Azure Services was described, which allowed you to host applications on the Windows Azure platform. In a similar manner, you can also access the SQL Azure Services that allow you to create databases and firewall rules. Firewall rules provide the security blanket for your cloud-based resources. This allows you and only you, or users designated by you, from IP addresses specified by you, to access your cloud-based SQL Azure database from an external location.
By completing the following steps, you will be able to access SQL Azure Services from the portal:
- Browse to the following URL: http://windows.azure.com.
- The Windows Live ID sign in page opens up as shown in the following screenshot. It is assumed that you have already created a Live ID. In case you have multiple Live IDs, make sure you use the Live ID account that you used while buying the subscription. This is because the Windows Azure Portal's projects or services are only accessible to subscribed users.
- Insert your password and click on OK.
- The Windows Azure Portal opens with Windows Azure in the left navigation menu. Click on SQL Azure to open the user interface for SQL Azure Services as shown in the next screenshot. The Project Name, Account Administrator, and the Service Administrator names are displayed (pixelated). These were chosen while creating the subscription as we saw in the previous chapter. Both Account Administrator and Service Administrator have the same entries, as that of the Live ID username. Note that you can also directly come to this page by accessing the URL: http://sql.azure.com.
- Next, click on the Project Name (assuming that the Status is Enabled). The Terms of Use page gets displayed. (Only a relevant portion of the portal is shown in the following screenshot.)
- You have to agree to the terms before you proceed then click the I Accept button.
For a given subscription, you can create only one SQL Azure Server. If you need more servers, you may need to purchase additional subscriptions. However, you can create multiple databases in one SQL Azure Server.
Herein, you can create the Server Administrator Credentials. As for locations, in addition to North Central US, three other options are available: South Central US, North Europe, and South East Asia (two more were added recently). More will be available in the future. Choose the same geographical location for both data and application so that you get a better performance. This may also have an impact on what you pay for the service. Choose the geographical location from the drop-down list displayed by clicking the drop-down handle for Location.
- Click on the I Accept button.
- This opens the Create Server page where you will be able to create the SQL Azure Server in the cloud.
- Next, you will need to fill in the details providing an Administrator Username and an Administrator Password. Retype the password and choose a location for your server from the drop-down menu.
- The password you use should have all the required items as in the following list. Also make sure that the password field does not have any three consecutive characters in the username, as shown in the following screenshot:
Note
Note that the Administrator's (server-level principal) account is a master account used for server administration and it (the name and password) should not be exposed in connection strings or otherwise.
- Click on the Create Server button. Sometimes an unexpected error could occur and you should save the screen to troubleshoot, as shown in the next screenshot, so that you can take up the issue with the help desk.
- If the details are fully accepted, you should see the following display in the browser:
- Notice that a server was created with the details, as shown in the previous screenshot (all author-specific details are shown pixelated). The Server Name is provided (a random choice) by the provisioning system. The Administrator Username and the Server Location were chosen by the subscriber (you) to the service. The fully qualified name of the server in this case is: XXXXXXXXXX.database.windows.net - <servername.database.windows.net>.This is the name you will be using while connecting to SQL Azure from most applications. Also notice that the Server Information panel allows you to Reset Password as well as to Drop Server.
In addition, while provisioning the server, the system creates the master database of 1 GB.
- In the bottom pane's first tabbed page, you see the master as well as any other databases that you may create. Notice that there are buttons, which will enable you to create a database as well as to delete databases you created. Since the information about the databases you create is recorded in the master, you will not delete this database.
In the Databases tab you can Test Connectivity as well as get the Connection Strings; the textual information you need for connecting to SQL Azure from applications.
As security is one of the most important aspects, a firewall, that allows users only from those locations whose IP ranges are registered in the portal needs to be set up and configured. The following steps show how this may be carried out at the portal by the administrator of the account:
- Click on the tab Firewall Settings to display the following screenshot:
- Just like the firewall on computers as well as networks, SQL Azure is also protected by a firewall fence. The user will specify the firewall by providing a name (Rule Name) and indicating the IP addresses (below IP Address Range) from where the user will connect to SQL Azure while accessing it externally. This means that the databases (includes master as well) that the user created can be accessed from those locations only. The firewall settings may consist of a single IP address or a range of IP addresses. There must be at least one firewall rule configured in order to access SQL Azure.
- The interface also allows creating multiple rules. These will be created using the Add Rule, Edit Rule, and Delete Rule buttons. Also, if the Allow Microsoft Services access to this server is not checked, SQL Azure access from applications running in the Windows Azure hosting site will not be possible. This also needs to be checked if you want to test connectivity to a database in the server using the Test Connectivity button described earlier. When this is checked a system configured firewall rule; Microsoft Services with the range 0.0.0.0 to 0.0.0.0 gets added.
- Assuming that you have not set up the firewall, if you try to access the SQL Azure Server from the SSMS on your computer you will get a Cannot connect to XXXXXX.database.windows.net error message, as shown in the following screenshot:
- Although you can run the
sp_set_firewall_rulestored procedure from the master database, you need to access the master database, which requires a firewall setting on SQL Azure. This is best done in the portal.