General availability of VNet service endpoints for Azure SQL database

CATEGORIES

Tech

This month, Microsoft announced the general availability of Virtual Network Service Endpoints for Azure SQL Database in all Azure regions.

What does this mean for our customers?

Previously, Azure customers were limited to accessing their PaaS SQL database instances via the public internet. Not only did this generate significant security concerns, but also meant that management overhead was tiresome, with each client needing to be added manually to the SQL server firewall for access.

These concerns have now been addressed with the general availability of VNet Service Endpoints for Azure SQL Database. Implementation of service endpoints allows for traffic from selected Virtual Networks and subnets to now traverse a secure traffic medium in the form of the Azure network backbone. By removing public Internet access to resources, and allowing only virtual network traffic, previous security and overhead concerns are now addressed. Further to this, using the Azure backbone also allows for more optimal routing of service traffic.

Although only a slight limitation, we did find that service endpoints cannot be used for traffic from on-premises to Azure services. This would have been particularly useful for customers who prefer to connect to the Azure SQL databases from their on-premises networks.

How much will this new feature cost me?

Nothing! There is no additional charge for using service endpoints.

How easy is this to implement? What happens to my existing firewall rules?

You can be up and running in a matter of minutes. Implementation is particularly straightforward with Microsoft providing detailed step-by-step instructions here and here.

Turning on the service endpoints will not override any existing firewall rules, and can be used concurrently. This is especially helpful in minimising disruption for customers moving away from manual firewall rules to service endpoints.

If you would like help implementing VNet Service Endpoints, please contact us here.

Blog

Minimizing AWS Lambda deployment package size in TypeScript

Our Senior Developer Vitalii explains how to significantly reduce the deployment package size of AWS Lambda functions written in TypeScript...

Blog

Problems with DynamoDB Single Table Design

Single Table Design is a database design pattern for DynamoDB based applications. In this article we take a look at...

Blog

Modular GraphQL server

Read about Kari's experiences with GraphQL modules!

Get in Touch

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.








Azure Global Vnet Peering – A Step Closer To MPLS Replacement

CATEGORIES

Tech

This year, Azure announced a global VNET peering preview during Ignite 2017. Global VNET peering enables customers to connect Azure networks in different regions by easily leveraging Azures global networking backbone.

Many customers with a large number of globally distributed regional offices historically have not been too happy with the cost and performance of their global networking. For example, there are not enough internet breakouts to satisfy local performance needs, MPLS bandwidth for the remote office is less than provided by their local internet cafe, and overall IT in remote offices cost more than it should.

Currently, the peering does not support transitive routing or gateway transit. Therefore a remote office connected to a VPN in a remote Azure region cannot leverage Azure Express Route connection in another region over global peering.

When transitive routing becomes available, customers are able to reduce the MPLS costs and provide fast internet access in local offices. Office servers can be migrated to Azure leaving managed VPN/Firewall as the only infrastructure to be maintained, therefore greatly simplifying IT. MPLS replacement with Azure also requires many other management solutions to be compatible (such as compute endpoint management) but promises to be a way of reducing cost, simplifying operations and improving global network services. Nordcloud has years of experience in Azure core infrastructure solutions development, so please get in touch if you want to find out more.

Blog

Minimizing AWS Lambda deployment package size in TypeScript

Our Senior Developer Vitalii explains how to significantly reduce the deployment package size of AWS Lambda functions written in TypeScript...

Blog

Problems with DynamoDB Single Table Design

Single Table Design is a database design pattern for DynamoDB based applications. In this article we take a look at...

Blog

Modular GraphQL server

Read about Kari's experiences with GraphQL modules!

Get in Touch

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.