Floating FB popout byF5debug

Control SQL Database level Access using Windows Azure Firewall Rules

Security in Cloud is something very much important that each and every application to think out before moving to the cloud. Windows Azure Team is focusing on these aspects and trying to narrow down the components that can be accessed and restricted based on the needs and the customers which provides a high level of security to the system. Initially with SQL Azure we can restrict the database with the server level that a specific list of IP’s can access the server. But this has a limitation of using different servers with different databases incase the IP’s should not have access to the individual databases.

To overcome this security issue, Azure team has recently announced the SQL Database Level Access instead of Server Level Access using the Windows Azure Firewall rules. With this new feature we can access the Database separately if needed to be Isolated or else we can use it with in the Server level with the level of security provided to that server alone.        [more]

So we can do the level of restriction as

Database Level Rules : This enabled clients to access individual databases within the SQL Server assigned. These rules are created based on the individual database and are stored in the MASTER database of the individual database. The IP address range in this rule is specified beyond the server level rule configured then those clients alone will have access to this database. So this helps to restrict the clients that have access to the same logical server but restricted with the database with in the server.

Server Level Rules : This enables client access to the entire databases available in a particular logical server. These rules are again saved in the Master database of the server where we can specify the required configurations, or else we can use the Windows Azure Management Portal to configure the Rules.

SQL Azure

Image Source – MSDN

So how the connection to the Database or to the Server Works?

It works on the below algorithm

  • If the IP address is with in the range of Approved IP addresses specified the connection is granted to SQL Database Server.
  • If the IP address is now with in the range, then Database level firewall rules are checked for if the IP address is available with in the rule specified. If the IP address is available then the particular Database alone will be accessible to the IP address alone.
  • If the IP address is not with in the range of the server as well as with the database rule then none of the resources are accessible to the IP address and the connection fails.

So how to Connect, Manage and create a Firewall rule?

We can use the Windows Azure Management Portal to quickly create and manage the Firewall rules. Have a look at the article on how to do that step by step ( SQL Azure – Adding and Removing Firewall Rules in Azure Portal )

About Author: Karthikeyan Anbarasan, Microsoft MVP (Most Valuable Professional) in ASP.NET/IIS Architecture. He is the Founder and Chief Editor of the www.f5debug.net website and has authored books on Windows Phone and Business Intelligence(SSIS). He is also a Passionate Speaker and a Blogger on Microsoft Technologies.

You can Join Me On: Facebook, Twitter, Google Plus, LinkedIn

Add comment

  Country flag

  • Comment
  • Preview

Recent Posts

Random Posts

Most Viewed

URL Shortner

Create your own short urls!!!

Site Counter

free counters


This is a personal weblog. The opinions expressed here represent my own and not those of my employer. For accuracy and official reference refer to MSDN/ TechNet. I have documented my personal experience on this blog.

Protected by Copyscape Web Plagiarism Finder

Site Meter