none
Secure connection to Azure storage

    Question

  • Greetings, 

    I have a client who runs SQL Server in a physical environment entirely, located at a 3rd party host. They have asked me to research possibilities for storing SQL Server database and transaction log backups in the cloud. 

    One specific question they have is if there is a secure way (i.e. VPN) to access Azure Storage directly. They want to keep things as simple as possible. 

    Thanks in advance --

    Ned Otter

    SQL Solutions


    Tuesday, August 4, 2015 8:07 PM

Answers

  • Hi,

    By default, only the owner of the storage account may access storage resources within that account. If your service or application needs to make these resources available to other clients without sharing your access key, you have the following options for permitting access:

    • You can set a container's permissions to permit anonymous read access to the container and its blobs. This is not allowed for tables or queues.

    • You can expose a resource via a shared access signature, which enables you to delegate restricted access to a container, blob, table or queue resource by specifying the interval for which the resources are available and the permissions that a client will have to it.

    • You can use a stored access policy to manage shared access signatures for a container or its blobs, for a queue, or for a table. The stored access policy gives you an additional measure of control over your shared access signatures and also provides a straightforward means to revoke them.

    • Refer : https://azure.microsoft.com/en-us/documentation/articles/storage-manage-access-to-resources/

    • http://azure.microsoft.com/en-in/services/storage/

    • Marked as answer by Ned Otter Wednesday, August 5, 2015 2:53 PM
    Wednesday, August 5, 2015 6:14 AM

All replies

  • Hi,

    You could consider using one of the following:

    • Create and Use a Shared Access Signature: A shared access signature is a URI that grants restricted access rights to containers, blobs, queues, and tables for a specific time interval. By providing a client with a shared access signature, you can enable them to access resources in your storage account without sharing your account key with them.

    You could refer the following link for details:

    Shared Access Signatures, Part 1: Understanding the SAS Model


    https://azure.microsoft.com/en-us/documentation/articles/storage-manage-access-to-resources/

    Or you could consider using Storage Explorer to make a Blob or Container Public or Private and control access to it.

    Regards.

    Wednesday, August 5, 2015 4:53 AM
    Moderator
  • Hi,

    By default, only the owner of the storage account may access storage resources within that account. If your service or application needs to make these resources available to other clients without sharing your access key, you have the following options for permitting access:

    • You can set a container's permissions to permit anonymous read access to the container and its blobs. This is not allowed for tables or queues.

    • You can expose a resource via a shared access signature, which enables you to delegate restricted access to a container, blob, table or queue resource by specifying the interval for which the resources are available and the permissions that a client will have to it.

    • You can use a stored access policy to manage shared access signatures for a container or its blobs, for a queue, or for a table. The stored access policy gives you an additional measure of control over your shared access signatures and also provides a straightforward means to revoke them.

    • Refer : https://azure.microsoft.com/en-us/documentation/articles/storage-manage-access-to-resources/

    • http://azure.microsoft.com/en-in/services/storage/

    • Marked as answer by Ned Otter Wednesday, August 5, 2015 2:53 PM
    Wednesday, August 5, 2015 6:14 AM
  • Thanks so very much to all who responded. 

    Seems I have a bit of studying to do--

    Best wishes,

    Ned Otter

    SQL Solutions

    • Edited by Ned Otter Wednesday, August 5, 2015 2:52 PM
    Wednesday, August 5, 2015 2:51 PM