Security in Cloud is something very much important that each and every application to think out before moving to the cloud. Windows Azure Team is focusing on these aspects and trying to narrow down the components that can be accessed and restricted based on the needs and the customers which provides a high level of security to the system. Initially with SQL Azure we can restrict the database with the server level that a specific list of IP’s can access the server. But this has a limitation of using different servers with different databases incase the IP’s should not have access to the individual databases.
To overcome this security issue, Azure team has recently announced the SQL Database Level Access instead of Server Level Access using the Windows Azure Firewall rules. With this new feature we can access the Database separately if needed to be Isolated or else we can use it with in the Server level with the level of security provided to that server alone. [more]
So we can do the level of restriction as
Database Level Rules : This enabled clients to access individual databases within the SQL Server assigned. These rules are created based on the individual database and are stored in the MASTER database of the individual database. The IP address range in this rule is specified beyond the server level rule configured then those clients alone will have access to this database. So this helps to restrict the clients that have access to the same logical server but restricted with the database with in the server.
Server Level Rules : This enables client access to the entire databases available in a particular logical server. These rules are again saved in the Master database of the server where we can specify the required configurations, or else we can use the Windows Azure Management Portal to configure the Rules.
Image Source – MSDN
So how the connection to the Database or to the Server Works?
It works on the below algorithm
- If the IP address is with in the range of Approved IP addresses specified the connection is granted to SQL Database Server.
- If the IP address is now with in the range, then Database level firewall rules are checked for if the IP address is available with in the rule specified. If the IP address is available then the particular Database alone will be accessible to the IP address alone.
- If the IP address is not with in the range of the server as well as with the database rule then none of the resources are accessible to the IP address and the connection fails.
So how to Connect, Manage and create a Firewall rule?
We can use the Windows Azure Management Portal to quickly create and manage the Firewall rules. Have a look at the article on how to do that step by step ( SQL Azure – Adding and Removing Firewall Rules in Azure Portal )