We would like to backup our on-premises SQL server to Azure Recovery Service Vault. We tried to use the Azure Backup Server but there is a domain dependency.
Is there a way to use Azure Backup Server or System Center 2016 without having your servers in a specific domain ? The SQL server has the default WORKGROUP domain.
What would be the best alternative solution to backup a SQL on-premises server to Azure Recovery Service without adding the server to a domain ?
We decided to use the build-in SQL BACKUP command to URL. This URL is in our case the Azure Storage account.
See documentation: https://msdn.microsoft.com/en-us/library/jj919148%28v=sql.110%29.aspx?f=255&MSPPError=-2147217396
The backup file is a blob type. But there is a restriction you can not use a "Blob purpose" Azure storage account because this gives you a 400 Bad Request. It is possible to backup your SQL database in a "General Purpose" Azure storage account.
Related
Two questions I am not in a position to confirm via deploying to an Azure resource group (due to my account limitations). So far, I have not found resources that answers my questions.
1. AD Users and Groups
Can Active Directory (AD) Users and AD Groups SQL Server Logins or Database users be migrated from On premise SQL databases to Azure SQL?
The environment I will be working on has the on premise AD synced to Azure Active Directory (AAD).
So far, I have only seen that SQL Logins can be migrated.
2. Authentication
I know that SQL Login and Windows Authentication login are options to connect to the Source database. Are both of these option also available in the destination Azure SQL database?
So far I have only seen SQL Login as an option for connection to the destination database (see below screenshot). This might be because there are no AAD accounts associated with the blank Azure SQL target database I am trying to connect to. The Server Admin is set for the target database.
No, unfortunately you can't migrate the Active Directory (AD) Users and AD Groups to Azure SQL Database. Yes, you move SQL logins from the SQL Server source to Azure SQL Database by using Database Migration Service in offline mode.
You can also migrate Windows users and groups using T-SQL DDL syntax with the help of this tutorial.
You can use Azure AD authentication to connect with Azure SQL Database. It is an alternative to SQL Logins Authentication. Please refer Azure Active Directory authentication for more details.
You can simply use SQL Server Management Studio (SSMS) to connect with Azure SQL Database using Azure AD credentials. Install the SSMS on your local windows machine and login with AAD credentials as shown in image below.
I have amazon EC2 instance on AWS where SQL server is installed. I want to migrate SQL Server data and SSIS packages to Azure VMs.
I can not effort any loss of information.
What would be the best way to do so ?
I would recommend to use Azure Blob Storage as the transport.
SQL Server out of the box can create backups and can restore databases directly to/from Azure Blob containers
For instance:
CREATE CREDENTIAL sql_backup_credential
--storage account name:
WITH IDENTITY='your-storage-account',
--storage account key from portal:
SECRET = 'pvv99UFQvuLadBEb7ClZhRsf9zE8/OA9B9E2ZV2kuoDXu7hy0YA5OTgr89tEAqZygH+3ckJQzk8a4+mpmjN7Lg=='
BACKUP DATABASE Test
TO URL = N'https://your-storage-account.blob.core.windows.net/your-container/test.bak'
WITH credential = 'sql_backup_credential';
So, this way all user databases + SSISDB can be transferred from one isolated box to another.
Of course, Firewall settings of SQL Server VMs to allow outbound and inbound connections for HTTPS.
If I use one of the methods to migrate a SQL server instance with several databases into a Azure Managed Instance, would the procedure also replicate any login accounts with access rights?
Particular interested in knowing how this handles Active Directory accounts
From what I know, it doesn't and you cannot use Windows Authentication but only SQL Server Authentication or Azure AD. I've migrated several times a local database of my local SQL Server instance to Azure and I've done it using Export Data-Tier to .bacpac (this is the extension of the DB in Azure) and then deploying it (both actions from SSMS):
However, please be aware that you have to drop any users that use for authentication Windows Authentication because you'll get an error at the moment of deploying it since it cannot inherit your server's active directory settings. Then, you can define your own AD in Azure and use it.
Managed instance is a new deployment option of Azure SQL Database, providing near 100% compatibility with the latest SQL Server on-premises (Enterprise Edition) Database Engine.
The migration only support replicate the login.
You could get this from this document: Tutorial: Migrate SQL Server to an Azure SQL Database managed instance offline using DMS:
By default, Azure Database Migration Service only supports migrating SQL logins. To enable support for migrating Windows logins, see the Prerequisites section of this tutorial.
That means you must re-create all the users and grant it access right(database roles) manually.
Hope this helps.
I have an application written in VB, which used to connect with a Microsoft SQL Server, which is placed on a VM in the domain, using Windows Authentication(Local Domain).
But, I have moved my DB to a SQL Server which is placed on an Azure VM.
My problem is that i don't know how i can use Windows Authentication(or somehow to "ask" the Active Directory about the user who tries to connect).
I have seen the modes of SQL Server:
Active Directory - Password
Active Directory - Integrated
but i can't understand how i can use them. Should i have to do trust relation between 2 domain(Local, Azure)?
Can someone help?
I have moved my DB to a SQL Server which is placed on an Azure VM.
SQL on an Azure VM is the same product you might run on-premises, and supports SQL Auth and Windows Integrated Auth. The Azure Active Directory authentication methods supported by Azure SQL Database and Azure SQL Data Warehouse are not applicable to SQL Server running in an Azure VM. See:
Azure Active Directory authentication is a mechanism of connecting to
Azure SQL Database and SQL Data Warehouse by using identities in Azure
Active Directory (Azure AD).
See Use Azure Active Directory Authentication for authentication with SQL Database, Managed Instance, or SQL Data Warehouse
For SQL Server running in an Azure VM you use either SQL Authentication or Windows Authenticationl, as outlined here Authentication in SQL Server
You can use Windows Auth in your VM with either local accounts (created on the VM), or you can deploy a Domain Controller on a separate VM into your VMs VNET and use identities from the Domain. The Domain Controller you deploy into your Azure VNET can be an isolated Domain, or it can be a replica for your on-premises domain. If you want to deploy a replica of your on-premises domain into an Azure VNET you also will need to use a site-to-site VPN or ExpressRoute, as explained here Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines
The SQL Server (version 2016) is located in the local Virtual Machine(Windows Server 2012 R2) and I need to provide authentication for the users in the Azure Active Directory. As I am new to this I am not even sure whether it is possible or not. Can anybody guide me.
No, it is impossible. Please refer to this official document.
Connecting to SQL Server running on an Azure VM is not supported using
an Azure Active Directory account. Use a domain Active Directory
account instead.
It means if your local sql server could not use Azure Active Directory Authentication. You could use local domain Active Directory users.
If you use Azure SQL Database and SQL Data Warehouse, you could use Azure Active Directory authentication. Please refer to this link.