locked
Encryption Concerns for On-Premise to Azure SQL Database Replication RRS feed

  • Question

  • Is the connection between an on-premise distribution SQL Server to an Azure SQL Database subscriber secure?  Is this by default?  Or are additional options needed to guarantee it?

    Thursday, October 5, 2017 11:59 AM

All replies

  • Based on the article linked below it appears that you can (and should) use HTTPS and VPN, but I am unable to determine if it is turned on by default.

    In any case you should look at use some sort of VPN, either site-to-site, point-to-site, or Express route as an additional level of protection.  Express Route is the most secure as you have a direct line to Azure from your site but it is, by far, the most expensive.

    https://docs.microsoft.com/en-us/azure/security/azure-security-data-encryption-best-practices#protect-data-in-transit


    Gary A. Bushey

    Thursday, October 5, 2017 12:45 PM
  • Based on the article linked below it appears that you can (and should) use HTTPS and VPN, but I am unable to determine if it is turned on by default.

    In any case you should look at use some sort of VPN, either site-to-site, point-to-site, or Express route as an additional level of protection.  Express Route is the most secure as you have a direct line to Azure from your site but it is, by far, the most expensive.

    https://docs.microsoft.com/en-us/azure/security/azure-security-data-encryption-best-practices#protect-data-in-transit


    Gary A. Bushey

    You can't create a VPN directly to an Azure SQL Database.  I'm not talking about a virtual machine running SQL Server (IaaS).

    When you talk to an Azure SQL Database, you're referencing a server name like tcp:fakeazuresql1.database.windows.net.  In SSMS, you can go to the Connection Properties table and select Encrypt connection and it works.  In replication, there isn't a corresponding checkbox that I am aware of.

    Thursday, October 5, 2017 12:53 PM
  • Hello,

    All connections to SQL Azure Database servers are always encrypted using TLS, even the SQL Server Management Studio connections are encrypted. You don’t have to do anything to encrypt connections to SQL Azure.

    https://docs.microsoft.com/en-us/azure/sql-database/sql-database-security-overview

    Hope this helps.



    Regards,

    Alberto Morillo
    SQLCoffee.com



    Thursday, October 5, 2017 3:21 PM
  • Hello,

    All connections to SQL Azure Database servers are always encrypted using TLS, even the SQL Server Management Studio connections are encrypted. You don’t have to do anything to encrypt connections to SQL Azure.

    https://docs.microsoft.com/en-us/azure/sql-database/sql-database-security-overview

    Hope this helps.



    Regards,

    Alberto Morillo
    SQLCoffee.com



    Interesting.

    In SQL Server Management Studio, I can uncheck the Encrypt connection box and I still get a successful connection test.  If I make a connection and start a new query, it says Connection encrypted = Not encrypted in the properties of the query.

    For replication (of which I'm most interested in an answer for), there aren't any places in the UI to tweak these things.

    Thursday, October 5, 2017 4:43 PM