General availability of VNet service endpoints for Azure SQL database

CATEGORIES

Blog

This month, Microsoft announced the general availability of Virtual Network Service Endpoints for Azure SQL Database in all Azure regions.

What does this mean for our customers?

Previously, Azure customers were limited to accessing their PaaS SQL database instances via the public internet. Not only did this generate significant security concerns, but also meant that management overhead was tiresome, with each client needing to be added manually to the SQL server firewall for access.

These concerns have now been addressed with the general availability of VNet Service Endpoints for Azure SQL Database. Implementation of service endpoints allows for traffic from selected Virtual Networks and subnets to now traverse a secure traffic medium in the form of the Azure network backbone. By removing public Internet access to resources, and allowing only virtual network traffic, previous security and overhead concerns are now addressed. Further to this, using the Azure backbone also allows for more optimal routing of service traffic.

Although only a slight limitation, we did find that service endpoints cannot be used for traffic from on-premises to Azure services. This would have been particularly useful for customers who prefer to connect to the Azure SQL databases from their on-premises networks.

How much will this new feature cost me?

Nothing! There is no additional charge for using service endpoints.

How easy is this to implement? What happens to my existing firewall rules?

You can be up and running in a matter of minutes. Implementation is particularly straightforward with Microsoft providing detailed step-by-step instructions here and here.

Turning on the service endpoints will not override any existing firewall rules, and can be used concurrently. This is especially helpful in minimising disruption for customers moving away from manual firewall rules to service endpoints.

If you would like help implementing VNet Service Endpoints, please contact us here.

Blog

Starter for 10: Meet Jonna Iljin, Nordcloud’s Head of Design

When people start working with Nordcloud, they generally comment on 2 things. First, how friendly and knowledgeable everyone is. Second,...

Blog

Building better SaaS products with UX Writing (Part 3)

UX writers are not omniscient, and it’s best for them to resist the temptation to work in isolation, just as...

Blog

Building better SaaS products with UX Writing (Part 2)

The main purpose of UX writing is to ensure that the people who use any software have a positive experience.

Get in Touch

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.








    Azure Global Vnet Peering – A Step Closer To MPLS Replacement

    CATEGORIES

    Blog

    This year, Azure announced a global VNET peering preview during Ignite 2017. Global VNET peering enables customers to connect Azure networks in different regions by easily leveraging Azures global networking backbone.

    Many customers with a large number of globally distributed regional offices historically have not been too happy with the cost and performance of their global networking. For example, there are not enough internet breakouts to satisfy local performance needs, MPLS bandwidth for the remote office is less than provided by their local internet cafe, and overall IT in remote offices cost more than it should.

    Currently, the peering does not support transitive routing or gateway transit. Therefore a remote office connected to a VPN in a remote Azure region cannot leverage Azure Express Route connection in another region over global peering.

    When transitive routing becomes available, customers are able to reduce the MPLS costs and provide fast internet access in local offices. Office servers can be migrated to Azure leaving managed VPN/Firewall as the only infrastructure to be maintained, therefore greatly simplifying IT. MPLS replacement with Azure also requires many other management solutions to be compatible (such as compute endpoint management) but promises to be a way of reducing cost, simplifying operations and improving global network services. Nordcloud has years of experience in Azure core infrastructure solutions development, so please get in touch if you want to find out more.

    Blog

    Starter for 10: Meet Jonna Iljin, Nordcloud’s Head of Design

    When people start working with Nordcloud, they generally comment on 2 things. First, how friendly and knowledgeable everyone is. Second,...

    Blog

    Building better SaaS products with UX Writing (Part 3)

    UX writers are not omniscient, and it’s best for them to resist the temptation to work in isolation, just as...

    Blog

    Building better SaaS products with UX Writing (Part 2)

    The main purpose of UX writing is to ensure that the people who use any software have a positive experience.

    Get in Touch

    Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.