The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Virtual Machines!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
Port for Azure RRS feed

  • Question

  • We planned for log shipping to azure from on-premise to Azure, but due to difficulty in implementing the VPN connection we are thinking for another alternative 'Microsoft sql server backup to windows azure tool '
    I have installed the tool in my local pc and checked 'verify account' in step 2 it worked fine, but when i installed in my test server and check 'verify account' it stops functioning and the verify account button is disabled, I ignored and continued to take backup but it threw the below error

    System.Data.SqlClient.SqlError: Cannot open backup device 'E:\DBtoAzure_Test\test_full.bak'. Operating system error 31(A device attached to the system is not functioning.). (Microsoft.SqlServer.Smo)

    I checked for the permission in that folder DBtoAzure_Test, 'BackuptoAzure' has read/write in that folder, so this is not permission level issue.
    I suspect that port number need to be opened to connect to Azure, as from my test server I could not connect to google or Azure.management, Can someone let me know what port number need to opened in our network to connect to Azure storage?

    Best Regards Moug

    Saturday, September 20, 2014 1:30 AM

Answers

  • Hi,

    From any computer with internet access, run this command from a Command line

    nslookup <YourStorageAccount>.blob.core.windows.net

    Then you should get a output looking like this

    C:\Users\AndersEide>nslookup aeteststorage.blob.core.windows.net
    Server:  *******
    Address:  *******
    
    Non-authoritative answer:
    Name:    blob.db4prdstr09a.store.core.windows.net
    Address:  191.235.193.40
    Aliases:  aeteststorage.blob.core.windows.net

    Then you should get an IP address that bound to your storage account.

    You can also download an XML file with all IP address ranges that is used by Microsoft Azure Datacenters, if you want to allow them all. http://msdn.microsoft.com/en-us/library/azure/dn175718.aspx


    /Anders Eide


    Tuesday, September 23, 2014 4:23 AM

All replies

  • Hi,

    I can not find any documentation confirming this, but you are using HTTPS when you target the Azure Storage, so my best guess would be port 443.

    To be 100% sure, you could use something like Notwork Monitor on your test computer to see where the network traffic goes.

    I hope this answer your question :)


    /Anders Eide

    Saturday, September 20, 2014 8:22 AM
  • Hi Andres, Thank you for your response.. Yes I did request to open 443, 1433 and 80.. My fear is this plan will be implemented in production servers..  So wondering opening port 80 and 443 is really advisable..

    Anyways will monitor this further..


    Best Regards Moug

    Monday, September 22, 2014 2:01 AM
  • Hi,

    As this is outgoing traffic, I don't see the problem. It's not like that anyone will sit on these servers and browse the Internet anyway. If you want to tighten your security further, you could in the firewall say that your SQL server only is allowed to talk with the Azure Service. That way you should be really secure.


    /Anders Eide

    Monday, September 22, 2014 4:30 AM
  • Great, This is what exactly I want.. I want my SQL to Azure Service service only.. May I please know how to implement it..

    As I tried to get the IP of azure by ping request but it throwed timeout message.. 

    Thanks


    Best Regards Moug

    Tuesday, September 23, 2014 3:55 AM
  • Hi,

    From any computer with internet access, run this command from a Command line

    nslookup <YourStorageAccount>.blob.core.windows.net

    Then you should get a output looking like this

    C:\Users\AndersEide>nslookup aeteststorage.blob.core.windows.net
    Server:  *******
    Address:  *******
    
    Non-authoritative answer:
    Name:    blob.db4prdstr09a.store.core.windows.net
    Address:  191.235.193.40
    Aliases:  aeteststorage.blob.core.windows.net

    Then you should get an IP address that bound to your storage account.

    You can also download an XML file with all IP address ranges that is used by Microsoft Azure Datacenters, if you want to allow them all. http://msdn.microsoft.com/en-us/library/azure/dn175718.aspx


    /Anders Eide


    Tuesday, September 23, 2014 4:23 AM